We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

How to create a delete confirmation in other page?

I have a page which list all records from a table (for example 'Users'). At the beginning of each row (each record), I have a check box to select that row and below the table is the Submit button (let call this page 1)

After click the Submit button, the POST data of the form is an array of 'user_id' Also go to a page which has something like "Are you sure you want to delete these users?", below is the list of user_id will be deleted. And below all that are the "Delete" and "Cancel" buttons. (let call this page 2)

Now I want when I click the "Delete" button, all user with values in array 'user_id' will be delete. The problem is I don't know how to pass value from page 2 to the deleteAction (because there is no form, and also it's an array of 'user_id' so I can't use the routing like user/delete/1...)

Do you have any idea how I can do that? Thank you very much

edited Mar '14

this way:
use Persistent Data component which is isolated persistent variable for every controller
$this->persistent->variable_name

but you have to register session component in your DI, but probably have registered

class UsersController extends /Phalcon/Mvc/Controller
{

    public function indexAction()
    {
        $users = Users::find(array(
            "order" => "name"
        ));

        echo "<form action='/users/delete' method='post'><table>";
        foreach($users as $user)
        {
            $checked="";
            if($this->persistent->user[ $user->id ]==1)
            {
                $checked="checked='checked'";
            }

            echo "
            <tr>
                <td><input type='checkbox' name='user[", $user->id , "]' value='1' ", $checked ,"></td>
                <td>", $user->name ,"</td>
            </tr>";
        }
        echo "</table></form>";
    }

    public function deleteAction()
    {
        $this->persistent->users_to_delete = $this->request->get("user");
        echo "
        <h1>Are you sure?</h1>
        <div>
            <a href='/users/confirmed'>Delete</a> 
            <a href='/users/index'>Cancel</a>
        </div>
        ";
    }

    public function confirmedAction()
    {
        foreach($this->persistent->users_to_delete as $key=>$value)
        {
            if($value==1)
            {
                $user = Users::findFirst($key);
                $user->delete();
            }
        }

        $this->dispatcher->forward(array(
            "controller" => "users",
            "action"=>"index"
        ));
    }
}

Why not make a form on the confirm page?



26.3k

Hi!

I think better way is:

(1) in Page 2 you list all records to be deleted, the same as you probably doing it now

(2) you store nothing in a session or in persistent variables

(3) for each record to be deleted you generate a HIDDEN element in Page 2, for example:

<input type="hidden" name="user_id[]" value="5">
<input type="hidden" name="user_id[]" value="3">

These elements are responsible for two records - one with ID=5 and another with ID=3.

(4) This way at the last page deleteAction you will still have array user_id[] in your POST but it will contain only the records to be deleted.


I think this method has some advetages:

(1) performane: You don't need to store values in session

(2) simplier: you don't need to think about managing these data in session

(3) safety: i think it has lower risk for some attack like CSFR or simply user innocent mistakes than the method with session. If the user cancel the delete action but a few minutes later (for some reason be a mistake or by attack) he will visit the delete page, the records for deleting will still be stored in session and WILL BE DELETED.

Regardless of the method you will use I suggest you to secure your form in case of CSFR attacks.