Editing User Info While Going through multiple functions

[CoolAsCarlito]

Here's where it shows all the handlers names with the edit links. How do I connect the two functions so that i'll get the users info when it goes to the edithandler function.

PHP Code:

function handlers() {
   print '<h1 class=backstage>Handler Management</h1><br />';
   print "<h2 class=backstage>Handlers :: <a href=\"#\" onclick=\"ajaxpage('addhandler', 'content'); return false;\">Add New</a></h2><br />";
   print '<table width="100%" class="table1">';
   print '<tr class="rowheading">';
   print '<td width=30>&nbsp;</td>';
   print '<td>Username</td>';
   print '<td>Surname</td>';
   print '<td>First Name</td>';
   print '<td>E-Mail</td>';
   print '</tr>';
   $query = "SELECT * FROM users";
   $result = mysql_query ( $query ); // Run The Query
   if ($result) {
      // Fetch and print all records.
      $i = 0;
      while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
         $sClass = 'row2';
         if ($i ++ & 1) {
            $sClass = 'row1';
         }
         printf ( "<tr class=\"%s\">", $sClass );
         print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
         printf ( "<td valign=\"top\">%s</td>", $row [username] );
         printf ( "<td valign=\"top\">%s</td>", $row [surname] );
         printf ( "<td valign=\"top\">%s</td>", $row [firstname] );
         printf ( "<td valign=\"top\">%s</td>", $row [email] );
         print '</tr>';
      }
   }
   print '</table><br />';
   print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
} 


Here's the edit handler function.

PHP Code:

function edithandler() {
   print '<h1 class=backstage>Handler Management</h1><br />';
   print '<h2 class=backstage>Edit Handler Details</h2><br />';
   print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
   print '<table width="100%" class="table2">';
   print '<tr>';
   print '<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value="'.$row['username'].'"></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 onfocus="this.select()" value=""></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>Surname:</td><td class=row3>';
   print '<input type=text name=surname class=fieldtext490 value="'.$row['surname'].'"></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>Firstname:</td>';
   print '<td class=row3><input type=text name=firstname class=fieldtext490 value="'.$row['firstname'].'"></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>Email:</td>';
   print '<td class=row3><input type=text name=email class=fieldtext490 value="'.$row['email'].'"></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>AIM:</td>';
   print '<td class=row3><input type=text name=aim class=fieldtext490 value="'.$row['aim'].'"></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>MSN:</td>';
   print '<td class=row3><input type=text name=msn class=fieldtext490 value="'.$row['msn'].'"></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>Forum ID:</td>';
   print '<td class=row3><input type=text name=forumid class=fieldtext490 value="'.$row['forumid'].'"></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>Account:</td>';
   print '<td class=row3><select name=enabled class=selection>';
   print '<option value=1>Enabled</option><option value=0>Disabled</option>';
   print '</select></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>Administrator:</td>';
   print '<td class=row3><select name=isadministrator class=selection>';
   print '<option value=1>Yes</option><option value=0>No</option>';
   print '</select></td>';
   print '</tr>';
   print '<tr>';
   print '<td class=rowheading>Default Character:</td>';
   print '<td class=row3></td>';
   print '</tr>';
   print '</table><br />';
   print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
   print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
   print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
   print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
   print '<option value=0>- Select -</select>&nbsp;&nbsp;<input type=submit value="Add" class=button></form></h2><br />';
   print '<br /><br />';
   print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
} 


[CoolAsCarlito]

What I am wanting to do is when a username is taken from the handler function and taken to the edithandler function and then that username is taken to the DB as well and grabs all of that username's database info from all the fields and filled in on the form that resides in the edithandler function. Included down blow is my functions and this is also what I was told to do. Is this correct?

1) I dont think you can access browser sessions from a php script called with ajax.
2) You should send the username as another GET variable within the javascript like this:

url = 'backstagefunctions.php?f=' + url + '&u=' + <?= $_SESSION['username']; ?>

This is assuming the javascript is within a php file that has sessions enabled before it reaches the <head> tags of the html.

3) In the "edithandler" function change ( within the mysql query ) $_SESSION['username'] to $_GET['username']

Remember a function called with AJAX returns a string only sent using echo or print. You then must break that string down withhin the javascript. So for example, if your php gets the users details you may have it generate and return a string like this $output = 'usernamehere&agehere&firstnamehere'; echo $output;

Then in the javascript you can get each variable like this:

var response = ajaxobect.responseText;

response = response.split ( '&' );

var username = response[0];
var age = response[1];
var firstname = response[2];

Then fill your form fields in a way like this;

document.formname.fieldname.value = variable;

Is all of that right? Just trying to get a second opinion.

