Confirmation pop up without on click.

Javascript coding ..

Moderators: egami, macek, gesf

Post Reply
New php-forum User
New php-forum User
Posts: 215
Joined: Wed Dec 07, 2011 5:25 pm

Sat Mar 03, 2012 1:34 pm

Hello anakramli.

Code: Select all


echo '<input type="button" name="deleterecord" id="deleterecord" onclick="if(confirm(\'               Warning!\nYou are About delete *Room Number*\nAre you Sure?\')) {return location.replace(\'?deleteval=' .$obfuscatedid . '\');}else{return false;}" value="Delete This Number" /><br>' . PHP_EOL;

So, as you can see i'm using button input type (not submit which does POST request)
Using button input type in fact your script will do GET request which is a bit "unsafe way"
Also all your client side validation will fail(in this case) if some one directly calls your script like:
Obviously no confirmation will appear in this case.

As you can see for prevent prone to CSRF attack i'm obfuscating my deleteval value $obfuscatedid

Then on accepting query when /my.php?deleteval=HEREGOESOBFUSCATEDDATA
i'm decrypting it using my simple algorithm.

You can use that way too but make sure you know what you are doing in bit safely manner.

Also note that when accepting and after decrypting my.php?deleteval=[imabout this]
do your enoght type casting(this works awesome if you deal with integers

Hope it helps.

Post Reply