Richard H. Nilsson, May
19, 2005
Abstract
Describes a method for positive confirmation of destructive action in web
applications without the necessity for annoying secondary "Do you REALLY...?" confirmation windows. Method uses a two-element form structure to pre-confirm action, combining a checkbox with a button. On-page PHP script acts on the form button request only if checkbox was clicked by the user, detected via the "and" logic function.
The problem
Annoyed by the "Do you really want to...?" popup every time you want to delete or update a record? It amazes me that his dinosaur from the early days of programming is still with us. "Your @#%*!! right I wanna...." I find myself swearing under my breath every time I get one of those in a mainstream application. Of course, the reason for the technique is to prevent inadvertent deletetion or other destructive action accidentally ruining your day.
There is a better way.
Cock... Fire! Pre-Confirm
We'll use a safety technique borrowed from early Old West firearms: the "cock-the-hammer" then "pull-trigger-to-fire" required to discharge an 1850's revolver. Our method is to require the user to "cock" with a checkbox, then click a button to delete. This way, two separate actions are required to destroy something, like with the gun.
In your begin-form tag, set method to "post" and the action attribute to reload the page, like this:
<form name="form_one" method="post" action="">
where you would normally put a "delete" button or a trashcan icon or other link to the delete function, put this code instead:
1 <input type="hidden" name="id" value="<?php echo $id;?>" />
2 <span style="border:2px solid #c76;float:right;padding:0 .5em;"
3 title="Check box and press 'Del' to delete selected menu." />
4 Confirm <input type="checkbox" name="confirm" value="confirm" />
5 <input type="submit" name="delete" value="Del" />
In line 1, we provide the id of the database table record we will need to find the record to delete. In line 2 we style the area containing our "cock-n-fire" with a dull red border, and also provide a "title" attribute that hints the user what to do (line 3). In line 4 we write a checkbox element and label it "Confirm". Be sure to provide the name and value attributes, as shown. Last, in line 5 we provide the trigger -- the delete button.
That gives us something like this in the form: 
PHP Confirmation Detection
In your on-page PHP scripts to operate on the form data, you can now "trap" the proper conditions to perform the deletion:
1 // D E L E T E ////////////////////////////////////////
2 // called from self to delete
3 if($_POST["delete"] == "Del"
4 and $_POST["confirm"] == "confirm"
5 and isset($_POST["id"]))
6 {
7 $id = $_POST["id"];
8 $sql = "DELETE FROM Items WHERE Id='$id'";
9 $result = mysql_query($sql))
10 // tell user it was deleted
11 echo "Item ".$id." deleted.\n";
12 // provide 'return' button
13 echo "<br><br>\n<center><form action='javascript:window.close();'>
14 <input type='submit' value='OK'></form></center><br>\n";
15 echo "</body></html>";
16 exit;
17 }
Lines 1-2 are comments describing the code snippet. In line 3 we check that the form's delete button was pressed using the ver. 4 PHP form submission variable array $_POST. This is the key to the whole cock-n-fire trick, in that this PHP control statement requires the delete button AND the confirm checkbox AND the id of the record to delete.
In lines 7 - 11, we delete the record and tell the user what we did. In lines 13 -15 we put up an "OK" button and in this case, close the edit window if it is clicked. You may want to keep it open, or even re-load the page for further editing by the user. Modify as needed.
|