How do I create separate Javascript windows for each form in one HTML document

Question

I'm trying to learn some php/html and the lot that comes with it. I used this tutorial as a start. It is in german so I'm not sure how useful the link will be to you.

It had no problems with the tutorial itself, which basically contained to create 3 php-pages - each doing one of the following: deleting, inserting, updating data on different tables in a database using mysql. For each action a simple window is opened through a js-function to manipulate the sql statements. My problem arose when i tried to make every type of processing data (insert/delete/update) availably on all php-pages/tables. My first attempt was to make the insert function available to table "hersteller", which technically worked, but everytime I press one of the buttons that run the .js and open a window it displays two html-forms instead of only the one i want to show. I can't seem to get rid of it. I know i could put the html-form in a different php-page, or (possibly?) change the visibility of the form, but I really would like to know why it doesnt work. Any help is appreciated.

tl;dr: creating a window through js that i want to display a html form depending on which buttons have been clicked, but it ALWAYS shows all/both htmls-forms in the php-page.

Here's some code

index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
  <title>PHP / MySQL - Tutorial 1</title>
  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
  <link rel="stylesheet" href="files/cms.css" type="text/css" />
  <script type="text/JavaScript" src="files/menue.js"></script>
</head>
<body>
<div class="navi">
  <h1>Navigation</h1>
  <ul>
    <li><a href="index.php?tabelle=hersteller">Hersteller</a></li>
    <li><a href="index.php?tabelle=produkte">Produkte</a></li>
    <li><a href="index.php?tabelle=kunden">Kunden</a></li>
  </ul>
</div>
<?php 
require ('inc/db.inc.php');

if ($_GET['tabelle'])
{
  switch ($_GET['tabelle'])
    {
case 'hersteller': $table = 'hersteller';
                       $field = 'zulieferer';
                       break;
case 'produkte'  : $table = 'produkt';
                   $field = 'produkt';
                   break;
case 'kunden'    : $table = 'kunde';
                   $field = 'doktor';
                   break;
default          : die ('Manipulationsversuch!');
}
$query = 'SElECT id, '.$field.' AS list FROM '.$table;

$result = mysql_query ($query) or die (mysql_error());
while ($row = mysql_fetch_assoc ($result)) {
    $list[] = $row;
}

include ('inc/functions.inc.php');
$code = '<div class="ausgabe"><h1>'.ucfirst($_GET['tabelle']).'</h1>';

$code .= 
        '<p class="menue">
            <a href="#"
            onclick="fenster('."'".$_GET['tabelle']."',
            '".$_GET['tabelle']."'".');">
            Neuen Datensatz einpflegen
            </a>
        </p>';
$code .= showList ($list, $_GET['id']);
$code .= '</div>';
echo $code;
print_r ($list);
}
?>'
</body>
</html>

menue.js

  function fenster1(datei, param)
  {
    window.open('data/' + datei + '.php?tabelle=' + param + '&type=insert', datei, 'scrollbars=yes, rezisable=yes, width=500, height=300');
  }
  function fenster2(datei, param) {
      window.open('data/' + datei + '.php?tabelle=' + param, datei, 'scrollbars=yes, rezisable=yes, width=500, height=300');
  }

functions.inc.php

<?php
  function showList ($list, $id) {
        for ($i = 0; $i < count ($list); $i++) {
            $ausgabe .= '<p>
                            <a href="#" onclick="fenster2('."'".$_GET['tabelle']."','".$_GET['tabelle'].
                                '&id= '.$list[$i]['id']."'".');">
                                Ändern
                            </a>';

            $ausgabe .= '<a href="#" onclick="fenster2('."'".$_GET['tabelle']."','".$_GET['tabelle'].
                            '&id='.$list[$i]['id']."'".');">
                            Loeschen
                        </a>';
            if ($id == $list[$i]['id']) {
                $ausgabe .= '<span class="show">';
            }
            $ausgabe .= $list[$i]['list'];
            if ($id == $list[$i]['id']) {
                $ausgabe .= '</span>';
            }
            $ausgabe .= '</p>';
        }
        return $ausgabe;
    }
?>

hersteller.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
    <head>
        <title>Hersteller</title>
        <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
        <link rel="stylesheet" href="../files/cms.css" type="text/css" />
    </head>
    <?php
    require ('../inc/db.inc.php');

    if ($_GET['id'] != NULL) {
        $query = 'SELECT * FROM hersteller WHERE id = ' . $_GET['id'];
        $result = mysql_query($query) or die(mysql_error());
        $hersteller = mysql_fetch_row($result);

        echo $query . "\n";
    } else if ($_POST['update']) {
        $query = 'UPDATE hersteller SET
                zulieferer = \'' . $_POST['zulieferer'] . '\',
                telefon = \'' . $_POST['telefon'] . '\',
                fax = \'' . $_POST['telefax'] . '\',
                strasse = \'' . $_POST['strasse'] . '\',
                plz = \'' . $_POST['plz'] . '\',
                ort = \'' . $_POST['ort'] . '\'
                WHERE
                id = ' . $_POST['id'];

        echo $query . "\n";

