sql - PHP Form must be submitted twice to update checkbox -

-

i'm still relatively new php. i'm trying build privacy settings page members opt out of automatic emails triggered events (i.e. private message notification). want checkbox set automatically based on database setting. of now, form update database correctly, checkbox status not show correct setting unless submit button pressed twice, or page reloaded. setting '0' unchecked, '1' checked. i'd love use ajax or jquery handle this, don't know @ all.

privacysettings.php

<?php   $id = "";   $pm_mail_able = "";   $pm_email = "";    if (isset($_get['id'])) {     $id = preg_replace('#[^0-9]#i', '', $_get['id']); // filter numbers   } else if (isset($_session['idx'])) {     $id = $logoptions_id;   } else {     header("location: index.php");     exit();   }    //query checkbox status   $sql = mysql_query("select * members id='$id'");    while($row = mysql_fetch_array($sql)){     $pm_mail_able = $row['pm_mail_able'];   }    switch ($pm_mail_able) {     case 0:       $pm_setting = null;       break;     case 1:       $pm_setting = "checked=\"checked\"";       break;   }    if(isset($_get['pm_email']) && !empty($_get['pm_email'])) {     $updateqry = mysql_query("update members set pm_mail_able='1' id='$id'");   } else {     $updateqry = mysql_query("update members set pm_mail_able='0' id='$id'");   }  ?>  <html>     email notifications<br />      <form name="testform" method="get" action="pvresult.php">         when friend sends me private message         <input type="checkbox" name="pm_email" value="on"<?php echo $pm_setting;?> />         <br /><br />         <input type="submit" value="submit" />     </form> </html>

pvresult.php

<?php    $url = 'http://www.mywebsite.com';    //if form isn't submitted, redirect form   if(!isset($_get['submit']))     header('location: '.$url.'/privacysettings.php');    //redirect correct location based on form input   $pm_email = $_get['pm_email'];   $url .= '/privacysettings.php?pm_email='.$pm_email;    header('location: '.$url); ?>

okay, won't answer question, give few best practices might want consider.

you can combine these 2 scripts 1 relatively easily. also, i'd highly suggest using post instead of get; limited , not intended submit data you're using it. if you're going changing data in back-end store, using bite you. maybe not today, maybe not tomorrow, will, trust me.

you really should consider moving pdo instead of mysql_ functions. pdo lot better in handling parameterized queries, should have here better security, , it's more portable if someday want move different database system.

i'm still little hazy on how app getting $id. apps $_session variable, making sure user has validated login. if you're not doing that, please do. might want thoroughly digest article, it's got lot of juicy best practices regarding authentication , "remember me"-type functionality.

here's bit of rewrite. haven't tested it, should give pretty idea on go immediate needs. if throws errors (remember disclaimer: haven't tested it!), let me know , i'll try debug it.

<?php $message = ''; $pm_setting = ''; $id = 0;  // put $id retrieval logic here.  should like: if (isset($_session['id'])) {     $id = $_session['id'];     if (!preg_match('/^\\d{1,10}$/', $id) > 0) {         // trying hack site.         header("location: scum.php");         exit();     }     $id = intval($id); } // quick security note: might want read on topic called // session hijacking if want ensure site secure , // $id isn't spoofed.  if (isset($_post['submit'])) {     // form being submitted.  don't need read current     // pm_mail_able setting database because we're going     // overwrite anyway.     if ($id > 0) {         $pm_mail_able = 0;         if (isset($_post['pm_email']) && $_post['pm_email'] === 'on') {             $pm_mail_able = 1;             $pm_setting = 'checked ';         }         $query = 'update members set pm_mail_able='.$pm_mail_able.             ' id = '.$id;         mysql_query($query);         // quick security note: need consider         // updating pdo can bind these parameters         // instead. mysql_ functions going         // deprecated anyway.          if (mysql_affected_rows($query) > 0)             $message = '<p style="color: #00a000;">settings saved!</p>';         else             $message = '<p style="color: #a00000;">user id not valid.</p>';     }     else         $message = '<p style="color: #a00000;">user id not valid.</p>'; }  else {     // first load of form, need display     // existing setting.     if ($id > 0) {         $query = mysql_query('select * members id = '.$id);         if (($row = mysql_fetch_array($query, mysql_assoc)) !== false)             if ($row['pm_mail_able'] === 1) $pm_setting = 'checked ';     } }  ?> <html>     <body>         <?= $message ?>         <!-- without action parameter, form submitted script. -->         <form name="testform" method="post">             e-mail notifications<br />             <input type="checkbox" name="pm_email" value="on" <?= $pm_setting ?>/>             when friend sends me private message             <br /><br />             <input type="submit" value="submit" />         </form>     </body> </html>

Comments

Post a Comment

Popular posts from this blog

c# - SVN Error : "svnadmin: E205000: Too many arguments" -

-
i trying reposotries using c# code process svncommand = null; var psi = new processstartinfo("svnadmin"); psi.redirectstandardoutput = true; psi.redirectstandarderror = true; psi.useshellexecute = false; psi.arguments= @"dump c:\repositories\myrepo > c:\temp\myrepodumpfile.dump"; using (svncommand = process.start(psi)) { var myoutput = svncommand.standardoutput; var myerror = svncommand.standarderror; debug.write("output :" + environment.newline + environment.newline + myoutput.readtoend() + environment.newline + "error :" + environment.newline + environment.newline + myerror.readtoend()); svncommand.close(); } when use dump command commandline svnadmin dump c:\repositories\myrepo > c:\temp\myrepodumpfile.dump it works fine when try ...
Read more

c++ - Using OpenSSL in a multi-threaded application -

-
i have been writing soap client application in c++ on ubuntu using openssl https transport , pthreads threading. have number of threads - 1 central data acquisition thread periodically gets worker threads make soap requests via shared mutex protected queues. reading documentation openssl found is openssl thread-safe? in openssl faq describes mechanisms required ensure thread safety when using openssl. implemented , works fine. the reason question conceptual difficulty really. thinking implementing same functionality application has already, instead of using threads, create 2 seperate applications : 1 worker thread (of multiple copies running) , main data acquisition thread. use tcp sockets communicate between 2 rather mutex protected queues. may bad idea not important - confusing me would have implement same functions required ensure openssl thread safety in second approach or not? my guess not have , treated independent (indeed surely must many applications use openssl) re...
Read more

All overlapping substrings matching a java regex -

-
is there api method returns (possibly overlapping) substrings match regular expression? for example, have text string: string t = 04/31 412-555-1235; , , have pattern: pattern p = new pattern("\\d\\d+"); matches strings of 2 or more characters. the matches are: 04, 31, 412, 555, 1235. how overlapping matches? i want code return: 04, 31, 41, 412, 12, 55, 555, 55, 12, 123, 1235, 23, 235, 35. theoretically should possible -- there obvious o(n^2) algorithm enumerates , checks substrings against pattern. edit rather enumerating substrings, safer use region(int start, int end) method in matcher . checking pattern against separate, extracted substring might change result of match (e.g. if there non-capturing group or word boundary check @ start/end of pattern). edit 2 actually, it's unclear whether region() expect zero-width matches. specification vague, , experiments yield disappointing results. for example: string line = "xx90xx"; strin...
Read more