Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    68
    Rep Power
    0

    Clumsy programming


    Hi,

    I hope this is an appropriate question and that someone can point me in the right direction?

    At the moment, when voting on my site, certain variables are sent to another php page before being sent to the MySQL database. This process is very clumsy. The page you're currently on switches to another page, registers the data, delays a few seconds, and then goes back to the initial page. It just looks and feels so clumsy.

    Is there another more sophisticated way of passing the variables from one php page to another without the visible, second php page? Or some other method of sending the data to the database?

    No ideas, no help, no worries, but if you've got any ideas please through your ideas this way.

    All The Best,
    Richard.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Dec 2004
    Posts
    2,998
    Rep Power
    375
    when it goes to second page, dont have a delay and it wont seem so clumsy.

    or use jquery/ajax/javascript.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    I guess what you want is Ajax. It means that JavaScript makes HTTP requests "in the background" after the page has been loaded, allowing the user to stay on the page and use it without any interruption.

    Use a framework like jQuery.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    68
    Rep Power
    0

    Thanks


    Originally Posted by Jacques1
    Hi,

    I guess what you want is Ajax. It means that JavaScript makes HTTP requests "in the background" after the page has been loaded, allowing the user to stay on the page and use it without any interruption.

    Use a framework like jQuery.
    Hi,
    I think that might be what I'm looking for, but I know nothing about Ajax. I'll do some research on it, thanks. Any other tips, I'd really appreciate it.
    Richard.
  8. #5
  9. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    The old school way is more or less what's happening right now.
    The interim screen serves two purposes:

    1. Page Separation

    If the form were to submit and return the user to the same view, reloading the page (F5) could cause the form to be submitted again, which is usually an undesired behavior.

    2. Confirmation

    The interim screen presents an opportunity to tell the user that their action was successful (or an error occurred) before returning them back to the previous view.

    As paulh1983 stated you can have the interim page redirect immediately in which case #1 is still applicable, but you lose the benefit of #2 in that way. If you want a confirmation/error message then you'll need to have the returned-to screen handle that somehow.

    A more modern take is what Jacque's suggested: using AJAX. That's an alternative way of handing a form submission that doesn't inherently require any page changes and it avoids the problem of form resubmission on page reload.

    However, you'll probably want some subsequent actions to take place. For example, if you want the user to see the updated results or otherwise change the page when the user votes, you'll either want to force a page reload in Javascript or use Javascript to update just the relevant portions of the page. This can become increasingly difficult depending on what you want to do, but it's worth learning.

    You might also want to provide some notification if the AJAX submission was successful or if there was a problem.

    Which way you take it is really a matter of preference. My current preference is the old school way with an immediate redirect, leading to a page that gives a status update of your action. But that's mostly just for convenience; AJAX would be more complex for me.
    LinkedIn: Dave Mittner
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    68
    Rep Power
    0

    Thanks, Dave


    Originally Posted by dmittner
    The old school way is more or less what's happening right now.
    I appreciate the amount of time you put into that response.

    Yes, I'm currently using the old school way and it really does work fine.

    I've had a look at jquery and have learned a few things, but the the need to learn javascript and re-write the contents of the second php page is pretty prohibitive. From what you've said, it sounds a pretty steep learning curve.

    What I would really like is for a person to vote, experience a slight delay and then see the refreshed page with the results of their vote. I would prefer it if the voter did not physically see the contents of another update php page at all. Perhaps what I need to do is strip out the entire HTML contents of the redirect page so that there is nothing visible at all? What do you think? I'm working on it, but the physical/viewable aspects of the redirect page are bothering me. The site feels old fashioned, that's pretty much it.

    Cheers,
    Richard.
  12. #7
  13. Wiser? Not exactly.
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    5,953
    Rep Power
    4033
    If you just do a Location: redirect back to the page after recording the vote, the user should not notice any intermediate page being loaded. It would appear as though the page just refreshed with the results.

    Code:
    <?php
    
    if (isset($_POST['vote'])){
       /* Record the vote */
      /* ... */
    
      /* Then redirect back  */
      header('Location: index.php');
      exit;
    }
    Recycle your old CD's, don't just trash them



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by VinylSurrender
    I've had a look at jquery and have learned a few things, but the the need to learn javascript and re-write the contents of the second php page is pretty prohibitive. From what you've said, it sounds a pretty steep learning curve.
    No, it's not. With modern frameworks, Ajax is trivial. School kids learn that in a few days.

    There won't be much to rewrite. The database logic doesn't change at all. The only difference is how the script gets triggered: Instead of having the browser visit the page, you simply do the request with JavaScript.

    Code:
    $.post("process_vote.php", {vote: "VinylSurrender"}, function (results) {
        // show results on the page
    });
    Not exactly rocket science, is it?

    Ajax and JavaScript in general are also one of the absolute basics of web programming. If you don't know them, you'll have a hard time writing a modern website.



    Originally Posted by VinylSurrender
    What I would really like is for a person to vote, experience a slight delay and then see the refreshed page with the results of their vote. I would prefer it if the voter did not physically see the contents of another update php page at all. Perhaps what I need to do is strip out the entire HTML contents of the redirect page so that there is nothing visible at all? What do you think? I'm working on it, but the physical/viewable aspects of the redirect page are bothering me. The site feels old fashioned, that's pretty much it.
    Well, it is old-fashioned. This refresh/redirect stuff is neither state of the art nor particular user-friendly.

    I see two options: Either forget about the delay and simply send the user directly to the results page. No fancy stuff, just classical synchronous requests. This gets you maximum simplicity and compatibility. Or use Ajax to send the vote and show the results. This might be more user-friendly.

