时间戳

首页 > 解决方案 > clear the URL from $_GET then display a warning message after update

php - clear the URL from $_GET then display a warning message after update

问题描述

The point is to change the user status (active/inactive) from a button, clear the URL from all GET and then display a warning message from bootstrap

Here the url: http://localhost:8282/userslist.php?deactive=59

What I mean by clear: http://localhost:8282/userslist.php

Display the warning message:

enter image description here

I'm able to clear the URL with a location.href='userslist.php' but my warning message is not displayed (because the refresh hide the message), or, I'm able to display the warning message but I can't clear the URL. I tried to do it separatly with two echo but without any success.

The button to active/inactive an user are:

http://localhost:8282/userslist.php?deactive=52 http://localhost:8282/userslist.php?active=52

My code is

if (isset($_GET['deactive'])) {
    $deactive = preg_replace('/[^a-zA-Z0-9-]/', '', (int)$_GET['deactive']);
    userDeactiveByAdmin($conn, $deactive, $_SESSION["users_uid"]);
    $getProfile = getProfile($conn, $deactive);
    $username = $getProfile["users_uid"];
    //echo "<script>location.href='userslist.php';</script>";
    echo "<div class='alert alert-warning alert-dismissible fade show text-center' role='alert'>User <strong>\"$username\"</strong> inactive with success
    <button type='button' class='close' data-dismiss='alert' aria-label='Close'>
    <span aria-hidden='true'>&times;</span>
    </button>
    </div>";
}

My function is

function userDeactiveByAdmin($conn, $id, $username)
{
    $sql = "UPDATE users SET isActive = 1, updated_by = '$username' WHERE users_id = $id;";
    $stmt = $conn->prepare($sql);
    $stmt->execute();
}

I don't know how can I do both (clear the URL and display the warning message).

标签: phpbootstrap-4

解决方案

One common approach, since you're already using $_SESSION values, is to use a header() redirect and compare against a separate session variable instead of the $_GET variable.

The end-result is that the page will appear to quickly reload after performing the desired action (userDeactiveByAdmin()) removing the querystring in the URL and then display the message based on the supplied $_SESSION value.

This also can be converted to change the processing page URL to implement separation of concerns, such as /deactivate.php?user=59 instead of using /userlist.php?deactive=59.

I recommend using filter_input and/or filter_var functions to sanitize and validate the input data with the desired filter options. This will ensure you are not accepting unexpected values.

$deactive = filter_input(INPUT_GET, 'deactive', FILTER_VALIDATE_INT);
if (false !== $deactive) {
   userDeactiveByAdmin($conn, $deactive, $_SESSION["users_uid"]);
   $_SESSION['deactive'] = $deactive;
   header('Location: /userlist.php');
   exit;
}

if (!empty($_SESSION['deactive'])) {
    $deactive = filter_var($_SESSION['deactive'], FILTER_VALIDATE_INT);
    unset($_SESSION['deactive']);

    if (false !== $deactive) {
        $username = getProfile($conn, $deactive)["users_uid"];

        echo "<div class='alert alert-warning alert-dismissible fade show text-center' role='alert'>User <strong>\"$username\"</strong> inactive with success
<button type='button' class='close' data-dismiss='alert' aria-label='Close'>
<span aria-hidden='true'>&times;</span>
</button>
</div>";
    }
}

The above can also be adapted to store the username or entire message you want to display.

$deactive = filter_input(INPUT_GET, 'deactive', FILTER_VALIDATE_INT);
if (false !== $deactive) {
   userDeactiveByAdmin($conn, $deactive, $_SESSION["users_uid"]);

   $username = getProfile($conn, $deactive)["users_uid"];
   $_SESSION['warning'] = "User <strong>\"$username\"</strong> inactive with success";

   header('Location: /userlist.php');
   exit;
}

if (!empty($_SESSION['warning'])) {
    $warning = $_SESSION['warning'];
    unset($_SESSION['warning']);

    echo "<div class='alert alert-warning alert-dismissible fade show text-center' role='alert'>$warning
<button type='button' class='close' data-dismiss='alert' aria-label='Close'>
<span aria-hidden='true'>&times;</span>
</button>
</div>";
}

Regarding $deactive = preg_replace('/[^a-zA-Z0-9-]/', '', (int)$_GET['deactive']);.
You only really need $deactive = (int)$_GET['deactive'];. However, since type-casting (int) "-"; or any non-numeric value will result in 0, I strongly advise using filter_input or filter_var instead with the desired filter options, which will result in false when an unexpected value is supplied. Example: https://3v4l.org/YfCOH

推荐阅读