        $update = mysql_query($query) or die(mysql_error());
    }

    echo '<body';
    if ($update['update']) {
        echo ' onload="window.opener.location.href=' . "'" . '../index.php' .
        '?tabelle=' . $_GET['tabelle'] . '&id=' . $_POST['id'] .
        "'" . '; window.close();"';
    }
    echo '>';

#require ('../inc/db.inc.php');

    if ($_POST['datensatz']) {

        $query = 'INSERT INTO hersteller VALUES 
          (' . "'','" .
                $_POST['zulieferer'] . "','" .
                $_POST['telefon'] . "','" .
                $_POST['fax'] . "','" .
                $_POST['strasse'] . "','" .
                $_POST['plz'] . "','" .
                $_POST['ort'] . "'" .
                ')';

        echo $query . "\n";

        $result['datensatz'] = mysql_query($query) or die(mysql_error());
        echo $query . "\n";
    }

    echo '<body';
    if ($result['datensatz']) {
        echo ' onload="window.opener.location.href=' . "'" . '../index.php' .
        '?tabelle=' . $_GET['tabelle'] . "'" . '; window.close();"';
    }
    echo '>';
    echo $_GET['type'];

    switch (isset($_GET['type'])) {
        case 'insert': echo
            '<form action="hersteller.php?tabelle='.$_GET['tabelle'].'&type=insert" method="post">
                <p>
                    <label for="zulieferer">Zulieferer</label>
                    <input type="text" name="zulieferer" class="feld" />
                </p>
                <p>
                    <label for="telefon">Telefon</label>
                    <input type="text" name="telefon" class="feld" />
                </p>
                <p>
                    <label for="telefax">Telefax</label>
                    <input type="text" name="fax" class="feld" />
                </p>
                <p>
                    <label for="strasse">Straße</label>
                    <input type="text" name="strasse" class="feld" />
                </p>
                <p>
                    <label for="plz">PLZ, Ort</label>
                    <input type="text" name="plz" class="feld" style="width: 60px;" />
                    <input type="text" name="ort" class="feld" style="width: 230px;" />
                </p>
                <p style="text-align: center">
                    <input type="hidden" name="datensatz" value="'.$_GET['id'].'" />
                    <input type="submit" value="Eingeben" />
                </p>
            </form>';
        case 'update': echo 
            '<form action="hersteller.php?tabelle='.$_GET['tabelle'].'&id = '.$_POST['id'].'&type=update" method="post"> 
                <p>
                    <label for="zulieferer">Zulieferer</label>
                    <input type="text" name="zulieferer" class="feld" 
                    value="'.$hersteller[1].'" />
                </p>
                <p>
                    <label for="telefon">Telefon</label>
                    <input type="text" name="telefon" class="feld" value="'.§hersteller[2].'" />
                </p>
                <p>
                    <label for="telefax">Telefax</label>
                    <input type="text" name="telefax" class="feld" value="'.$hersteller[3].'" />
                </p>
                <p>
                    <label for="strasse">Strasse</label>
                    <input type="text" name="strasse" class="feld" value="'.$hersteller[4].'" />
                </p>
                <p>
                    <label for="plz">PLZ, Ort</label>
                    <input type="text" name="plz" class="feld" style="width: 60px;" value="'.$hersteller[5].'" />
                    <input type="text" name="ort" class="feld" style="width: 230px;" value="'.$hersteller[6].'" />
                </p>
                <p style="text-align: center">  
                    <input type="hidden" name="id" value="'.$_GET['id'].'" />
                    <input type="submit" name="update" value="Einggeben" />
                </p>
            </form>';    
    }

?>



</body>
</html>

Sorry for the long-ish post, feel free to tell what is obsolete/missing. And again - any help is greatly appreciated.

Edit: changed documents to the new version.

**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Jul 29 '15 at 11:05
Thanks for your reply. I am aware of that, but I'm at the level where I'm trying to figure out how things work together. I'll deal with that once I have a grasp of that. At least i know now what to look out for. — chu, Jul 30 '15 at 13:41

score 0 · Answer 1 · answered Jul 29 '15 at 11:01

0

First, it seems your tutorial is quite old: it uses mysql_* functions, which are deprecated (for quite some time already). You may want to look for a better tutorial.
For your problem: in your hersteller.php, there is nothing that tells the file which form to show, and which one to hide.
Based on the GET parameters, you can use if or switch statements around your different forms, to show or hide the respective forms.

answered Jul 29 '15 at 11:01

Burki

1,188
19
28

Hey @Burki thanks for your reply. Regarding the tutorial: I think he sample code is quite old and still beeing used for the basic tutorials. If I remeber correctly the author even mentions that somewhere. However it has last been updated a year ago, so i thought it not to be that bad. I thought it to be sufficent for the most basic steps i try to learn right now. – chu Jul 30 '15 at 13:47
Sorry for replying so late, but i pretty busy the last days. I followed your suggestion to use a `switch` function based on the `get` parameter (I edited the `hersteller.php` in my first post). In the `case` part I try to display the html-`forms` with `echo` - I got one case for each html-`form` - but it still shows both html-`forms`, even if the right parameter is shown in the url. I think I am overlooking something basic, but I just can't find it. Sorry to bother you with this. – chu Aug 03 '15 at 11:42

How do I create separate Javascript windows for each form in one HTML document

1 Answers1