7.7. Confirming Your Choice to Delete an Entry
Clicking the delete link now causes the return value of confirmDelete() to be displayed; your next step is to define confirmDelete(). This function accepts two arguments: a database object and the URL of the entry to be deleted.
The function uses the entry's URL to load the entry's information, which pops up and displays a form to the user that asks whether a given entry should be deleted. This form contains hidden inputs that store the action you want carried out by the form (delete), and the URL of the entry that will be deleted if the user confirms that he wants to delete the entry.
Add the following code to functions.inc.php to declare the function confirmDelete():
function confirmDelete($db, $url)
{
$e = retrieveEntries($db, '', $url);
return <<<FORM
<form action="/simple_blog/admin.php" method="post">
<fieldset>
<legend>Are You Sure?</legend>
<p>Are you sure you want to delete the entry "$e[title]"?</p>
<input type="submit" name="submit" value="Yes" />
<input type="submit" name="submit" value="No" />
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="url" value="$url" />
</fieldset>
</form>
FORM;
}You're using the heredoc syntax to make passing formatted HTML containing PHP variables as easy as possible.
Now if you click the delete link next to an entry, you're taken to a confirmation screen to verify that you really wish to delete the entry (see Figure 7-4).
Figure 7.4. The confirmation screen displays when the delete link is clicked
Your confirmation form submits your choice, via the POST method, to admin.php. To process this, you need to add an additional block of code to the top of admin.php that determines what choices you've made and act accordingly.
7.7.1. Handling Your Submitted Confirmation Form
In admin.php, you need to identify whether the user reached the page from the confirmation form; you do this by checking whether the $_POST superglobal contains an action variable. You also need to check whether the variable value is delete. If the Yes button was clicked, you submit the entry's URL to the deleteEntry()function (which you'll write in a moment) for deletion.
If the No button was clicked, you return the user to the entry she was viewing when the delete link was clicked originally.
You can accomplish this by adding the following code in bold to the top of admin.php:
<?php
/*
* Include the necessary files
*/
include_once 'inc/functions.inc.php';
include_once 'inc/db.inc.php';
// Open a database connection
$db = new PDO(DB_INFO, DB_USER, DB_PASS);$page = isset($_GET['page']) ? htmlentities(strip_tags($_GET['page'])) : 'blog';
if(isset($_POST['action']) && $_POST['action'] == 'delete')
{
if($_POST['submit'] == 'Yes')
{
$url = htmlentities(strip_tags($_POST['url']));
if(deleteEntry($db, $url))
{
header("Location: /simple_blog/");
exit;
}
else
{
exit("Error deleting the entry!");
}
}
else
{
header("Location: /simple_blog/blog/$url");
exit; }
}
if(isset($_GET['url']))
{
$url = htmlentities(strip_tags($_GET['url']));
// Check if the entry should be deleted
if($page == 'delete')
{
$confirm = confirmDelete($db, $url);
}
// Set the legend of the form
$legend = "Edit This Entry";
$e = retrieveEntries($db, $page, $url);
$id = $e['id'];
$title = $e['title'];
$entry = $e['entry'];
}else
{
// Set the legend
$legend = "New Entry Submission";
// Set the variables to null if not editing
$id = NULL;
$title = NULL;
$entry = NULL;
}
?>When a user confirms that he wishes to delete an entry, that entry's URL is passed to the yet-to-be-written deleteEntry() function, which removes the entry from the database. If the function is successful, you send the user to the main page. If it fails, you stop execution of the script and display an error, letting the user know that something went wrong.
You can complete this process by defining deleteEntry().