POSTing variable with an array within it

POSTing variable with an array within it - php

As the title says
$champion = array();
for($i=1;$i<=$champ_number; $i++){
$champion[$i] = $_POST['champno'.$i];
}
echo '<input type="hidden" name="champion[]" value="'.$champion.'">';
What's the simplest least secure way to POST this variable $champion through POST is?

try to follow this simple format:
E.g. : FORM
<form method="post" action="submit.php">
<?php
$champion=array('hiii','helloooo');
echo '<input type="hidden" name="champion" value="'.htmlspecialchars(json_encode($champion)).'">';
?>
<input type="submit" value="sub">
</form>
your submit.php :
<?php
$champions = json_decode($_POST['champion'], true);
echo $champions[1];// out put helloooo
?>

If you really want to post the entire array, then: serializing your array. http://php.net/manual/de/function.serialize.php
...
$championSerialized = serialize( $champion );
echo '<input type="hidden" name="champion" value="' . $championSerialized . '">';
Retrieving the data is just using $championPost = deserialize( $_POST[ 'champion' ] );

Related

How to call a function in controller from view for input type = number

I have a submit button for input type = "number", when I change value of input tag, subtotal will be change:
<form action="<?php echo base_url('cart/update') ?>" method="post">
<input type="number" name="qty_<?php echo $row['id'] ?>" value="<?php echo $row['qty']; ?>"/>
<button type="submit">Update</button>
Total: <?php echo number_format($row['subtotal']); ?>
</form>
In Cart controller, this function update qty and change value of $row['subtotal']:
function update(){
$carts = $this->cart->contents();
foreach ($carts as $key => $row){
$total_qty = $this->input->post('qty_'.$row['id']);
$data = array();
$data['rowid'] = $key;
$data['qty'] = $total_qty;
$this->cart->update($data);
}
redirect(base_url('cart'));
}
Then, I want to use a onchange event, but I dont have idea. How to call update function?
I try this:
<input type="number" name="qty_<?php echo $row['id'] ?>" value="<?php echo $row['qty']; ?>" onchange=<?php echo base_url('cart/update')?>/>
Of course, it doesn't work.
Please help.
Thanks.

The onchange attribute executes javascript, so you can't just provide it a URL. You should be able to submit the form via: onchange="this.form.submit()"

Passing an array to another page (Form)

I have the following array and form on page1.php:
$my_array = array("Volvo", "BMW", "Toyota");
echo " <form id=\"my_form\" action=\"page2.php\" method=\"post\" enctype=\"multipart/form-data\">
<input type=\"hidden\" name=\"id\" value=\"10\">
<input type=\"hidden\" name=\"input_name\" value=\"".serialize($my_array)."\" />
Send </form>";
On the page2.php I want to print_r the array:
$id = $_POST['id'];
$passed_array = unserialize($_POST['input_name']);
print_r($passed_array);
Why I can't receive my_array on page2? I can't see the mistake I made!
PS: I received id on page2.

i'm glad #ksealey pointed out a more proper method of doing this, but for the sake of answering the question...the reason it's not working is that the serialize alone is not enough to prevent the invalid html. see result of what the serialize leaves in the html:
so you need to be sure the html you produce is valid. you might use encoding like base64 to produce safe html:
echo " <form id=\"my_form\" action=\"\" method=\"post\"";
echo "enctype=\"multipart/form-data\">";
echo "<input type=\"hidden\" name=\"id\" value=\"10\">";
echo "<input type=\"hidden\" name=\"input_name\" ";
echo "value=\"".base64_encode(serialize($my_array))."\" />";
then you can just add the decode to your output:
$passed_array = unserialize(base64_decode($_POST['input_name']));
print_r($passed_array);

If there is data to be passed from page to page use a session
<?php
//Page 1
session_start();
$value = 'Value from page 1';
$_SESSION['page_1_value'] = $value;
?>
<?php
//Page 2
session_start();
echo 'Value from page 1: '.$_SESSION['page_1_value'];
$_SESSION = array(); //If you want to wipe the session data after
OR, pass as value params that get cleaned, JSON object maybe?
<form id="my_form" action="page2.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="id" value="10">
<input type="hidden" name="input_name" value="<?php echo json_encode($my_array); ?>" />
<a href="javascript:{}" onclick="document.getElementById('my_form').submit(); return false;">Send</a
</form>
<?php
//Page 2
$object = json_decode(strip_tags(stripslashes($_POST['input_name'])));
var_dump($object);
I will say the first answer is safer.

This is the HTML that your first page is generating:
<input type="hidden" name="input_name" value="a:3:{i:0;s:5:" volvo";i:1;s:3:"bmw";i:2;s:6:"toyota";}"="">
One easy solution would be to replace your double quotes in
value=\"".serialize($my_array)."\"
with single quotes as so:
value='" . serialize($my_array) . "'
or you can escape the quotes in your serialized array as so:
value=\"". htmlspecialchars(serialize($my_array))."\"

I will just add my 2 cents in here :)
You may want to use a framework of some sort as this will ease the job for you a lot with situations like this (or similar). For example with Codeigniter framework you could have a form (view) that sends data to controller and in controller you could just grab the whole array as so:
$data = $this->input->post('array');
$data[0] should == 'Volvo'
So view:
<?php $my_array = array("Volvo", "BMW", "Toyota"); ?>
<form id="my_form" action="<?php echo site_url(controller_name/controller_function)" method="post" enctype="multipart/form-data">
<input type="hidden" name="id" value="10">
<input type="hidden" name="input_name" value="".serialize($my_array)."" />
Controller:
public function foo() {
$data = $this->input->post('array');
for($i=0; $i<sizeof($data); $i++) {
echo $data[$i];
}
}

