Resolved info requred on Jquery & php

nani_nisha06 · 11-07-2012, 08:22 PM

Hi Crew,

As Always i am back with some other requirement understanding.

point 1: I have below php script to delete the user

Code:

<?php
session_start();
include_once "C:/xampp/htdocs/mym/include/database.php";
$myusername = $_SESSION['myusername']; //user who updating
$user= $_REQUEST['ticket'];
echo '$user';
$sql = ("DELETE FROM $tbl_name1 WHERE ticket='$user'")or die(mysql_error());
if(mysql_query($sql))
{
echo 'Successfully deleted user !!!'
header("location: test.php") or die("record not inserted");
} 
mysql_close();
?>

point 2:

I have below jquery script for stylish alert which will invisible after 3 seconds.

Code:

$(document).ready(function() { 
    $('#demo13').click(function() { 
        $.blockUI({ 
            theme:     true, 
            title:    'This is your title', 
            message:  '<p>This is your message.</p>', 
            timeout:   2000 
        }); 
    });    
});

Now I want to use the Jquery script in the PHP exactly in the place of "echo 'Successfully deleted user !!!'" in the above script.

can any one please help me understand if this can be possible or any other way coz...when i see Jquery it has more fancy thing and I want some of them to be included on my site .......but, I am newbie to Jquery and beginner with PHP so,I am finding hard time to work on them, please he me in this regards .

I will be waiting for your answers. Also I will be searching for some solution around in the Google....

Regards,
nani

poyzn · 11-07-2012, 08:26 PM

Quote:

Originally Posted by nani_nisha06

Code:

...
$user= $_REQUEST['ticket'];
$sql = ("DELETE FROM $tbl_name1 WHERE ticket='$user'")...

really?

DanInMa · 11-07-2012, 08:38 PM

Quote:

Originally Posted by poyzn

really?

instead of posing just a one word question, perhaps you should point out his mistake or issue? It would probably help him learn...

anyhow.

ok I think I understand.

add this to the javascript on the page either inline or externally

Code:

function UserDeleted(){
$.blockUI({ theme: true, title: 'User Deleted', message: '<p>User was successfully deleted!</p>', timeout: 2000 }); 
}

then in your php code you have to call the javascript function ( I don't use php so guys correct me if this is wrong please)

Code:

<?php
session_start();
include_once "C:/xampp/htdocs/mym/include/database.php";
$myusername = $_SESSION['myusername']; //user who updating
$user= $_REQUEST['ticket'];
echo '$user';
$sql = ("DELETE FROM $tbl_name1 WHERE ticket='$user'")or die(mysql_error());
if(mysql_query($sql))
{
echo '<script>UserDeleted()</script>';
header("location: test.php") or die("record not inserted");
} 
mysql_close();
?>

poyzn · 11-07-2012, 08:44 PM

You should filter any input or escape it in the query, do something like this:

PHP Code:


			
session_start();
include_once "C:/xampp/htdocs/mym/include/database.php";
$myusername = $_SESSION['myusername']; //user who updating
$user= filter_input(INPUT_POST, 'ticket', FILTER_VALIDATE_INT);
$result = array('redirect' => false, 'message' => 'record not inserted');
if($user) {
  $sql = "DELETE FROM $tbl_name1 WHERE ticket='$user'";
  if(mysql_query($sql)) {
    $result = array('redirect' => true, 'message' => 'Successfully deleted user !!!');
  }
}
echo json_encode($result);

in html:

Code:

<a href="#" id="demo13" data-ticket="13">Delete user</a>

in js file:

Code:

jQuery(document).ready(function($) {
$('#demo13').click(function() {
  var ticket = $(this).data('ticket'); // get ticket
  $.ajax({
    url: 'path_to_php_file_with_delete_function.php',
    data: { ticket: ticket },
    dataType: 'json',
    type: 'post',
    success: function(data) {
      $.blockUI({ 
         theme: true, 
         title: 'This is your title', 
         message: '<p>' + data.message + '</p>',
         timeout: 2000 
       });
       if(data.redirect) {
         setTimeout( function() { window.location('test.php') }, 2000 );
       }
    });
  return false;
});
});

poyzn · 11-07-2012, 08:47 PM

Quote:

Originally Posted by DanInMa

Code:

...if(mysql_query($sql))
{
echo '<script>UserDeleted()</script>';
header("location: test.php") or die("record not inserted");
}...

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP.

nani_nisha06 · 11-08-2012, 09:25 AM

Quote:

Originally Posted by poyzn

really?

Poyzn,

I want to understand what was wrong here ?

Regards,
Nani

poyzn · 11-08-2012, 09:40 AM

Quote:

Originally Posted by nani_nisha06

Poyzn,

I want to understand what was wrong here ?

Regards,
Nani

You can get info here: SQL injection

Imagine that $_REQUEST['ticket'] == "' OR '1' = '1"

then you ll get $sql = "DELETE FROM $tbl_name1 WHERE ticket='' OR '1'='1'"

Redcoder · 11-09-2012, 02:45 AM

A good practise is to use output buffering to prevent any headers problems. It helps as you can modify headers even after sending content.

At the very top of your PHP scripts add:

PHP Code:


			
<?php

ob_start();

?>

At the very bottom add:

PHP Code:


			
<?php

ob_end_flush();

?>

You can then echo out stuff wherever you want whenever you want as it's all stored in a variable and sent to the browser after the whole script is parsed. In contrast, without them, echoing causes a reply header to be sent which will cause any session_start() or header() to not work at all.

After header(), add exit() or die() to stop execution of the rest of the script.

PHP Code:


			
if(mysql_query($sql))
{
echo 'Successfully deleted user !!!'
header("location: test.php") or die("record not inserted");
exit();
}

poyzn · 11-09-2012, 05:26 AM

Quote:

Originally Posted by Redcoder

PHP Code:


			
...

echo 'Successfully deleted user !!!'

header("location: test.php") or die("record not inserted");

..,

It won't work
You will not see the message because of the immediate redirect.
If you want to redirect with php, I suggest you to put the message into session and then show it after redirect.

Redcoder · 11-09-2012, 03:37 PM

Quote:

Originally Posted by poyzn

It won't work
You will not see the message because of the immediate redirect.
If you want to redirect with php, I suggest you to put the message into session and then show it after redirect.

The ouptut buffering was only a solution to the annoying "HEADERS HAVE ALREADY BEEN SENT" error. And yeah, to see the message you should store it in a session variable. Remove the message to be echoed. Or you can echo the message in the exit() then redirect after some time. Like this:

PHP Code:


			


<?php

if(mysql_query($sql))

{

header('Refresh: 10; url= test.php');

exit('Succesfully deleted user');

}

nani_nisha06 · 11-09-2012, 07:47 PM

Thanks verymuch Redcoder, poyzn & DanInMa, I have sucessfully cleared this issue using Jquery...

I really happy with your support.....