Along included is also my ajax.js file

Code:

var loadedobjects=""
var rootdomain="http://"+window.location.hostname

function ajaxpage(url, containerid)
{
   url = 'backstagefunctions.php?f=' + url;

   var page_request = false
   if (window.XMLHttpRequest) // if Mozilla, Safari etc
   page_request = new XMLHttpRequest()
   else if (window.ActiveXObject)
   {
      // if IE
      try
      {
         page_request = new ActiveXObject("Msxml2.XMLHTTP")
      }
      catch (e)
      {
         try
         {
            page_request = new ActiveXObject("Microsoft.XMLHTTP")
         }
         catch (e)
         {
         }
      }
   }
   else
   {
      return false
   }

   page_request.onreadystatechange=function()
   {
      loadpage(page_request, containerid)
   }

   page_request.open('GET', url, true)
   page_request.send(null)
}

function loadpage(page_request, containerid)
{
   if (page_request.readyState == 4 && (page_request.status==200 || window.location.href.indexOf("http")==-1))
   document.getElementById(containerid).innerHTML=page_request.responseText
}

function loadobjs()
{
   if (!document.getElementById)
   return
   for (i=0; i<arguments.length; i++)
   {
      var file=arguments[i]
      var fileref=""
      if (loadedobjects.indexOf(file)==-1)
      {
         //Check to see if this object has not already been added to page before proceeding
         if (file.indexOf(".js")!=-1)
         {
            //If object is a js file
            fileref=document.createElement('script')
            fileref.setAttribute("type","text/javascript");
            fileref.setAttribute("src", file);
         }
         else if (file.indexOf(".css")!=-1)
         {
            //If object is a css file
            fileref=document.createElement("link")
            fileref.setAttribute("rel", "stylesheet");
            fileref.setAttribute("type", "text/css");
            fileref.setAttribute("href", file);
         }
      }
      if (fileref!="")
      {
         document.getElementsByTagName("head").item(0).appendChild(fileref)
         loadedobjects+=file+" " //Remember this object as being already added to page
      }
   }
}
function WrestlerList()
{
var addWrestler = document.getElementById("character_selection").value
if (addWrestler) {
// Here we append a new wrestler to your hidden field using a comma
document.getElementById("chars").value += addWrestler+",";
// Continue your original functionality
document.getElementById("characterlist").innerHTML += "<li>" +
addWrestler + "</li>";
return WrestlerList;
}
}

[ohgod]

Quote:

1) I dont think you can access browser sessions from a php script called with ajax.

i'm pretty sure you can... just don't forget to drop "session_start();" at the beginning of the page so it uses the session.

[CoolAsCarlito]

okay well I was told to do this as a better idea but still having trouble figuring out how to pass the variable of username from function handlers to function edithandler.

Updated code (All code from backstagefunctions.php file):

PHP Code:

include ('database.php');
 
/* Gets the value of 'f' from the URL and secures the variable against XSS */
$f = htmlentities ( $_GET ['f'], ENT_QUOTES );
 
if (function_exists ( $f )) {
    $f ();
} else {
    die ( 'Error 404!' );
}
 
function getFormData($username, $table, $field){
      $query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
      while($row = mysql_fetch_assoc($query)){
           return $row[$field];
      }
} 


handlers function

PHP Code:

function handlers() {
    print '<h1 class=backstage>Handler Management</h1><br />';
    print "<h2 class=\"backstage\">Handlers :: <a href=\"#\" onclick=\"ajaxpage('addhandler', 'content'); return false;\">Add New</a></h2><br />";
    print '<table width="100%" class="table1">';
    print '<tr class="rowheading">';
    print '<td width="30">&nbsp;</td>';
    print '<td align="center">Username</td>';
    print '<td align="center">Surname</td>';
    print '<td align="center">First Name</td>';
    print '<td align="center">E-Mail</td>';
    print '</tr>';
    $query = "SELECT * FROM users ORDER BY `username`";
    $result = mysql_query ( $query ); // Run The Query
    if ($result) {
        // Fetch and print all records.
        $i = 0;
        while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
            $sClass = 'row2';
            if ($i ++ & 1) {
                $sClass = 'row1';
            }
            printf ( "<tr class=\"%s\">", $sClass );
            print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
           
            printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [username] );
            printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [surname] );
            printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [firstname] );
            printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [email] );
            print '</tr>';
        }
    }
    print '</table><br />';
    print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
} 


edithandlers function

PHP Code:

function edithandler() {
    $query = "SELECT * FROM `users` WHERE `username` = '" . $_GET['username'] . "'";
    $result = mysql_query ( $query ); // Run The Query
    $row = mysql_fetch_array ( $result, MYSQL_ASSOC );
    print '<h1 class=backstage>Handler Management</h1><br />';
    print '<h2 class=backstage>Edit Handler Details</h2><br />';
    print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
    print '<table width="100%" class="table2">';
    print '<tr>';
    print "<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print "<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 value=\"". getFormData($username, "users","password") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Surname:</td><td class=row3>';
    print "<input type=text name=surname class=fieldtext490 value=\"". getFormData($username, "users","surname") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Firstname:</td>';
    print "<td class=row3><input type=text name=firstname class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Email:</td>';
    print "<td class=row3><input type=text name=email class=fieldtext490 value=\"". getFormData($username, "users","email") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>AIM:</td>';
    print "<td class=row3><input type=text name=aim class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>MSN:</td>';
    print "<td class=row3><input type=text name=msn class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Forum ID:</td>';
    print "<td class=row3><input type=text name=forumid class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Account:</td>';
    print '<td class=row3><select name=enabled class=selection>';
    print '<option value=1>Enabled</option><option value=0>Disabled</option>';
    print '</select></td>';
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Administrator:</td>';
    print '<td class=row3><select name=isadministrator class=selection>';
    print '<option value=1>Yes</option><option value=0>No</option>';
    print '</select></td>';
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Default Character:</td>';
    print "<td class=row3>\"". getFormData($username, "users","username") ."\"</td>";
    print '</tr>';
    print '</table><br />';
    print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
    print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
    print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
    print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
    print '<option value=0>- Select -</select>&nbsp;&nbsp;<input type=submit value="Add" class=button></form></h2><br />';
    print '<br /><br />';
    print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}