I have a hyperlink as shown:
<div style="clear:both"> <a color="grey" accesskey=""style="float: right" href="newbattle.php? userid= <?php echo $id0; ?>"> [<font color="grey">Attack</font>]</a><br></div> <br>
Is it possible, using only only php, to carry POST data? I want to put this
<input type="hidden" name="test" value="<?php echo $number;?>
So I can $_POST['test'] on the other page and get the $number. I can switch over to normal form but I really like what I have
No, that's not possible. If you want to submit a POST request, you should go through a <form> and submit it.
You cannot post through a hyperlink, unless you use JavaScript to capture the click event and simulate a click on a submit button.
But a better approach, I think, would be to make an actual submit button. With a bit of CSS you can style that button to look as if it was a hyperlink. That way, if the CSS fails, you've still got a working button, while if a JavaScript issue would occur, you have a disfunctional link with unexpected behaviour.
input[type=submit] {
display: inline;
border: none;
background-color: transparent;
color: blue;
cursor: pointer;
}
input[type=submit]:hover {
text-decoration: underline;
}
<form action="otherpage.php" method="POST">
<input type="hidden" name="test" value="<?php echo $number;?>">
<input type="submit" value = "Look, I'm a link!">
</form>
A link redirects user to another page, it's purpose is not for get/post requests.
If you want to send a post request on a click, you can do it with a submit button inside form. For example,
<form action="another_page.php" method="POST">
<input type="hidden" name="test" value="<?php echo $number;?>
<input type="submit" />
</form>
Style the button like a hyperlink and it will send a post request as expected.
You can do that using a form.
When the user clicks the link, the form is submitted with the "test" variable and the "userid" variable.
Here's the code:
<form method="post" action="newbattle.php" id="myForm">
<div style="clear:both">
<a color="grey" accesskey="" style="float:right;" href="" onclick="javascript:document.myForm.submit(); return false;">[<font color="grey">Attack</font>]</a>
<br/>
</div>
<br/>
<input type="hidden" name="userid" value="<?php echo $id0; ?>" />
<input type="hidden" name="test" value="<?php echo $number; ?>" />
</form>
For my specific problem, here's what I ended up doing.
href="newbattle.php?userid= <?php echo $id0; ?>&num=<?php echo $number; ?>"
I added the $number on to the hyperlink and then retrieved it with $_GET on the next page
If you want to access test value by $_POST you have to use form like this :
<form action="another_page.php" method="POST">
<input type="hidden" name="test" value="<?php echo $number;?>
<input type="submit" />
</form>
get.php :
<?php
$num = $_POST['test'];
echo $num;
?>
Related
First of all sorry for the title.
This is the code I have written but there is a problem, So decided to come here.
What I want actually that Whatever I type in the value parameter it should be reflected back in the value parameter( for XSS ). But I didn't succeed. Can anyone suggest me something?
<style>body {
background-color: #000000;
}
</style>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center><form style="color:red"; action="xss3.php" method="POST"><center>
<b>Advance search:</b> <input type="text" name="q" id="test" value="<?php echo ($_POST['test']);?>">
<input type="submit" name="search" value="search"><br><br>
This might be you want:
<style>body {
background-color: #000000;
}
</style>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center>
// Redirect on same page with action="#". you can change
<form style="color:red"; action="#" method="POST">
<center>
<b>Advance search:</b>
<input type="text" name="q" id="test" value="
// Check btn submit
<?php if (isset($_REQUEST['search'])) {
# use name of field instead of id
echo $_POST['q'];
} ?>">
<input type="submit" name="search" value="search"><br><br>
Make sure, you cant access posted value with the ID. you must need to use name instead of id. Here, i used same file for recieve requested data. you can copy the same file namely xss.php and put the logic there.
Hope this will help you! Greetings!
I hope your php file name is also xss.php (which includes this code).
Assuming that, you need to do a few modifications.
PHP would accept the 'name' attribute in HTML input fields as the variable(associative array index) identifiers of $_POST, $_GET, $_REQUEST arrays.
There for you should change
<?php echo ($_POST['test']);?>
to
<?php echo ($_POST['q']);?>
There are a few methods to get rid of that error message:
1st Method
And to avoid the error (Undefined Index) at the initial page load, you may use the '#' symbol before the beginning of $_POST to suppresses error messages.
