one-component querying won't work

[molly2ka]

Hi all,

I'm running apache and php on windows xp and I've got a problem with one-component querying. I've looked through forums but can't find any answers!! Ok so this is what happens, I'm displaying a page which takes variables in the url when it was called, and uses them to fetch a record from a database (mysql) and it displays them in a form. When the user makes changes to the record and clicks on save, i'd like to update the database by calling a new script which does the job, but the user should not see this happen and the browser should just stay the same. Problem is when I use $HTTP_REFERER, when the user clicks on the save button, it takes them localhost which displays all my php files in a list.Any ideas???

Relevant part of Calling page:


$query = "SELECT * FROM composition WHERE comp_id =\"".$ID."\"";

if (!$result= mysql_query($query))
showerror();


$row = mysql_fetch_array($result);

$formVars = array();

$formVars["comp_id"] = $row["comp_id"];
$formVars["title"] = $row["title"];
$formVars['composer'] = $row['composer'];
$formVars ['comp_date'] = $row['comp_date'];
$formVars ['genre'] = $row['genre'];
$formVars ['note'] = $row['note'];

?>
<p>You can edit details of this record from here
<br>(<font color="red">*</font> denotes a mandatory field)</p>


<form method = "POST" action = "editReceipt.php?table=composition" onsubmit ="return checkForm()">

<table cellpadding=5 border=5 align = "center">
<th>Field
<th>Value


<input type = "hidden" name = "id" value = "<? echo $formVars["comp_id"]; ?>" size = 30>


<tr>
<td>Title <font color='red'>*</font> </td>
<td><input type = "text" name = "title" value = "<? echo $formVars["title"]; ?>" size = 30></td>
</tr>


<tr>
<td>Composer <font color='red'>*</font> </td>
<td><input type = "text" name = "composer" value = "<? echo $formVars["composer"]; ?>" size = 30></td>
</tr>

<tr>
<td>Composition Year <font color='red'>*</font> </td>
<td><input type = "text" name = "comp_date" value = "<? echo $formVars["comp_date"]; ?>" size = 4 maxlength = 4></td>
</tr>

<tr>
<td>Genre <font color='red'>*</font> </td>
<td><input type = "text" name = "genre" value = "<? echo $formVars["genre"]; ?>" size = 30></td>
</tr>

<tr>
<td>Note</td>
<td>
<textarea rows="3" name= "note" cols="20"><? echo $formVars["note"]; ?></textarea>
</td>
</tr>
<br>
</table>
<p>
<input type = "submit" value = "Save">
<input type = "reset" value = "Reset">
</form>


This is how i use HTTP_REFERER in the editReceipt.php script:

//all the database querying goes here

if(!$result = mysql_query($query))
{
echo "<p>Sorry the record was not updated successfully</p>";
}else
{
header("Location: $HTTP_REFERER");
exit;
}

I know that it updates correctly because in the past i just display a page saying how it was successful. Any ideas???

Manni xxx

 

[molly2ka]

sorry ignore this thread i accidentally sent it twice, didn't think it had gone through first time. Again apologies

 

[KarveR]

header("Location: $HTTP_REFERER"); // will direct you to the address that the page request originated at - in your case its localhost.. if someone remotely accessed the page it would try to return them to their IP.

header("Location: $_SERVER[PHP_SELF]"); // will return them to the current page (eg itself).

To make this work, the update script ust be incorporated into the current page.

If you wish to use a seperate page, say update.php, all form data must be sent (preferably POSTed) to update.php, the first *browser output* of update.php must be :
header("Location: the-page-you-want-them-at.php");
This will put them back at the right page.



______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.

 

[molly2ka]

according to the book i've taken the example from
header("Location: $HTTP_REFERER") should take the page back to the script which calls it. The thing is I can't use
header("Location: the-page-you-want-them-at.php");

since the update.php is called by many different scripts and plus i'd have to send all the variables back to the script. I just want update to be called and the calling page to be refreshed/reloaded after the save button has been pressed. Will keep trying. Thanks for the reply

manni

 

[KarveR]

From

http://www.php.net:

'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

So I guess you need a better work around.

Possibly set a varible to pass to update.php.
in each page or from an include()ed page
$return_path="$_SERVER[PHP_SELF]";

in your from :
<input type=hidden name=return_path value=$return_path>

in update.php

heaer("Location: $return_path");

dunno, up to you but just an idea of a workaround.





______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.

 

[DRJ478]

Have you considered a modular approach?
1. update.php is a module which stands alone and just updates the database. There's no output to the browser.
2. The main script has an IF statement which includes the module when the page is POSTED with the appropriate button.

This way you need not redirect to anywhere. The main script includes and executes modules as needed. The overhead of HTTP requests is avoided and the modules can be part of any number of scripts.

 

[ingresman]

Or you could have a hidden frame ir iframe on the page which when you click the submit button JavaScript will format the request you need and invoke the frame to do the work, when it returns you use the information and put it back into your main page.
Sounds complex. probabbly is !! but it makes the browser work a bit like a fat client app

 

[molly2ka]

hi guys,

thanks for all your help. Ok i got it working, I'm so silly, the book I took the example from was working with globals on. I had the sense to keep them off but didn't realise I need $_SERVER[PHP_'HTTP_REFERER'] instead of $HTTP_REFERER. Duh!!


KarveR, I couldn't get what you suggesting working because I need the variables from the url which pass to the form. Without them, $_SERVER[PHP_SELF] will just give the form but without the required information to make query the database.

DRJ478, thats a very good idea and I should have done it to begin with but I'm just too lazy to change all all my scripts now!!

Thanks again,

Manni xxx