I have a form with post method. I am leaving the action field blank. So on submitting it should redirect to the same page.
But I have action like
page.php?id=1
when I submit the form it removes the query string from URL so i am not able to get it via $_GET method.
So how i can get id param as well. Its working fine on local but having issue on the live server.
You should add a hidden input in your HTML form:
<input type="hidden" name="id" value="<?php echo $_GET['id'];?>" />
Related
I have a hidden input into my payment form like this:
<form action="<bank_api>">
<input type="number" name="amount" />
<input type="hidden" name="redirect_to" value="<current_url>" />
</form>
And I will use it like this after paying:
header("location: " . $_GET['redirect_to']);
Everything works as well, just I feel a security problem:
A user can simply change the value of that hidden input (an set the url of another website) before submitting the form and then it will be redirect to that website after paying. See? My server will send a request to another website. Is that fine or I have to put some check-domain-name before redirecting?
Store the redirect_url in the $_SESSION and retrieve and delete it after the form submission.
I have html page and I have taken one form in it and other link outside the form .Form is Submitted by POST method,when I submitting form first time its ok and when I click link it pass data by GET method and when I again submit form then it send both GET and POST variable i.e form data and link data both.so what is the reason for that and how can I solve it.My html page is below
<html>
<body>
<form method='post'>
<input type=input name='name'/>
<input type=submit name='submit' value='submit'/>
</form>
<a href='check_global.php?page_number=6'>Page Number</a>
</body>
</html>
Because the form hasn't the action attribute, so it simply reload the page. When you submit it the first time it's all fine, but when you do it after clicking the link, the url is 'dirty' due to the data of the link, so you have both GET and POST values.
You can check wether the POST attribute is set ( if(isset($_POST['name'])) with php), in this case it has been submitted with the form
When you submit the form the second time you see the form parameters + the url parameter of the page (remember you clicked the link with the relative URL 'check_global.php?page_number=6').
To verify the above try this:
<?php
echo 'GET param ' . $_GET["page_number"];
echo 'POST param ' . $_POST["name"];
?>
As you can see you can access both types of parameters during a POST request.
Hope that helps.
Just to make the point, the OP did not indicate that the form was supposed to submit to anywhere but the current page. So just for funsies, here is the same basic idea, but with an action attribute value:
<form method="post" action="">
<input type="text" name="name"/>
<input type="submit" name="submit" value="submit"/>
</form>
Page Number
Notice that I've set it up so that, for whatever reason, the link points back to this same page and so does the form. The result:
First Load: form submit makes request with POST data to blah.php
Second Load: link follow makes request with GET (thanks to the query string) to blah.php?page_number=6
Third Load: form submit, using blank action to indicate that current page is where to post, makes request with POST form data to blah.php?page_number=6, thus having both POST form data and GET URL data.
So your options are to either set the action attribute value to blah.php so that it does not include the query string, or to accept that if you want to avoid the various ways of doing this in favor of having a more modular form (drop it in any page and you know it will post to that address), then to simply have the PHP backend check if $_POST['submit'] is set and if so, handle it like a form post and don't use any of the $_GET logic that might be screwing things up.
The link is never sending the form data as POST, and the POST data is not part of the GET array, so you know that when there is no POST, it's just get and if there is POST, it was a form submit, even if there is a GET array.
Or just use separate scripts so you don't get mixed up.
When I use <form action="code.php?id=1" method="post"></form>, the form id is passed in the URL. But when I write the same code by replacing 'POST' by 'GET', the id is not passed to the URL.
Why?
When you submit a GET form, the values from the form are appended to the action URL, as the "query string" after the ?. Specifying an existing query string in the action attribute of such a form creates an ambiguity. Browsers don't merge the two query strings, they just throw away the old query string and build the new one based on the form.
With a POST form, there is no ambiguity: the data from the form is sent separately from the URL, so there is no need for the query string to be over-written.
However, it's probably best not to mix the two kind of parameters, so the solution is always to include your extra parameters as hidden fields, then it will work with both GET and POST forms:
<input type="hidden" name="id" value="1">
Better way is to pass id in hidden field.
<form action="code.php" method="post">
<input type="hidden" value="1" name="id" />
</form>
If your form is as below
<form action="code.php?id=1" method="post">
<input typ"text" name="username" />
<input type="submit" />
</form>
example script in code.php
<?php
print_r($_GET);
print_r($_POST);
print_r($_REQUEST);
?>
You will get form data in post array and url parameters in get array, in request you will get both get and post data in one array. But if you change from post to get method your form data added with the url instead of appending. This issue is because of ambiguity. To get solution i this situation, create a hidden field in your form those you also want to send with query string.
I have a form on a page with get parameters:
index.php?PageID=12
I then have a multiple forms on that page which build up the page details as the user selects the details.
My problem is when the form is posted the Get overwrites other get parameters.
I can use post but then can only post the information back once as the post values are wiped when the next form is submitted;
the idea is the forms build up a address as such;
?PageID=12
?PageID=12&Section=48
?PageID=12&Section=48&Event=1456
and so on as the user selects more items.
Thanks for your help.
For forms with method=get the query string parameters specified in action attribute are ignored. Add such parameters as hidden form fields:
<form action="index.php" method="get">
<input type="hidden" name="PageID" value="12">
<input type="hidden" name="Section" value="48">
<input type="hidden" name="Event" value="1456">
</form>
You can use server-side script or JavaScript to add the query string parameters as hidden form fields.
Put the incoming $_GET params in hidden fields
you can use the below code in which you can initialize the parameter that already required to post
<form action="index.php" method="get">
Here all the parameter will join with index.php?.......
So if you required to pass some parameter by default then you can write index.php?para=1......
But don not leave it blank form action value, by default it will consider the same url that is in address bar.
May this will help you .........:)
I have a site where each page is actually a parameter of the index.php page.
So the search page is simply: www.mysite.com/?p=search
I created a GET form whose action is the page above (http://www.mysite.com/?p=search). However, when I submit the form, it is actually submitting the GET parameters to www.mysite.com/index.php instead of www.mysite.com/?p=search.
How do I get the form to actually submit to www.mysite.com/?p=search so that I end up with something like:
www.mysite.com/?p=search¶m1=blah1¶m2=blah2#¶m3=blah3
instead of:
www.mysite.com/index.php?param1=blah1¶m2=blah2#¶m3=blah3
?
You can't use a form to make a GET request to a URI with a query string in the action without destroying the existing query string. Use a hidden input instead.
Add <input type="hidden" name="p" value="search"> to your form and set action="/"