I want to delete (or update) a record in MySql through PHP. The options here are :
One.
Delete
Two.
<form action="process.php" method="post"><input type="hidden" name="pid" value="3"><input type="hidden" name="cid" value="10"><button type="submit" class="btn btn-danger">Delete</button></form>
Later, I will redirect from process.php. So, Which is better and may I know why?
In both options, it is working (delete or other). I just want to ask any advantages in form submit
One :- Using get method
Delete
Two :- Using Post method
<form action="process.php" method="post"><input type="hidden" name="pid" value="3"><input type="hidden" name="cid" value="10"><button type="submit" class="btn btn-danger">Delete</button></form>
Compare Get and post method :
Get Method ( Advantages and disadvantages )
Since the data sent by the GET method are displayed in the URL, it
is possible to bookmark the page with specific query string values.
The GET method is not suitable for passing sensitive information
such as the username and password, because these are fully visible
in the URL query string as well as potentially stored in the client
browser's memory as a visited page.
Because the GET method assigns data to a server environment
variable, the length of the URL is limited. So, there is a
limitation for the total data to be sent.
Post method ( Advantages and disadvantages )
It is more secure than GET because user-entered information is never
visible in the URL query string or in the server logs.
There is a much larger limit on the amount of data that can be
passed and one can send text data as well as binary data (uploading
a file) using POST.
Since the data sent by the POST method is not visible in the URL, so
it is not possible to bookmark the page with specific query.
thanks
Related
I'm a bit confused of do I need to prefix form input variables with i.e. ('car_', or 'bike_' corresponding to 'car_make', 'bike_make') or can I use same template for both forms without prefixing variables. And if so, do I still need to prefix the 'submit' field, or having different form name is enough to avoid data collision.
I have these two HTML forms on the same page:
<form action="" name="car_search_form" method="POST">
<input type="hidden" name="make" value="Audi" />
<input type="submit" name="car_do_search" value="Search Car" />
</form>
<form action="" name="bike_search_form" method="POST">
<input type="hidden" name="make" value="Schwinn" />
<input type="submit" name="bike_do_search" value="Search Bike" />
</form>
So, in the end I want to get correct value for $validCarMake via this code:
if(isset($_POST['car_do_search']))
{
$paramCarMake = isset($_POST['make']) ? sanitize_text_field($_POST['make']) : '';
$validCarMake = esc_sql($paramCarMake); // For SQL queries only
// TODO: Add data saving to database
}
Also, I want to understand the decision process of PHP engine. How it does deside which variable to choose - how it know on which button I clicked, and why not it does just submit all forms on the page? Also, if there would be any difference if I'd use "GET" method instead of "POST" besides that the one does put the variable values to URL? And how does the GET case it would process attached image to form submit then (as the maximum URL lenght is 255 chars as I know, and i.e. JPEG 100 kiB image contains thousands of chars. I'm asking this, because I also want to allow not just have that search on site's home page, but also allow to make search from a separate website's some kind of widget.
And the last question - if the HTML form processing differs somehow in PHP 7.X compared to PHP 5.X (i.e. PHP 5.4). I means does it caches somewhere the data, does it sends over the internet the attached images of the both forms and consumes network and server data, or it submit's only the data of the form on which I clicked the button.
As long as you keep the 2 input requests separate having the post arg "make" is completely fine. If you send the args in the same request the 2nd will override the first since it was last set.
As for how php decides on what is first it uses what is called order of precedence. This means what it comes to first it executes first unless explicitly told not to.
I want to understand the decision process of PHP engine. How it does decide which variable to choose - how it know on which button I clicked, and why not it does just submit all forms on the page?
When you click on a button, php will take the <button name="value"> value assigned in the name property of the input field or button clicked. This is how it can decide what's the form to submit. Consider that if you have two forms with the same name assigned to the submit button, the first one will override the second and php will only submit one form. This is because php execute operations with a logical order.
I use Firefox add-on called "Session Manager" to save and restore sessions. I have simple php + html form:
<form id="form_id" enctype="multipart/form-data" method="post" action="upload.php">
<input id="name$key" type="text" placeholder="Name" name="name[]" value="$name">
<input type="file" name="fileToUpload[]" id="fileToUpload$key">
<input id="submit" name="submit" type="submit" value="Submit">
</form>
When I restore form inputs data with "Session Manager" I can see all data I need. When I click the "Submit" button, data have empty $_POST.
What can I do to not lose this data?
Maybe to use some JQuery or session_start(); $_SESSION?
Firefox add-on "Session Manager" seems to work incorrect if html <form> setted with attribute enctype="multipart/form-data". If you want to send some files through POST use <form> attribute enctype="application/x-www-form-urlencoded" in conjunction with php copy(). That's not clean solution. Maybe there could be other solutions with enctype="multipart/form-data", maybe some expirements with form accept-charset could give you better results.
The Session Manager plugin in Firefox is not at all related to PHP sessions. Same word, entirely different meanings.
A Firefox session is your browser tabs and the websites they are accessing. A PHP session relates to a user session on a specific website.
Most likely the data you are seeing "saved" in the forms is just field data that is saved in Firefox only, for the sole purpose of making data re-entry faster. It is not yet actually "in" the form fields, but saved in Firefox (only, not on the website) in order to make easier the re-entry of frequently typed data.
