I have read a value from a form as input form the user. the form is POST.
<form action="form_handler.php" method="POST">
Then, in the form_handler.php page I saved this value in a variable. $productID=$_POST['product'];
Then, I want to pass this variable via link to another page as:
echo "<a href='products.php?prodID=".$productID."' title='Products
Page' class='whatEver'>click here for product details</a>";
When I click the link, I see the value in the link. But, inside the page products.php I want to make MySQL query for the product details as:
$sql = "SELECT * FROM products WHERE prodID = '$productID'";
I get 0 results. I also tried to echo the $productID value and it seems empty and not the value that I saw in the URL.
What is my mistake please? How can I make the database query to fetch the product details based on the productID variable I passed in the link?
NOTE: I am trying to make a demo for MySQL injection vulnerability. Please, ignore security issues here.
You can not get like that the productID .. You have to put `$productID = $_GET['prodID']; ' the you can use that variable with sql query .
When you sent variables in a link followed by ?var=value
You need to get it with something like
$variable = $_GET['var'];
In your case your products.php
should have $prodid = $_GET['prodID'];
echo "<a href='products.php?prodID=".$productID."' title='Products
Page' class='whatEver'>click here for product details</a>";
Looks to me like you are passing it into products.php as prodID.
Could you try using:
$sql = "SELECT * FROM products WHERE prodID = '$prodID'";
Instead?
Just like before when you used $productID=$_POST['product'];,
you need to do the same thing to use a variable in products.php, except instead of a post variable, it's a get variable (because it's in the url). Use $productID=$_GET["productID"]
Related
TL:DR - I need to pass an anchor tag value to another php page and looking for alternatives to SESSION / COOKIES. Going for forms with POST/GET is discouraged as I would like to avoid having to submit.
Detailed description:
I have a php page which lists a mysqli result set in list form as per the following:
ID fname surname
12 John Doe
13 Carl Brown
Now I would like to have the ID field as a link, which I can achieve using an an HTML anchor tag. Once clicked I would like to redirect to another page and pass the clicked ID (e.g. 12 or 13) for further use.
I know this is achievable through cookies or sessions, but I wanted to check if perhaps there's another way of doing this. Also I would like to avoid forms in order to avoid having to 'submit' the actual form. I'd like to keep the experience as a click and redirect.
To give some context here is my php code:
<?php
include 'functions.php';
session_start(); //Fetches session already initialized in other pages.
$page_fund=new page_fundementals; //simply gets menu items
$conn = new consultant_ops; //executes a mysqli query to get the results used further below
$result=$conn->listPatients($_SESSION['user_id']); //passes the $_SESSION['user_id'] to a listPatients method in order to get the mysqli resultset
foreach($result as $row){
$i=0;
${'p_id'.$i}=$row['p_id'];
${'p_fname'.$i}=$row['p_fname'];
${'p_surname'.$i}=$row['p_surname'];
echo ${'p_id'.$i}." ".${'p_fname'.$i}."<br />";
$i++;
}
?>
have an anchor tag like this
<a href="sample.php?id=<?= $user->id ?>">
<?= $user->name ?>
</a>
then maybe in your sample.php
<?php
if(isset($_GET['id']) {
$user_id = $_GET['id'];
/* your code here to get user from database, maybe
SELECT * FROM users WHERE id = $user_id something like that
then format afterwards */
}
?>
maybe something like that
Why not pass variable in a GET request?
echo "<a href='page.php?pid=".$row['p_id']."'>redirect</a>";
which you can access on the target page.php
$pid = $_GET['pid'];
In anchor tag you can specify query params for eg
12
In this case, when a user clicks on 12 he will be redirected to todo.php?id=12.
In todo.php you can fetch $_GET['id'] and work accordingly.
I have a anchor tag and I would like it to pass GET data into the URL so I can access that data from a php script.
Here is an example
<a href="template.php" GET="product1"/>
<a href="template.php" GET="product2"/>
The above code does not work so I imagine that is not how it is done.
What I am trying to do is pass the GET data to template.php so it can display things depending on what the user clicks and what get data is sent.
Just create a querystring with a key that has meaning to you (I chose "item") and assign it the product key as the value:
Product 1
Now when a user clicks on that link you will have a $_GET variable of product1:
$item = $_GET['item']; // product1
Like this:
product1
I have been trying for most of the afternoon to do what I thought was a simple task. I am trying to redirect to different Joomla pages using a select list form.
I have created a select table with the suffix values of each item being a url.
From there I am using the statement
<form action="redirect.php<?php echo $_GET['page_url']?>" method="get">
to create a link that looks like this:
http://www.onlinelotto365.com/tools/jump.php?page_url=el-gordo-spain-cold-numbers
My redirect.php file looks like this:
<?php
$suffix = var($_GET['url_suffix']);
header('Location: http://www.onlinelotto365.com/' . $suffix);
?>
All I want to happen is for the page "http://www.onlinelotto365.com/el-gordo-spain-cold-numbers" to appear on the screen. Why am I making this so difficult? Can somebody please help.
please start from deleting depreciated var which is not a function btw
try:
<?php
$suffix = $_GET['page_url'];
header('Location: http://www.onlinelotto365.com/' . $suffix);
?>
var was used in php4 read more here What does PHP keyword 'var' do?
remember to get the parameter you set in URL that is page_url not url_suffix
I'm trying to get a session variable to be set when clicking on a link.
The value of the variable is generated out of a DB using PHP. I've tried everything, but noting seems to work.
There is a foreach-loop that displays usernames. Each username is a link to a second page. The username that is clicked on should become the session variable.
The code that loops looks like this:
echo "<a href= 'nominate.php'> ".$myotherusers['username']. "</a><br/>";
goal being that when clicked on the link this code is executed:
$_SESSION['varname'] = $myotherusers['username'];
I just can't seem to be able to figure out how...
thanks!
You could do something like this:
echo "".$myotherusers['username']."<br />";
and then in your action:
$_SESSION['varname'] = $_GET['user'];
.a little help guys..
I have an index.php page which contains tags which when clicked opens up picture.php.
.my picture.php is a page that retrieves images from a certain database depending on what is the idno.
.what i want to do is to add an "idno" attribute on my anchor tag that when the user clicks a certain tag the index.php sends the idno to my picture.php so that the picture.php knows what image to fetch from the database. help pls!
So for your anchor tag, could you do something like this?
<?php
$url = "pictures.php?idno=" . idno;
echo "Click Me";
?>
Now in your pictures.php file, you can read the ID like this:
$idno = $_GET['idno'];
The only thing to watch out for is to make sure you sanitize that input, before you pass it off to a database query so you aren't vulnerable to a SQL injection attack.
You can send the parameter to picture.php via GET
Blah!
You could use GET to pass idno to pictures.php
so your link would look like this:
<a href='/picture.php?idno=12345678'>My Picture Tag</a>
In your picture.php:
$idno = $_GET['idno'];
Make sure you sterilize $idno before using it in a MySQL query. If idno is a number, then you can also check if it's an integer:
$isInt = is_int($idno);
Picture # <?php echo $idno ?>
Figuring out how to set $idno is left as an exercise to the OP.