Hello: I have done tons of html forms in wordpress and am now trying to do the same in laravel. The problem is with submitting the form; it is not going to my destination or passing the post variables as I would expect. (i am getting errors on the loading of the page).
I know it has something to do with the "routes" and possibly also CSRF? (been reading a lot on this and seeing all kinds of info
I have seen things about using Laravel to build a form "open form/close form" but I am trying to find a way to just use an html form
I have the default laravel installed with nothing extra...
I tried adding a "post" route but that did not help...
here is what i have now:
this is from my routes.php file:
Route::post('gz_form', ['as' => 'gz_form', 'uses' => 'cont15_gzap#gzap_cont_function']);
here is the top of my form:
<form method="post" autocomplete="off" action="{{ route('gz_form') }}" >
<input name="_token" type="hidden" value="{{ csrf_token() }}"/>
<input type="hidden" name="gc_post" value=2 />
(I threw on that token input as some people suggested that...)
Anyway - I am hoping someone can help me with this...
you have to check your route method .. is it post or get .. and check if your route named already or not ..
Route::post('/gz_form', 'YourController#handler')->name('gz_form');
while you using {{ route('gz_form') }} you need to name it
I was able to get this to work using both of your inputs - but once i had it down to the token mismatch - i finally got it to work by changing the input on my form to:
<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
i found that somewhere and by doing that the token mismatch went away...
But thanks for your help guys - getting this to work took more than one step and so your help was needed and helpful...
Related
I'm currently trying out http://altorouter.com/ and it's working well for me so far, except for this one issue I'm having
My route is set up like this:
$router->map( 'PATCH', '/admin/pages', 'pageController#update');
If I use the following jquery, the route works perfectly:
$.ajax({
type: "PATCH",
url: "/admin/pages",
data: {page_items:page_items, page_name: 'test_page'},
success: function(returned_data)
{
console.log(returned_data);
}
});
However, no matter what I put in my HTML I can't get a regular form to submit in a way it accepts as PATCH:
<form action="/admin/pages" method="post">
<input type="hidden" name="form_function" value="edit_theme">
<input type="hidden" name="_METHOD" value="PATCH">
<button type="submit">Save Page</button>
</button>
I've tried "_METHOD", "_method", "method" etc. None of them work.
I've also tried
method="PATCH"
but that only causes it to do a GET.
When I echo the $_SERVER['REQUEST_METHOD'] on the target page I get "PATCH" for the ajax, but just "POST" for the form. Hope someone can help.
In short, you cannot.
As you'll see in the W3 Spec
The only valid methods for HTML based forms are "GET" and "POST".
However you can work around this if you wish, on the server side instead. Theres a great article about how Laravel does it here: Theres no Put/Patch Delete Methods
A quick snippet of code from that article:
<form method="POST" action="" accept-charset="UTF-8">
<input name="_method" type="hidden" value="PUT">
</form>
<form method="POST" action="" accept-charset="UTF-8">
<input name="_method" type="hidden" value="PUT">
</form>
If you are not using Laravel and want to build a form manually, you cannot use PUT/PATCH – there’s just no such methods supported by forms in browsers – it’s only GET and POST. So how does Laravel make it work with {{ Form::create([‘method’ => ‘PUT’]) }}?
Actually, under the hood the generated HTML looks like this:
That’s right, Laravel constructs a hidden field with name _method and
then checks it upon form submittion, routing it to the correct
Controller method.
So if for any reason you would need to build the FORM tag yourself,
don’t put (same applied to patch and delete) – it
just won’t work. Instead add hidden fields, if necessary.
So back to your issue, Altorouter. It appears their documentation is rather lacing the best guide I can find for you is here https://recalll.co/app/?q=rest%20-%20PHP%20detecting%20request%20type%20(GET%2C%20POST%2C%20PUT%20or%20DELETE)%20-%20Stack%20Overflow it might be worth your while finding a better router, as Alto doesn't seem to have been updated in around 3 years.
Managed to find a working solution after digging around in the code. Altorouter's match method actually accepts a method parameter, which doesn't seem to be documented anywhere.
Where I used to have
$match = $router->match();
I now have:
if(isset($_POST['_method']))
{
$match = $router->match(null, $_POST['_method']);
}
else
{
$match = $router->match();
}
I'm having a bit of an issue when it comes to updating a form and and having an file input. Here is what I am working with.