PHP recover data from Post

I have inside loop some fields for send inside form with other fields :
<?php
for($f=1;$f<=3;$f++)
{
?>
<input type="text" name="friend['email_<?php echo $f;?>']" value="<?php echo $_POST['friend']['email_'.$f.''];?>">
<?php
}
?>
When i send from form i need get the value of each field if no empty , i think the problem it´s in no recover the value send from the form , i don´t know if i writte right
Ony it´s that problem , thank´s , the best regards

I think the problem here is that you have single quotes around email_<?php echo $f; ?> - in POST data, these are not needed. So, you would have:
<form action="myPage.php" method="POST">
<?php for ($f=1;$f<=3;$f++) { ?>
<input type="text" name="friend[email_<?php echo $f; ?>]" value="<?php echo ... ?>">
<?php } ?>
<input type="submit">
</form>
PHP will parse POST data into associative arrays, so you will get back a 'friend' object in $_POST. You can access this like so:
<?php
$friends = isset($_POST['friend']) ? $_POST['friend'] : array();
print_r($friends);
?>

I'm not sure if i'm getting it right. You must send your form data in order to manipulate it. For example if you want to print all the form data:
Client Side:
<form action="boo.php" method="POST">
<input type="text" name="name">
<input type="text" name="age">
<input type="submit">
</form>
Server Side:
<?php
$name = "";
$age = "";
if( isset($_POST['name']) && isset($_POST['age']) )
{
$name = htmlspecialchars($_POST['name']);
$age = htmlspecialchars($_POST['age']);
}
echo 'Your name is ' . $name . ' and your age is ' . $age;
?>
If you are trying to retain the values even after invalid input you can just echo the input in value attribute of the input field.

PHP self-form variable?

I was wondering if it is possible to use a variable from a form as its own URL... its hard to explain in my opinion, heres an example:
matchmaking.php:
$search_summoner = $_POST['search_summoner'];
echo '<form method="post" action="matchmaking.php?search=' . $search_summoner . '">';
echo '<input type="text" name="search_summoner">';
echo '<input type="submit">';
echo '</form>';
As you can see the action sends it back to matchmaking.php but with a variable from the form which was just submitted. The code above, which I have tried, didn't seem to work; So I wondered if anyone else had any ideas on how to do this...
Thanks for the help in advance

using jquery you could set the action parameter like this (add an ID "search" to the form)
$('input[name="search_summoner"]').on('keyup'function(){
$('form#search').attr('action','matchmaking.php?search='+$(this).val());
});
So, while typing, the action parameter will be extended by every character of the typed search string.

Try this;
<?php
if(isset($_POST['search_summoner']) && $_POST['search_summoner'] != '')
{
$search_summoner = $_POST['search_summoner'];
}
else
{
$search_summoner = "";
}
echo $search_summoner; // This displays your Query
?>
<html>
<body>
<form method="post" action=<?php echo $_SERVER['PHP_SELF']; ?>>
<input type="text" name="search_summoner">
<input type="submit">
</form>
</body>
</html>

If I understand you right, I think you want to do something like this:
$search_summoner = $_POST['search_summoner'];
echo '<form method="post" action="matchmaking.php">';
echo '<input type="hidden" name="search" value="'.$search_summoner.'"/>';
echo '<input type="text" name="search_summoner">';
echo '<input type="submit">';
echo '</form>';

How to know the number of input tags in a submitted form?

I've coding for adding input elements in a form when a button outside the form is clicked.
<?php
$i=0;
$maxid = isset($_POST['max_id'])?$_POST['max_id']+1:0;
print '<form action="search.php" method="post" ><input type="hidden" name="max_id" value="' . $maxid . '" /><input name="ad_field_button" type="submit" value="Add Field" /></form>';
print '<form action="results1.php" method="post" >';
print '<table border="0">';
for($i=0;$i<=$maxid;$i++)
{
// code for adding input elements;
}
print '</table>';
print '<input name="ad_s_button" type="submit" value="Search" />';
print '</form></p>';
?>
I want to know the number of input element in the submitted form when button ad_s_button is clicked. Or how can I pass the 'max_id' value to the next page when ad_s_button is clicked. Any suggestions?

How about:
print '<input type="hidden" name="Inputelements" value="'.$maxid.'">';
so you have a hidden field with the value u want

Or how can I pass the 'max_id' value to the next page when ad_s_button
is clicked.
You could use a hidden field in your form and store the max_id there.
<input type="hidden" name="max_id" value="<?php echo $maxid; ?>">

$_POST contanis all the submitted elements.
In your case count($_POST)-1 will give you the count of the input elements. -1 becuase there is a button(submit buttom) will also be there in $_POST

You can also post array. For example:
<input type='text' name='request[name]' />
<input type='text' name='request[surname]' />
<input type='text' name='request[city]' />
And php part:
$request = $_POST['request'];
echo '<pre>'
echo var_dump($request);
echo '</pre>'
will produce
array(3){
'name' => 'abc',
'surname' => 'bcd',
'city' => 'Somewhere'
}
you can then process form data easily, and also count input fields easily, using count($request);

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

POSTing variable with an array within it - php

As the title says $champion = array(); for($i=1;$i<=$champ_number; $i++){ $champion[$i] = $_POST['champno'.$i]; } echo '<input type="hidden" name="champion[]" value="'.$champion.'">'; What's the simplest least secure way to POST this variable $champion through POST is?

Related

How to call a function in controller from view for input type = number

Passing an array to another page (Form)

PHP recover data from Post

PHP self-form variable?

How to know the number of input tags in a submitted form?

Categories

Resources