In a code below I want to pass variable $user_id to next page using post method suppose my next page is followers.php . The whole code is link itself i want to put post method in it so that on clicking the link, variable is also passed to follower.php . Don't want to use sessions.
<a href='follower.php' style='text-decoration:none;'>
<h2>Followers</h2>
<?php
$checkfollowers = "SELECT * FROM follow_user WHERE user_id='$user_id'";
$resultfollowers = mysqli_query($con,$checkfollowers);
echo mysqli_num_rows($resultfollowers );
?></a>
I guess code for post method is correct:
<form method="get" action="follower.php">
<input type="hidden" name="varname" value="user_id">
<input type="submit">
</form>
So how to put this post method inside the other code so on clicking, follower.php is opened and variable is also passed to this page.
You are using GET method. Change it to
<form method="POST" action="follower.php">
<input type="hidden" name="user_id" value="user_id">
<input type="submit">
</form>
Also change the name to user_id of the hidden field. Now receive as
<?php
$user_id = $_POST['user_id'];
$checkfollowers = "SELECT * FROM follow_user WHERE user_id='$user_id'";
$resultfollowers = mysqli_query($con,$checkfollowers);
echo mysqli_num_rows($resultfollowers );
?>
Note: Above query is vulnerable to SQLI. Better to use Prepared statements.
You are talking about post method but in your code you are using the method GET. You might want to consider to change this into POST. This way the stuff filled out in the form will not enter the URL. (bit more secure). After this you could call the global variable $_POST['user_id']
A link cannot POST data, only GET.
use:
<a href='follower.php?user_id=1' style='text-decoration:none;'>
and in follower.php file:
$user_id = $_GET['user_id'];
Related
Good morning to you all,
I would like to transfer to my target page an id that I have upstream recovered with GET, in the sending form with a php parameter,
<?php $idEleve = $_GET['id']; ?>
<form method="POST" action="addNotes.php?id=$idEleve">
I’m not sure it’s okay, please help me
There are two options.
1) You can transfer it as a GET parameter to the next page in your form action attribute:
<form method="POST" action="addNotes.php?id=" . <?= $idEleve ?>
Then receive it the same way:
$idEleve = $_GET['id'];
2) Use a hidden input field
<input type="hidden" name="id" value="<?= $idEleve ?>">
In that case it will be a part of your $_POST array:
$_POST['id']
I have a value coming from another form in the same page called $_POST['serial']. And i want to use this value to run a query in another form but after I submit the second form nothing happened and the query not running.
<?php
if (isset($_POST['serial'])) {
$serial = $_POST['serial'];
?>
<form action="" method="post">
<button type="submit" name="submit">Click to use</button>
</form>
<?php
if (isset($_POST['submit'])) {
$query = mysql_query("UPDATE table_name SET status = 'inactive' WHERE serial = '$serial'");
}
}
?>
To pass the variable along you would create a hidden input on your second form to contain the value:
<?php
// check and clean up the passed variable
$serial = isset($_POST['serial']) ? htmlspecialchars($_POST['serial']) : '';
?>
<form action="" method="post">
<input type="hidden" name="serial" value="<?php echo $serial; ?>" />
<button type="submit" name="submit">Click to use</button>
</form>
For Safety's Sake
Your script is at risk for SQL Injection Attacks.
If you can, you should stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really not hard.
Additional Thoughts
If you're planning to do a two-step form you'll likely want to place all of the data processing outside of the form page, in a separate PHP file. With the limited code that you have shown I fear that we will miss something in our answers which will lead you to additional questions because your code still isn't working as you would expect.
A button needs a name and a value to be successful. Your button doesn't have a value so $_POST['submit'] will be undefined.
Add a value attribute to your <button> element.
After you do that, $serial will be undefined because your form doesn't submit that.
You need to include it in your form too:
<input type="hidden" name="serial" value="<?php echo htmlspecialchars($serial); ?>">
I've a html form for get Id from visitor
<form action="show.php" method="post">
<p>Your id: <input type="text" name="id" /></p>
<p><input type="submit" /></p>
</form>
and the php file for act this .
<?php
$id = ((int)$_GET["id"]);
$con=mysql_connect('localhost','user','pass');
mysql_select_db('dbname',$con);
$query="SELECT * FROM `users` WHERE id = '$id'";
$select=mysql_query($query);
while($row=mysql_fetch_array($select)){
echo $row['name'];
}
mysql_close($con);
?>
but it's not working , can't read id , pelase help me for resolve this issue
Thank you
You are submitting data via POST.
