This question already has answers here:
How can I combine two strings together in PHP?
(19 answers)
Closed 7 years ago.
I am making a website that gets information about a bitcoin wallet balance. What I am trying to achieve is for whatever the persons text input is to be sent to the link but sent like "http://link.com/ + input"
I am new to PHP so I am not sure what to do next or what I have done wrong so far.
<?php
echo ' <form action="https://blockchain.info/q/addressbalance/" method="post">
BTC Address: <input type="text" name="address"><br>
<input type="submit" value="Submit">
</form>'
$input = $_POST['post'];
echo $input
?>
Old Answer:
Use string concatenation.
For example:
$link = "http://link.com" . $input;
Update:
It seems like what you actually want to do is to redirect the user based on their input. For this, you should use the header() function.
Here is an example as to how you can use the function for redirection purposes.
header('Location: ' . $link);
die();
Note that this must go at the very top of the page, before any HTML is outputted. (So of course, your code for $link should go before it as well)
As for your <form action="https://blockchain.info/q/addressbalance/" method="post">, you will want to change the action to the current document. This is because $_POST['post'] only receives data after you pressed submit. Changing it to action="" generally defaults to this behavior.
Related
This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 3 years ago.
So I've been trying to program a button that redirects you to another web page for quite some time now, and this is the Best solution I've come up with:
<form action="#" method="post">
<input type="submit" name="submit" value="LLL" />
</form>
<?php
$redirect_after_login='index.php';
if(isset($_POST['submit'])){
echo 'test'; //this was just a test
header('Location: ' . $redirect_after_login);
exit;
}
?>
So basically, what happens is that when I press the button I do not get redirected to the other page, but the echo command does emit test. Any ideas on how I could fix this? (Sorry for any gramar mistakes, english is not my first language, and if this is very obvious, I'm new to php :D)
You are most likely not actually executing the form through PHP. You're being redirected to the anchor # (action="#"), which does not result in a reload/re-request of the page, but only jumping to the top of the page. The action is mandatory to receive and process the forms data.
So try to change your forms action attribute to the filename of the PHP-File or just leave it blank to send the form data to "the same page".
<form action="" method="post">
<input type="submit" name="submit" value="LLL" />
</form>
Also you should do any processing first, and output last. Move the form to the bottom of the file, because header() can't send its headers when something has been output before (your form in this case).
This question already has answers here:
How do I make a redirect in PHP?
(34 answers)
PHP fopen for writing fails
(2 answers)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
So i have a contact form on my website. However when i submit it redirects me from my html page to the PHP page, id like to automatically redirect back. I have tried using HTACCESS but it redirects straight away and the PHP script doesnt run.
HTML FORM
<form action="action.php" method="post" class="contactForm" target="_top">
<input type="name" name="field1" placeholder="Enter your name..."><br>
<input type="email" name="field2" placeholder="Enter your email address..."><br>
<input type="text" name="field3" placeholder="Enter your message..."><br>
<input type="submit" value="Submit" id="button">
</form>
action.php
<?php
$path = 'data.txt';
if (isset($_POST['field1']) && isset($_POST['field2'])&& isset($_POST['field3'])) {
$fh = fopen($path,"a+");
$string = $_POST['field1'].' - '.$_POST['field2'].' - '.$_POST['field3'];
fwrite($fh,$string);
fclose($fh);
}?>
If i am going about this the wrong way please let me know, i am a complete beginner to PHP so i know very little.
Thanks.
header('Location: index.html');
http://php.net/manual/en/function.header.php
You can't output anything before the redirect.
A potentially better way to do this is not to post to the PHP script only to have it redirect back to html, but to post to it through ajax.
There are a few ways to do that. I assume you want to take the values from the Form and process them in PHP.
Using Ajax - With Ajax you can send data from your form to a PHP-Script without reloading the page. So in your case no redirect is needed See here for a small tutorial http://blog.teamtreehouse.com/create-ajax-contact-form
Combine PHP and HTML - You can input all your HTML Code into the PHP File and call the PHP File. See -> https://www.ntchosting.com/encyclopedia/scripting-and-programming/php/php-in/
ob_end_clean( );
header("Location: example.com");
exit();
Allows you to output something before redirecting.
I am needing a GET value to be placed display in a forum option, however I do not know how to do this, as the get value can not have quotes in it. The xxx is where I want to display the get value.
<input type="text" name="test" value="xxx">
This is really basic stuff. Should not be any problems to find by Google.
<input type="text" name="test" value="<?php echo $_GET['your_parameter']; ?>" />
You should escape the GET parameter before echoing it, unlike the other answer. This will prevent someone from injecting extraneous tags into your code.
<?php
$parameter = (isset($_GET["your_parameter"])) ? htmlspecialchars($_GET["your_parameter"]) : '';
?>
<input type="text" name="test" value="<?= $parameter ?>" />
If you have short tags disabled, you'll need to use <?php echo in place of <?=. Many (most?) PHP developers will argue that you shouldn't use short tags at all. I personally never use them because I don't write my templates in PHP.
As Jimmie Johansson mentioned before this is really basic stuff and easy to search for.
Hi <?php echo htmlspecialchars($_POST['name']); ?>.
You are <?php echo (int)$_POST['age']; ?> years old.
