DEV Community

Ghulam Mujtaba
Ghulam Mujtaba

Posted on

Handling multiple request in a controller action: a note management

As in my last post, I told you how to create a new note using a form and request methods and how to store it in the database. Now, I have learned how to delete the note that was created.
Gt

Delete Notes with Authorization: A Step-by-Step Guide

In this tutorial, we'll explore how to add a delete button to a note screen, handle multiple request methods in a controller action, and securely delete notes from the database.

First, let's add a delete button to the single note screen:

 <form class="mt-6" method="POST">
            <input type="hidden" name="id" value="<?= $note['id'] ?>">
            <button class="text-sm text-red-500">Delete</button>
        </form>

Enter fullscreen mode Exit fullscreen mode

When the user clicks the delete button, it submits the form and sends a POST request to the server. The server then receives the note ID and deletes the note from the database.

Controller action

Here's the controller action that handles both POST and GET requests:


if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $note = $db->query('select * from notes where id = :id', [
        'id' => $_GET['id']
    ])->findOrFail();

    authorize($note['user_id'] === $currentUserId);

    $db->query('delete from notes where id = :id', [
        'id' => $_GET['id']
    ]);

    header('location: /notes');
    exit();
} else {
    $note = $db->query('select * from notes where id = :id', [
        'id' => $_GET['id']
    ])->findOrFail();

    authorize($note['user_id'] === $currentUserId);

    view("notes/show.view.php", [
        'heading' => 'Note',
        'note' => $note
    ]);
}
Enter fullscreen mode Exit fullscreen mode

When we run and debug the project steps that are followed others

Request Method Check:

The code starts by checking the request method. If it's a POST request, it executes the delete note logic. If it's not a POST request (i.e., a GET request), it executes the view note logic.

Delete Note Logic (if POST):

If the request method is POST, the code:

  1. Retrieves the note from the database using the provided ID.
  2. Checks if the current user is authorized to delete the note using the authorize() function.
  3. If authorized, deletes the note from the database.
  4. Redirects the user to the notes list page.

View Note Logic (else):

If the request method is not POST (i.e., a GET request), the code:

  1. Retrieves the note from the database using the provided ID.
  2. Checks if the current user is authorized to view the note using the authorize() function.
  3. If authorized, renders the note details page (show.view.php) with the retrieved note data.

By following this, you'll learn how to securely delete notes and handle multiple request methods in a controller action.

I hope that you have clearly understood it.

Top comments (0)