PROBLEMA 1
Sto esaminando un codice molto semplice ma che contiene un punto a me poco chiaro:
Codice PHP:
<input type="checkbox"
name="roles[]"
id="role<?php echo $i; ?>"
value="<?php htmlout($roles[$i]['id']); ?>"
<?php
if ($roles[$i]['selected'])
{
echo ' checked';
}
?>
>
Il codice funziona, non da problemi e probabilmente è anche scritto bene dato che non ne sono io l'autore quindi tranquilli. 
Il tag sopra e posto dentro un ciclo for quindi ogni tag prodotto contiene sempre lo stesso nome "roles[]". Il kernel del CMS usa il vettore $_POST['roles'] per prendere tutti i checkbok spuntati. Quando assegno "roles[]" ad un tag input equivale a stabilire che il tag abbia una posizione i (roles[i]) nel vettore roles ogni qualvolta il tag abbia un attributo checked ovvero, in gergo, sia spuntato?
Se la mia deduzione non fosse esatta ho timore di non aver capito a fondo il meccanismo dello script...
PROBLEMA 2
Altra cosa; perche c'è scritto "if (isset($_GET['editform']))" e poi nel primo file "<form action="?<?php htmlout($action); ?>" method="post">" ??? Se si usa il metodo post perché poi la variabile viene prelevata con il metodo get? Perché non usare post?!?! 
Se metto POST il codice non funziona: devo dedurre che anche quando uso method="post" devo usare $_GET quando la variabile generata (editform) non viene inizializzata?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TUTTO IL CODICE
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Ecco il codice completo nel caso vi servisse per capire il questito:
file 1
Codice PHP:
<?php include_once $_SERVER['DOCUMENT_ROOT'] .
'/includes/helpers.inc.php'; ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>
<?php htmlout($pageTitle); ?>
</title>
</head>
<body>
<h1>
<?php htmlout($pageTitle); ?>
</h1>
<form action="?<?php htmlout($action); ?>" method="post">
<div>
<label for="name">Name:
<input type="text" name="name"
id="name" value="<?php htmlout($name); ?>">
</label>
</div>
<div>
<label for="email">Email:
<input type="text" name="email"
id="email" value="<?php htmlout($email); ?>">
</label>
</div>
<div>
<label for="password">Set password:
<input type="password"
name="password" id="password">
</label>
</div>
<fieldset>
<legend>Roles:</legend>
<?php for ($i = 0; $i < count($roles); $i++): ?>
<div>
<label for="role<?php echo $i; ?>">
<input type="checkbox"
name="roles[]"
id="role<?php echo $i; ?>"
value="<?php htmlout($roles[$i]['id']); ?>"
<?php
if ($roles[$i]['selected'])
{
echo ' checked';
}
?>
>
<?php htmlout($roles[$i]['id']); ?>
</label>
:
<?php htmlout($roles[$i]['description']); ?>
</div>
<?php endfor; ?>
</fieldset>
<div>
<input type="hidden" name="id" value="<?php
htmlout($id); ?>">
<input type="submit" value="<?php htmlout($button); ?>">
</div>
</form>
</body>
</html>
ecco il kernel:
file 2
Codice PHP:
<?php
include_once $_SERVER['DOCUMENT_ROOT'] .
