So I have a html table containing data retrieved from the database. In each row, there is an "edit" button. It looks like this:
<td><form action="controller/edit" method="post">
<input type="hidden" name="id" value="<?php echo $id ?>">
<input type="submit" value="edit">
</form></td>
Then in the controller/edit page I will access the database again:
select * from table where id=$_POST['id']
This is all fine. However I am thinnking of avoiding the second access to the database to improve performance. I am trying to do something like this:
<td><form action="controller/edit" method="post">
<input type="hidden" name="id" value="<?php echo $id ?>">
<input type="hidden" name="name" value="<?php echo $name ?>">
<input type="hidden" name="amount" value="<?php echo $amount ?>">
<input type="submit" value="edit">
</form></td>
This way all the data from the row is in the form, so when the form submits to controller/edit I don't need to access the database again. Is this approach fine? Or Is this bad practice?
The second one you've mentioned does seem like a shortcut, but it can be vulnerable.
Hidden fields can easily be tampered. For example, a user can manipulate the value of the hidden field and change the value to a random number like 975646456456456.
In that case, your database will have an incorrect insertion since there probably wouldn't be a matching record corresponding to id 975646456456456.
So, I think you should go with the first one and check your database if the id exists, and fetch its records.
Try to submit using jquery.button. For example submit form:
submitform(){
jQuery('form id').attr('action','url'+'?id= "id from db");
jQuery('form id').submit();
}
Related
I'm currently working on at the displaying of information from a database. I was making a summary site where you can only see the important things of a table. After that i made the first element as an <input type="submit"> in a <form>, so u can click it and come to the detail site. My problem is now: The value of this input type has to be my ID, so i can query correctly on me detail site. I was wondering if it is possible to use something like a placeholder, so that the ID is the value, but on the input type is written other text.
My input:
<form method="post" action="Details.php">
<input type="submit" placeholder = "test" name="Overview" onclick="parent.location='Details.php'" value="<?php echo $data[$i1]; ?>">
</form>
How it currently looks
I want it that the input type still has the same value, but is displaying on the website something else like "test".
Greetings!
No, but buttons can have different values and labels.
<button name="foo" value="bar">baz</button>
Since you are using a form-tag per row, you can add a hidden input-field in the form and set the value of the submit-button to whatever you like.
<form method="post" action="Details.php">
<input type="hidden" name="id" value="<?php echo $data[$i1]; ?>" />
<input type="submit" name="Overview" value="test" />
</form>
I have a form located at a url containing get parameters,my form is also using this method.When the form is submitted it rewrites the previos get parameters.
Is there a simple way to rewrite only my form parameters?
I have in mind a Javascript solution ,however I want to know if there is a simpler way?Using HTML/PHP perhaps?
As far as I know, u u are not interested in using JS, then using form's hidden element is only way u have like this-
<form action="demo_form.asp">
First name: <input type="text" name="fname"><br>
<input type="hidden" name="country" value="Norway">
<input type="submit" value="Submit">
</form>
<p>Notice that the hidden field above is not shown to a user.</p>
The question is how u can use it with PHP, right?
The solution is here-
//In PHP
if( isset($_GET['fromPerson']) )
{
echo $fromPerson;
}
So combined HTML and PHP code will be like this (assuming a get element from prevous page is named fromPerson)-
<form action="demo_form.asp">
First name: <input type="text" name="fname"><br>
<?php
if( isset($_GET['fromPerson']) )
{
echo '<input type="hidden" name="country" value=".$_POST['fromPerson'].">';
}
?>
<input type="submit" value="Submit">
</form>
Lets say you get a parameter p1 from a get request, it should look like this:
http://server.com/?p1=123
In your form, you can add hidden fields that would have the same effect when you submit, like this:
<form method="GET">
<input type="hidden" value="<?php echo $_GET["p1"]; ?>" name="p1">
</form>
That way you can resend the variables as many times as you need.
I'm not sure I understand your question... Can you post your code?