When you lose a connection to a website, you lose the data typed in the fields. Refreshing the page loses the data typed in the fields. There is no work-around for this, it's just how it is.
If you have further questions, please ask in comments below this answer.
Edit:
Re-thinking, it may be possible to achieve some kind of solution using a javascript/jQuery (please, jQuery) solution that involves detected when fields are exited (blur()) and subsequent grabbing of the data and saving in localStorage.
References:
https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API
http://www.w3schools.com/html/html5_webstorage.asp
When is localStorage cleared?
What is the max size of localStorage values?
I'm just curious what is the better method for edit buttons in an admin, keeping in mind the there could possible be 100s of these edit buttons on a page,
a form to use the POST variables
<form action="" method="POST" enctype="multipart/form-data" target="_self">
<input type="hidden" name="ID" value="123" />
<input type="hidden" name="name" value="ABC" />
<button type="submit" name="action" value="Edit" class="edit></button>
or a href to use the GET variables
Edit
I'm just curious in regards to speed and usability.
Any opinions welcome.
Server Side
Edit button or form button do not impact server side processing at all.
If you are looking to reduce the html file size , the get variable based approach could help and reduce that less than 5% extra overhead (can vary based on type of application).
Client Side
The % impact on client side will also be negligible based on how browser handles the submit action.
Side Notes
href links work only as a replacement for GET forms and not for POST.
url based approach is useful in cases like edit button where there is no user modified input
Even better is using the HTTP PATCH method which meant to represent partial resource modification.
You should avoid using GET requests when the outcome alters a resource (because the request will be resent by hitting the back button).
However since many browsers cannot send native PATCH requests you need a bit of trickery. Ruby On Rails for example uses javascript together with a method POST parameter to fake PATCH, PUT and DELETE requests - even on links.
I have a form that uses Post to send info to a PHP page.
The PHP page;
Takes the form info.
Rearranges it.
Formats it.
Then turns it into a code string that's ultimately sent to another
page and performs some tasks using that info.
Form Code:
<form method="post" action="_php/buildMyPNR.php" name="GuestInfo"
onSubmit="return validateFormMethod1();">
<input type="text" name="AccountNumber" id="BID"
onkeypress="return isNumberKey(event)" size ="16"/>
<input type="hidden" name="requestID" id="RID" value="" />
..... bunch of other fields
<input type="submit" name="loadURL" id="submit" value="Submit"
onsubmit="return ValidateFields();" />
</form>
What I need to do is;
Generate a sequential number each time the page is used.
Pass that number with the post request (Sort of like a serial number
for the request), to another form say _php/buildMyPNR.php.
When _php/buildMyPNR.php loads, save the values of
AccountNumber and requestID to a database or similar.
Ultimately it would move on to _php/usageSummary.php, where the user can click
a button to return a list of AccountNumbers paired with the
requestID that was generated for the request.
Possibly download the list in an excel spreadsheet format, but it is
not absolutely necessary.
What would be the best way to accomplish this?
Mainly I need help with generating the requestID. I need them to be sequential so I assume that I would need to start with a number in my database like 00001, query that number from my form, add 1 to the returned value, then save the new value along with the AccountNumber when submit is pressed.
I have no experience with databases and any guidance would be greatly appreciated.
Ideally we'd see some schema and examples of code you've already tried...
However, you can use an Auto Increment field in your Database Table, which will accomplish the ID incrementing for you.
If you're using mysqli for your mysql database interaction (as you perhaps should be), then you can then retrieve this autonumber using;
$PassedRequestID = $mysqli->insert_id
Then pass this to your next page.
You will then need to query your database with something like (psuedo code);
SELECT Accounts.*, Requests.*
INNER JOIN Requests ON Requests.AccountID = Accounts.AccountID
WHERE Requests.RequestID = $PassedRequestID
For exporting to Excel, if you search for PHP export CSV using Google, there'll be plenty of examples there to choose from. However, as an example;
http://code.stephenmorley.org/php/creating-downloadable-csv-files/
I have a search feature on my site that's POST based. Now, however, I want to be able to provide links that search for certain keywords, but this isn't of course possible because the form doesn't handle GET requests. Is there a way around this?
use the super global
$_REQUEST
Set the form's method to GET
<form action="/search" method="GET">
This will work if your search app on the server permits searching via get. Just of note, you should be using GET for search anyway. POST is to make modifications and post data. You're "getting" search results, so use GET.
You can use javascript to POST the form from a link. An example of how to do that is located here:
http://mentaljetsam.wordpress.com/2008/06/02/using-javascript-to-post-data-between-pages/
I would look at changing your form to operate using GET.
Using GET for the search mechanism is appropriate since GET methods are used for requests that are idempotent. i.e. you can perform them repeatedly without concern for changing state. The semantics of POST is that you're posting data and performing a change (regardless of whether that's really happening in this scenario)
<input type="text" id="searchcat"></input>
<form method="POST">
...
<input type="submit" onclick="this.form.action='/search?cat=' + document.getElementById('searchcat').value"></input>
</form>
Maybe this solution will help? Of course the "searchcat" control seems to be a kind of combobox. And onclick handler better to use as JS-function, not inline...
In fact when you click this submit - browser generates all HTTP-headers, collects the request body from your form data and then sends request with url, containing GET variables in itself. This way you'll have both GET and POST data in your search server-side handler.
Even better to change GET variables in action by handling onChange on your controls. But the example is more long and hard-to-read without IDE.