Thats defined by the attribute "method" within your form tag:
<form action="show.php" method="post">
So data will not be stored in $_GET but in $_POST.
So to access the ID use $_POST['id'] not $_GET['id']
As you have used form method "post", id variable will be available in the global $_POST array so use:
<?php
$id = ((int)$_POST["id"]);
....
Use POST intead of Get because use set post method for form.
$id = ((int)$_POST["id"]);
Your form is submitting data via POST so you have to accept it via POST method
<?php
$id = $_POST['id'];
?>
otherwise change the method to GET and write it like this
$id = ((int)$_GET["id"]);
i have a page where i am getting the ques id and insert it in the database for that i am doing
url: */faq/faq_question_sol.php?ques= 62*
this ( $selected_ques= ($_GET['ques']); ) is working properly in the *faq_question_sol.php* but the *answer_submit_process.php* does not recognize it
my form
<form id="post-form" class="post-form" method="POST" action="answer_submit_process.php">
<input id="submit-button" type="submit" tabindex="120" name="submitbutton" value="Post Your Answer" />
</form>
and the *answer_submit_process.php* is
if(isset($_POST['submitbutton'])){
$userid = $_SESSION['userid']; // i have already started the session
$selected_ques= ($_GET['ques']);
$content = $_POST["content"] ;
$query="INSERT INTO `formanswer`( `user_id`,`questionid`,`content` ) VALUES ('{$userid}','{$selected_ques}','{$my_html}' ) ";
$result=mysql_query($query);
}
Quickest solution would be saving the value of $_GET['ques'] on a hidden field of the form and thus make it accessible in answer_submit_process.php.
Something like this:
if (isset($_GET['ques'])){
echo '<input type="hidden" name="ques" value="'.$_GET['ques'].'">';
}
And in answer_submit_process page the value could easily accessed by $_POST['ques']..
If you are sending via a form POST, then the variable from which you can get data is $_POST instead of $_GET.
Anyway, i wasn´t able to find any field relating to the ques variable on your form, where are they?
Add <input type="hidden" name="ques" value="<?php echo $_GET['ques'] ?>"/> to your form to temporarily store the variable, and then use the variable $_POST['ques'] in place of $_GET['ques'] in the processing page.
Alternatively, you could change the form action to answer_submit_process.php?ques=<?php echo $_GET['ques']; ?>.
I'm attempting to create a link for users to click that will remove them from a list. I'm trying to figure out how to do this without using a submit button and without using $_GET(if possible).
Anyway, I'm afraid to do it with $_GET (the way I have it now), because the user can type this in the URL (even though 99% wouldn't know how or think to do this) and they would be removed from the list.
How can I name the link so I can use $_POST?
$attendingUsers = mysql_query("Select acceptedInvites from events where eventID = ".mysql_real_escape_string($_GET['eventID'])." ");
$users= mysql_fetch_array($attendingUsers);
$user = $users['acceptedInvites'];
if(preg_match("/$userid/", $user)){
echo "You are attending this event</br>";
echo 'Click here to remove yourself from the list';
if($_GET['delete']=1){
$sql=...
}
}
Is it possible to do this without using $_GET? Thanks!
Never delete via a link. Read The Spider of Doom
Best way is to link to a "delete" page with an "are you sure" form. Submitting the form (via POST) performs the delete and redirects back to a suitable results page.
For example
Click here
to remove yourself from the list
Then, in remove.php
<?php
// get Event details via $_GET['eventID']
if (isset($_POST['confirm'])) {
// delete via SQL
// redirect
header('Location: http://example.com/events.php');
exit;
}
// display event details
?>
<form method="post" action="remove.php?eventID=<?php echo $eventId ?>">
<p>Are you sure?</p>
<input type="submit" name="confirm" value="Remove me from this event">
</form>
You should probably also look into CSRF protection but that's really outside the scope of this question.
Your are required to use either $_GET or $_POST
<form action="delete.php" method="post">
<input type="hidden" name="eventId" value="yourEventId" />
<a href="#" onclick="this.form.submit();" > Delete</a>
</form>
If I have my JavaScript right, this should do the trick:
Delete
<form id="delete" action="delete.php" method="post">
...
</form>
The link will then submit the form.
You could use some kind of encoding to make the get var unreadable, like an md5 or even an encrypted string.