    But redirecting people to a different page after a delay is just bad in my opinion. Whenever I see that, my sympathy for the site immediately drops (and I fear I'm not the only one).
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    Originally Posted by VinylSurrender
    I've had a look at jquery and have learned a few things, but the the need to learn javascript and re-write the contents of the second php page is pretty prohibitive. From what you've said, it sounds a pretty steep learning curve.
    It's not too hard to learn but if you're working with an established system it might require some retooling of your controllers. If it's a big system then it can become prohibitive to convert it all, but you can always do it piecemeal, too.

    Whether you employ it or not, it's a good thing to learn and understand.
    LinkedIn: Dave Mittner
  18. #10
  19. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    I'm confused, you think a process is clumsy and we've validated it's an old fashion method. You agree.

    So where now? We've validated your concerns but you seem reluctant to refactor in any way.

    If you do want to refactor then you probably don't need to recode anything on the PHP side of things - just drop in jQuery if you're not already using it and use the Ajax methods it comes with to trigger J1's line of code (or similar) on the form submit, then return false / prevent default so the browser doesn't take you anywhere.

    If you wanted to be really clever you could then update the vote results as well by using either another ajax request or returning the results in your first call (this probably would require a bit of PHP tweaking). jQuery can rewrite the HTML on the page, and can even take the content it uses to do this from an ajax call. jQuery just wraps all this stuff up into a few lines of code
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    68
    Rep Power
    0

    A little too fast for me...


    Hi,

    I would really like to improve the voting system on the site. As Jacques1 correctly perceived; newly registered site visitors cast a couple of votes and then run away, probably horrified.

    I'm not, however, at all fluent with javascript or Ajax. I do use a few scripts on the site, calling the associated .js file from the corresponding .php page, but besides a bit of tweaking, that's about it.

    The .php redirect page is pretty heavy in terms of IF statements and clauses, so I need to use it, but I would preferably like to contain the contents of that page within a .js file so that the physical page doesn't load on screen.

    Here's the simple redirect line:

    echo "<a href='http://www.vinylsurrender.com/Music/Update/update2.php?FixedIDvalue={$row['FixedID']}'>";

    The 'FixedIDvalue' variable is passed to the update2.php redirect file, which then updates the MySQL server.

    I need to pass that variable into a .js file, which won't show any physical information on screen.

    How do I pass that variable into a javascript file containing my original php/html contents?

    Thanks for your patience of this. Any help appreciated.

    Richard.
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    68
    Rep Power
    0
    Originally Posted by kicken
    If you just do a Location: redirect back to the page after recording the vote, the user should not notice any intermediate page being loaded. It would appear as though the page just refreshed with the results.

    Code:
    <?php
    
    if (isset($_POST['vote'])){
       /* Record the vote */
      /* ... */
    
      /* Then redirect back  */
      header('Location: index.php');
      exit;
    }
    I'm seriously looking into that suggestion. Thank You.

    One of the issues I have with your Location: redirect statement is that the vote could have come from one of potentially thousands of pages on the site, not just the index.php page.

    Is there a way of redirecting back to the previous page using something like 'Location: history.back()' ?

    Would that work?

    Richard
  24. #13
  25. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Before you do anything, you first need to fix some gaping security holes on your site:

    Code:
    http://www.vinylsurrender.com/Music/MUSICResults.php?Choose=All&Decade=Any&q=%3Cscript%3Ealert%28%22Hi.+I%27m+a+placeholder+for+a+JavaScript+attack.%22%29%3B%3C%2Fscript%3E&Submit=SEARCH+Site
    This is a disaster. I wouldn't be surprised if some of your users have already been attacked, maybe without knowing it.

    You need to fix your site right now. If possible, take it offline until you've closed all security holes -- I fear there are plenty of them.

    It might be a good idea to read up on security before you go online and have people register on your site.

    Comments on this post

    • VinylSurrender disagrees : Completely deviated away from the original post, instead posting comments about the rubbish quality of my site, possibly as a knee-jerk reaction to not thanking him for his previous responses, which I didn't really understand.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  26. #14
  27. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    68
    Rep Power
    0
    Originally Posted by Jacques1
    Before you do anything, you first need to fix some gaping security holes on your site:

    Code:
    http://www.vinylsurrender.com/Music/MUSICResults.php?Choose=All&Decade=Any&q=%3Cscript%3Ealert%28%22Hi.+I%27m+a+placeholder+for+a+JavaScript+attack.%22%29%3B%3C%2Fscript%3E&Submit=SEARCH+Site
    This is a disaster. I wouldn't be surprised if some of your users have already been attacked, maybe without knowing it.

    You need to fix your site right now. If possible, take it offline until you've closed all security holes -- I fear there are plenty of them.

    It might be a good idea to read up on security before you go online and have people register on your site.
    Take my site off-line until I fix all security holes, without knowing how to fix them, becoming a professional, full-time programmer earning practically nothing per day in Google Adsense, in the blink of an eye?

    I came to this site requesting HELP on how to improve my site, or how to attempt to improve my site, but certainly not to receive abuse.

    Would you please respond with something useful to this post or refrain from posting such messages. Thank You.

    Comments on this post

    • Jacques1 disagrees : Shame on you for not even trying to protect your users. Seriously.
    Last edited by VinylSurrender; August 22nd, 2013 at 10:41 AM.
  28. #15
  29. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    WTF? I'm telling you that your users and possibly your server are in actute danger. And all you have to say is that you don't wanna hear it, because you don't have time for it?

    You know what? If this was some private site in a private network, I'd say: Screw you. You have to learn the hard way. But this is a public site with people using it and relying on you to keep their data safe. And you spit in their face and simply refuse to exercise your responsibility.

    If you don't have the time/money/skills/whatever to make your site halfway secure, then you can't have a public site. Period.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo