2

I have a form to edit an entry, after the user presses the submit button it executes the includes/edit.php?id=XXX script and then redirects using the header('Location: ../index.php'); to the index page where all the entries are being displayed.

On the index page, I want to create a condition:

if the index page is accessed via a redirect from the edit.php?id=XXX page, then show a success message to notify the user that the edit was succesfull.

How should this condition look like?

<?php
require_once('includes/session.php');
require_once('includes/config.php');

if(!isset($_SESSION['login'])){ //if login in session is not set
    header("Location: http://www.domain.com/app/login.php");
}
$query = ("SELECT * FROM archive ORDER by id DESC");
$result = mysqli_query($link, $query) or die (mysqli_error());

/*if (condition){
   //show success message
}*/
?>
Jens A. Koch
  • 39,862
  • 13
  • 113
  • 141
Matei Panchios
  • 323
  • 1
  • 6
  • 22
  • Important: add an `exit()` or `die()` after your `header(...)` otherwise the redirect will give problems. – moorscode Oct 30 '15 at 10:58
  • Thank you for the tip, while I didn't encountered any problems with the redirect yet, I added the `exit()` after the `header('Location: ....')`. – Matei Panchios Oct 30 '15 at 11:00
  • 1
    `$_SERVER['HTTP_REFERER'];` isn't reliable and you need to read on http://stackoverflow.com/a/6023980/ about it. I'd use `strpos()` or `stripos()` for this. – Funk Forty Niner Oct 30 '15 at 11:14

4 Answers4

2

You should take a look at this var :

$_SERVER['HTTP_REFERER'];

As it will return the page from where you come before this one:

So you could just do :

if($_SERVER['HTTP_REFERER'] ==  "edit.php?id=XXX"){
 // your code here
}
Nirnae
  • 1,315
  • 11
  • 23
2

you can simply try this :

if(isset($_GET['id']) && !empty($_GET['id']))
{
       // your success message
}
Happy Coding
  • 2,517
  • 1
  • 13
  • 24
  • While I find your answer very useful (might even apply it in my case), I wanted to know about the `$_SERVER['HTTP_REFERER'];`, I had to accept another answer but I upvoted yours since it's an awesome solution. Thanks! – Matei Panchios Oct 30 '15 at 10:58
1

  • I would suggest to redirect immediately and not execute more code after the location header is set:

    if(!isset($_SESSION['login'])){ //if login in session is not set
    header("Location: http://www.domain.com/app/login.php");
    exit();
}
    • If $_SESSION['login'] is not set: redirect and exit.
    • You might consider the rest of the code as one big "else" (= if $_SESSION['login'] is set).
    • To answer the question from comments: without the exit, the code below will be executed .. and doing that query is not really necessary. Thats why its better to end the program flow by adding an exit. Referencing: Why I have to call 'exit' after redirection through header('Location..') in PHP?
  • And for the condition you could use $_SERVER['HTTP_REFERER'] or $_GET['id'] to check the page you are coming from. Just compare the strings or parts of them.
Community
  • 1
  • 1
Jens A. Koch
  • 39,862
  • 13
  • 113
  • 141
  • Thank you for the tip but I want to ask you something, without using the exit(); line, after the condition above returns true doesn't it go and execute the code inside proceeding with the redirect, ignoring the code below the if's end bracket anyway? – Matei Panchios Oct 30 '15 at 10:55
  • I've added the answer to your question above. – Jens A. Koch Oct 30 '15 at 13:04
1

If you set a $_SESSION variable with messages you can then display all messages and clear the list afterwards.

Adding a message:

if ( ! isset($_SESSION['messages']) ) {
    # initialize messages
    $_SESSION['messages'] = [];
}

# Add a new message:
$_SESSION['messages'][] = 'Something was a success!';

Reading messages:

# If there are messages not displayed
if ( isset($_SESSION['messages']) && is_array($_SESSION['messages']) ) {
    foreach ( $_SESSION['messages'] as $message ) {
        echo $message . '<br>';
    }

    # Clear messages
    unset( $_SESSION['messages'] );
}

The suggested 'HTTP_REFERER' can be manipulated and browsers are not required to send it.

moorscode
  • 801
  • 6
  • 13