I assume you mean something like this?
in index.php
<input type="hidden" name="id" value="<?php echo $id; ?>" />
in return.php
Edit
I just want to call the id value of one page in another page, but it has not been working for me for a long time. I have given the id value to the form as "addedcart" and called in php code but it is not displaying any cart value. Is it correct to call an id like this? Because I don't know perfectly about php. The form which I want to be called is given below:
<?php
$addedcart = $_POST['addedcart'];
$formcontent="Items in cart: $addedcart";
mail($recipient,$subject,$formcantent,$headers) or die("Error!");
?>
<form action="" method="post" class="last" id="addedcart">
<fieldset>
<input type="hidden" name="business" value="info#domain.com" />
<input type="hidden" name="cmd" value="_cart" />
<input type="hidden" name="display" value="1" />
<input type="image" name="submit" src="images/cart.png" class="button"/>
</fieldset>
</form>
From the limited information we have, I can see two possible solutions:
Solution 1: $_SESSION variable
Start your PHP code with session_start(); and make $_SESSION['addedcart'] equal to what you want. This will carry over to any page that uses session_start(); and can't be changed by the end-user.
Solution 2: Hidden Form Input
Add the following to the form:
<input type="hidden" name="addedcart" value="<?php echo $addedcart ?>" />
The downside of this method is that a user can change these values in the Developer tools in Chrome/Firefox.
I would like to update the choice of poll to update every time that I've submitted.
but It seemed not working. Can anyone advice me about keeping state with hidden field?
and how to clear all the content in current page to display the poll result table?
<?php
if ($_POST['choice']==0)
$a_count = $_POST['a_count']+1;
if ($_POST['choice']==1)
$b_count = $_POST['b_count']+1;
if ($_POST['choice']==2)
$c_count = $_POST['c_count']+1;
if ($_POST['choice']==3)
$d_count = $_POST['d_count']+1;
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="POST">
<table align="center">
<tr><td>Please select</td></tr>
<tr><td><input type="radio" name="choice" value="0">aaaa</td></tr>
<input type="hidden" name="a_count" value="<?php print $a_count ?>">
<tr><td><input type="radio" name="choice" value="1">bbbb</td></tr>
<input type="hidden" name="b_count" value="<?php print $b_count ?>">
<tr><td><input type="radio" name="choice" value="2">cccc</td></tr>
<input type="hidden" name="c_count" value="<?php print $c_count ?>">
<tr><td><input type="radio" name="choice" value="3">dddd</td></tr>
<input type="hidden" name="d_count" value="<?php print $d_count ?>">
<tr><td><input type="submit" value="submit"></td></tr>
</table>
<table align="center" border="1" cellspacing="0">
<tr align="center"><th>Member Name</th><th>Vote</th></tr>
<tr><td>aaaa</td><td><?php echo"$a_count";?></td></tr>
<tr><td>bbbb</td><td><?php echo"$b_count";?></td></tr>
<tr><td>cccc</td><td><?php echo"$c_count";?></td></tr>
<tr><td>dddd</td><td><?php echo"$d_count";?></td></tr>
</table>
</form>
</body>
</html>
The code you submitted looks like it should keep the user's selection/state during their active session (as long as they do not leave that page) - but as soon as they leave it's lost. Also, their "vote" cannot be shared between any other users.
To keep the user's state, explore the use of PHP sessions or storing results in a file/database.
To share the user's vote(s) with other users, explore the use of files or a database.
To show the results table without the form, after the user has "cast their vote", you can do one of two things. You could put an if-statement around the form to check if an answer has already been selected - if so, don't display the form. The other way would be to have the results-table on a separate page that doesn't have the form (just have the form POST to the separate page, or have the page with the form redirect to the separate page).
why not use the database to store values?? And you can put the table that you are using for the input in an if condition so that it does not render when the form is submitted. Hope this helps!
I have been using SESSION Variables to enter data with loginName as way to retrieve only records that contain that Users loginName. How do I create a form that can search using this parameter and bring up all the records that the user created.
This is what I use to input the SESSION variable into the record.
<input type="hidden" name="loginName" id="loginName" value= "<?php echo $_SESSION['MM_loginName']; ?>" />
Here is the form that I was trying to use:
<form action="memberresults.php" method="post" name="form5" target="_self" id="form5">
<input type="hidden" name="loginName" id="loginName" value= "<?php echo $_SESSION['MM_loginName']; ?>" />
<input type="submit" name="form5" id="form5" value="Submit" />
</form>
Any Ideas?
Michael
Presumably you have control over the page memberresults.php? Then you don't need to post any hidden fields, since the session variable will be available right on that page.
$query = 'SELECT * FROM table WHERE user_id = ' . $_SESSION['MM_loginName'];
Of course with the usual validation and SQL injection prevention and so on...