I have a form in laravel 5.1 which has a post method and a hidden 'Patch' method. This works as is should updating the fields that are in the form. However, when it introduce:
<input type="file" id="profile_picture" name="image_url" />
into the form, i get a:
MethodNotAllowedHttpException in RouteCollection.php line 218:
laravel error. I have tried changing the
<input type='hidden' name='_method' value='PATCH'>
to PUT and it still doesnt like it.
My form looks like this:
<form action='{{url("profiles/$user->id")}}' method="post" class="form-horizontal" enctype="multipart/form-data">
route resource looks like this:
Route::resource('profiles', 'ProfilesController');
I can't figure out what I am missing here...Any help is much appreciated.
I believe it has to do with the exact route you are typing out in the "action" parameter matching up with the profile controller's update method.
Try changing
action'{{url("profiles/$user->id")}}'
to
action='{{ route("profiles.update", $user->id) }}'
Additionally, you could use the Laravel Collective HTML package to simply opening and closing of forms.
Also for POST Request types, you need to send the CSRF token along with your form data. If you are using laravel blade template in your view, you may use
{{ csrf_field() }}
which translates to
<input type="hidden" name="_token" value={{ csrf_token() }}
Please refer the documentation for this.
As I am new to laravel framework, I have a query, I am using <form> tag in blade template so that I can delete the data from table.
I am using this the below code of form tag to delete the data
<form action="{{ route('admin.states.update',$data->state_id) }}" id="form_sample_2" class="form-horizontal" novalidate="novalidate" method="PUT">
Here I have used method as PUT, but browser is automatically considering it as GET request, I found some questions on stackoverflow where many of them said PUT & DELETE is not detected by browser.
So using Laravel Facade Form , this problem is solved
{!! Form::open(array('route'=>['admin.states.update',$data->state_id],'role'=>'form','method'=>'PUT')) !!}
The above code work as intended but my query is I don't want to use Formfacade in Laravel , I want to use first type of HTML code for form opening.
Is there any other method by which I can use PUT method in HTML Form Tag without using any Form FAcade in Laravel.
set form method to post and add a hidden input as following
<input type="hidden" name="_method" value="put">
and also make sure to add
<input type="hidden" name="_token" value="{{ csrf_token() }}">
If your ValidateCSRF middleware is enabled.
What's the Problem?
Primary Key is present in Url so the data for other records can be seen easily by easily changing the Url.
Rendered html has hidden field present. Anybody can easily change other records based upon this Hidden Field.
When I edit the page. My Url looks like below.
http://localhost/Category/3
and Below is the rendered Html
<form method="POST" action="http://localhost/UpdateCategory" accept-charset="UTF-8">
<input name="_token" type="hidden" value="AmAXKmqtct6VOFbAVJhKLswEtds4VwHWjgu3w5Q8">
<input name="CategoryID" type="hidden" value="3">
<input required="required" name="Category" type="text">
<input class="btn btn-success" type="submit" value="Update">
</form>
Please suggest some Url and Form security in Laravel 5.1
There are many worksaround which shall by handled by us to avoid such incidents.
Fix 1 :
If you don't want to reach the user's by just changing the url
(i.e., Directly passing the id in url )
You shall filter the requests by
if($_SERVER['HTTP_REFERER']!='')
{
}
else
{
exit;
}
You shall have this in your Middleware or even in your view if you wish
Fix 2 : Never worry about the _token that is visible when you see form source
It is just the token that is generated by laravel app which is to identify whether the request is from authenticated source or not.
If you edit the token and pass the form you will surely get CSRF Token Mismatch Exception
Infact this is one of the great feature of Laravel.
Interesting Point : You can also find something in the headers of the browser ;)
Happy using Laravel ;)
I have form like this
<form action="{{ Request::root() }}/articles/update/" method="post">
<input type="hidden" name="id" value="{{ $article->id }}" />
<input type="submit" name="submit" value="Submit" />
</form>
And route like this
Route::post('articles/update', array('as' => 'articleUpdate', 'uses' => 'ArticlesController#update'));
But when I submit the form, I get MethodNotAllowedHttpException. In error report I can see that request method is GET. I have also tried using caps for method method="POST" but it didn't work.
Any ideas?
What does FireBug/Web console inspector show you? is the form being sent via GET or POST, any redirects?
Seems a redirection problem to me, after reaching the server Laravel redirects to the URL the form sent the post request.
you must use put method here. Form change like this
{{Form::open(array('url'=>'/articles/update','method' => 'PUT'))}}
Routes like this
Route::put('/articles/update','ArticlesController#update');