'/includes/magicquotes.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/access.inc.php';
if (!userIsLoggedIn())
{
include '../login.html.php';
exit();
}
if (!userHasRole('Account Administrator'))
{
$error = 'Only Account Administrators may access this page.';
include '../accessdenied.html.php';
exit();
}
if (isset($_GET['add']))
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
$pageTitle = 'New Author';
$action = 'addform';
$name = '';
$email = '';
$id = '';
$button = 'Add author';
// Build the list of roles
try
{
$result = $pdo->query('SELECT id, description FROM role');
}
catch (PDOException $e)
{
$error = 'Error fetching list of roles.';
include 'error.html.php';
exit();
}
foreach ($result as $row)
{
$roles[] = array(
'id' => $row['id'],
'description' => $row['description'],
'selected' => FALSE);
}
include 'form.html.php';
exit();
}
if (isset($_GET['addform']))
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
try
{
$sql = 'INSERT INTO author SET
name = :name,
email = :email';
$s = $pdo->prepare($sql);
$s->bindValue(':name', $_POST['name']);
$s->bindValue(':email', $_POST['email']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error adding submitted author.';
include 'error.html.php';
exit();
}
$authorid = $pdo->lastInsertId();
if ($_POST['password'] != '')
{
$password = md5($_POST['password'] . 'ijdb');
try
{
$sql = 'UPDATE author SET
password = :password
WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':password', $password);
$s->bindValue(':id', $authorid);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error setting author password.';
include 'error.html.php';
exit();
}
}
if (isset($_POST['roles']))
{
foreach ($_POST['roles'] as $role)
{
try
{
$sql = 'INSERT INTO authorrole SET
authorid = :authorid,
roleid = :roleid';
$s = $pdo->prepare($sql);
$s->bindValue(':authorid', $authorid);
$s->bindValue(':roleid', $role);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error assigning selected role to author.';
include 'error.html.php';
exit();
}
}
}
header('Location: .');
exit();
}
if (isset($_POST['action']) and $_POST['action'] == 'Edit')
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
try
{
$sql = 'SELECT id, name, email FROM author WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error fetching author details.';
include 'error.html.php';
exit();
}
$row = $s->fetch();
$pageTitle = 'Edit Author';
$action = 'editform';
$name = $row['name'];
$email = $row['email'];
$id = $row['id'];
$button = 'Update author';
// Get list of roles assigned to this author
try
{
$sql = 'SELECT roleid FROM authorrole WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $id);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error fetching list of assigned roles.';
include 'error.html.php';
exit();
}
$selectedRoles = array();
foreach ($s as $row)
{
$selectedRoles[] = $row['roleid'];
}
// Build the list of all roles
try
{
$result = $pdo->query('SELECT id, description FROM role');
}
catch (PDOException $e)
{
$error = 'Error fetching list of roles.';
include 'error.html.php';
exit();
}
foreach ($result as $row)
{
$roles[] = array(
'id' => $row['id'],
'description' => $row['description'],
'selected' => in_array($row['id'], $selectedRoles));
}
include 'form.html.php';
exit();
}
if (isset($_GET['editform']))
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
try
{
$sql = 'UPDATE author SET
name = :name,
email = :email
WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->bindValue(':name', $_POST['name']);
$s->bindValue(':email', $_POST['email']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error updating submitted author.';
include 'error.html.php';
exit();
}
if ($_POST['password'] != '')
{
$password = md5($_POST['password'] . 'ijdb');
try
{
$sql = 'UPDATE author SET
password = :password
WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':password', $password);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error setting author password.';
include 'error.html.php';
exit();
}
}
try
{
$sql = 'DELETE FROM authorrole WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error removing obsolete author role entries.';
include 'error.html.php';
exit();
}
if (isset($_POST['roles']))
{
foreach ($_POST['roles'] as $role)
{
try
{
$sql = 'INSERT INTO authorrole SET
authorid = :authorid,
roleid = :roleid';
$s = $pdo->prepare($sql);
$s->bindValue(':authorid', $_POST['id']);
$s->bindValue(':roleid', $role);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error assigning selected role to author.';
include 'error.html.php';
exit();
}
}
}
header('Location: .');
exit();
}
if (isset($_POST['action']) and $_POST['action'] == 'Delete')
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
// Delete role assignments for this author
try
{
$sql = 'DELETE FROM authorrole WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error removing author from roles.';
include 'error.html.php';
exit();
}
// Get jokes belonging to author
try
{
$sql = 'SELECT id FROM joke WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error getting list of jokes to delete.';
include 'error.html.php';
exit();
}
$result = $s->fetchAll();
// Delete joke category entries
try
{
$sql = 'DELETE FROM jokecategory WHERE jokeid = :id';
$s = $pdo->prepare($sql);
// For each joke
foreach ($result as $row)
{
$jokeId = $row['id'];
$s->bindValue(':id', $jokeId);
$s->execute();
}
}
catch (PDOException $e)
{
$error = 'Error deleting category entries for joke.';
include 'error.html.php';
exit();
}
// Delete jokes belonging to author
try
{
$sql = 'DELETE FROM joke WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error deleting jokes for author.';
include 'error.html.php';
exit();
}
// Delete the author
try
{
$sql = 'DELETE FROM author WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error deleting author.';
include 'error.html.php';
exit();
}
header('Location: .');
exit();
}
// Display author list
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
try
{
$result = $pdo->query('SELECT id, name FROM author');
}
catch (PDOException $e)
{
$error = 'Error fetching authors from the database!';
include 'error.html.php';
exit();
}
foreach ($result as $row)
{
$authors[] = array('id' => $row['id'], 'name' => $row['name']);
}
include 'authors.html.php';
Rispondi quotando