Source: http://www.php.net/manual/en/tutorial.forms.php
If you transmit data via a FORM to php there are to ways to transmit the data. The first one ist via GET the other way is via POST.
If you choose GET your information will be stored as URL-Parameters
An associative array of variables passed to the current script via the
URL parameters.
Source: http://www.php.net/manual/en/reserved.variables.get.php
Post instead just sends the data to the PHP-Script so you can use this data like GET but you do not have any URL-Parameters here.
An associative array of variables passed to the current script via the
HTTP POST method.
Source: http://www.php.net/manual/en/reserved.variables.post.php
To choose one of this two Methods you have to edit your HTML-Form
Now that we transmitted the data either with GET or POST we can access them in PHP via the global variables
$_GET
and
$_POST
They are Arrays and you can access specific data with a key which represents the name of the input field or other form constructs. In your example the input fields name is "test" so we would access it like this
<?php $_GET["test"]; ?>
You can use
<?php ... ?>
Wherever you want in your HTML-Code as long it's an PHP File. So if you want to output something via PHP just use the and put you statements between them.
<input type="text" name="test" value="<?php echo $_GET['your_parameter']; ?>" />
Documentation
Arrays:
http://php.net/manual/de/language.types.array.php
Forms:
http://www.php.net/manual/en/tutorial.forms.php
http://www.w3schools.com/php/php_forms.asp
PHP and HTML:
http://www.php.net/manual/en/faq.html.php
POST and GET:
http://php.net/manual/de/reserved.variables.post.php
http://php.net/manual/de/reserved.variables.get.php
Further Reading
Further reading
http://en.wikipedia.org/wiki/Separation_of_presentation_and_content
http://wp.tutsplus.com/tutorials/creative-coding/improving-your-work-flow-separate-your-mark-up-from-your-logic/
http://www.w3schools.com/tags/ref_httpmethods.asp
And the important things at the end. For security you should check what was entered into the input field
http://www.w3schools.com/php/php_form_validation.asp
If you have problems to follow my answer feel free to ask me. Check the links!
This question already has answers here:
HTML Form to post on php page
(3 answers)
Closed 9 years ago.
Sorry if this has been asked before.
But what is the simplest method to post some text to a site and then display it like on a blog. I don't want it to be a blog, just a textarea, where you can type some text and submit. Like so:
<h1>Post</h1>
<form action="post.php" method="POST">
<textarea name="texty" id="texta" cols="30" rows="10"></textarea>
<input type="submit" value="Post!"/>
</form>
Can someone help me with the PHP to transfer that information and post it on the site so that it stays there like a blog. Any help is appreciated.
just :
<?php
if(isset($_POST['texty'])){
echo htmlentities($_POST['texty'])
}
?>
And look Mysql ;)
INSERT INTO...
You can access POST data via $_POST[] see http://php.net/manual/en/reserved.variables.post.php.
To store it permanently you need to use a data store, one would be a database such as MySQL. That's another chapter though and is not in the scope of this question.
i think u can send the form by ajax : $('form').ajaxForm({url: 'respond.php', success:function(data){ $('.blog').append(data)}}) and in respond.php u should insert the input into database like => if(isset($_POST['submit']) and !empty($_POST['texty'])){ $input = mysql_real_escape_string($_POST['text']); $input = htmlentities($input); now u can insert $insert = mysql_query("insert into tablename(input) values('{$input}') "); if($insert){ echo $input ; } i am new in php. so i think this works
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 9 years ago.
I'm currently developing a web interface in PHP/HTML for a Database course project.
Basically, there is an input field :
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
that allows one to search for things in my DB.
Yesterday evening, after uploading my new index.php, I refreshed the page and there was (was I though it was) some sort of Injection because my page was entirely filled with spam ("YO MAMAYO MAMAYO MAMA etc,").
I secured the form using the "htmlspecialchars()" php function. And once again, I just uploaded the new index.php just 10 mins ago and the page was filled with "YO MAMA" right after I refreshed.
Has anyone an idea about that ? And how can I check/secure my page ?
Thanks
EDIT : The code of the form is the following :
<div id="searchbox">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
Query database : <input type="text" id="field" name="query">
<input type="submit" name="submit" value="Search!">
</form>
</div>
and I just secured with :
if(isset($_POST['query']) && !empty($_POST['query'])) {
$param = htmlspecialchars($_POST['query'], ENT_QUOTES);
...
The inputs I can give are anything, the goal is to search for people or events or etc.
I only have a database class file which I include in my index.php
EDIT2 :
Sql query is the following :
SELECT p.idParticipant As id, a.name AS name, c.countryName AS country,
count(g.idGame) AS countGames
FROM Athlete a, Country c, Game g, Participant p, Event e
WHERE a.idAthlete = p.fkAthlete
AND p.fkCountry = c.idCountry
AND p.fkGame = g.idGame
AND g.idGame = e.fkGame
AND a.name LIKE '%$param%'
GROUP BY a.name
ORDER BY a.name;
In addition to use real_escape_string function (with mysqli or PDO), I would change FTP password AND database user and password.
Whitelist you input let say if only string is allowed use is_string() to verify it.
Use PDO and parameterized queries. Stop creating queries by concatenating input.
And stop using the mysql_* set of functions. Right now. Every time you type it in a php source file, $deity kills a kitten. Stop this slaughter please.