Then it would be: <?php echo (#$_POST['q']);?>
If you use this method, at the end, your code may look like:
<html>
<style>body {
background-color: #000000;
}
</style>
<body>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center><form style="color:red"; action="xss.php" method="POST"><center>
<b>Advance search:</b> <input type="text" name="q" id="test" value="<?php echo (#$_POST['q']);?>">
<input type="submit" name="search" value="search"><br><br>
</body>
</html>
2nd Method
Check if the submit button was pressed before displaying the result in the input box. We could use the isset() function to check whether the variable has been set. In this case isset($_POST['submit']) Here you can use two alternatives.
Using the short hand if operator <input type="text" name="q" id="test" value="<?php echo isset($_POST['search'])?($_POST['q']):'';?>">
If you use this approach, your final code would look like this:
<html>
<style>body {
background-color: #000000;
}
</style>
<body>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center><form style="color:red"; action="value.php" method="POST"><center>
<b>Advance search:</b> <input type="text" name="q" id="test" value="<?php echo isset($_POST['search'])?($_POST['q']):'';?>">
<input type="submit" name="search" value="search"><br><br>
</body>
</html>
Using if statements <?php if(isset($_POST['search'])){ echo ($_POST['q']); } ?>
And, if you use this approach, your final code would look like this
<html>
<style>body {
background-color: #000000;
}
</style>
<body>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center><form style="color:red"; action="value.php" method="POST"><center>
<b>Advance search:</b> <input type="text" name="q" id="test" value="<?php
if(isset($_POST['search'])){
echo ($_POST['q']);
}?>">
<input type="submit" name="search" value="search"><br><br>
</body>
</html>
Say I have a HTML form that lets you input a name and age and returns with a list of people with that name and age.
<form method="post" action="/search_results">
<input type="text" name="personName">
<input type="text" name="personAge">
<input type="submit" value="Submit!">
</form>
And on the search results page I have a list of the results, but I only display 50 at a time and allow users to go forwards/backwards between the page with buttons. So the results page would also look for a POSTed 'pageNumber' value and default to 0 if there is none.
When they click a button, how would I resubmit the age and name and also submit the corresponding pageNumber from the button?
I'm using PHP
Add a hidden field to the form:
<form name=search"" method="post" action="/search_results">
<input type="hidden" name="pageNumber"
value="<?php echo isset($_POST['pageNumber']) ? (int) $_POST['pageNumber'] : 0; ?>">
<input type="text" name="personName">
<input type="text" name="personAge">
<input type="submit" value="Submit!">
</form>
Add a JavaScript function to modify the hidden field value:
<script>
function search(pageNumber) {
var form = document.forms.search;
if (!form) return;
form.elements.pageNumber.value = pageNumber;
form.submit();
}
</script>
Apply the JavaScript function for the page buttons:
<span onclick="search(1)">1</span>
<span onclick="search(2)">2</span>
Obviously, the buttons should be generated with PHP in the following manner:
<?php
for ($p = 0; $p < $pagesNum; ++$p) {
echo "<span onclick='search($p)'>$p</span>";
}
?>
<form method="post" action="/search_results">
<input type="text" name="personName" value="<?php echo (isset($formdata['personName'])?$formdata['psersonName']:"") ?>">
<input type="text" name="personAge" value="<?php echo (isset($formdata['personAge'])?$formdata['personAge']:"") ?>">
<input type="hidden" name="currentPage" value="<?php echo (isset($formdata['currentPage'])?$formdata['currentPage']:"0") ?>">
<input type="submit" value="Submit!">
</form>
formdata are the data which are the inputs of the previous submit. These data should be returned by the search_results page along with the view.
Below is the js
<script>
$(document).ready(function(){
$(".paginationBtns").click(function(){
var page = $(this).attr('pageValue');
$("input[name='current']").val(page);
$("form").submit();
});
});
</script>
Assumptions of the forward and backward button
<a href="#" pageValue=0>Back</a><a href="#" pageValue=50>Next</a>
You have to append the back and next pageValue while loading each page.
The best practice in pagination to use a simple link that contains the parameres (GET) and not (POST). That way, when you have the parameters in the url you can cache it, add to favorites, get indexed by google, share your page in email/facebook etc.
<a href='http://example.com/?personName=<?=$_POST['personName']?>&personAge=<?=$_POST['personAge']?>&page=<?=$next_page_number?>'>Next</a>
If for some reason you must or really want to use POST you can save the values in hidden inputs within a form in the page and then sumbit it when clicking on "next page" button.
Form example:
notice its just an example you should sanitize the variables and not put them directly from the $_POST
<form name="pagination" method="post" action="/search_results">
<input type="hidden" name="page" id="page" value="2">
<input type="hidden" name="personName" value='<?=$_POST['personName'];?>'>
<input type="hidden" name="personAge" value='<?=$_POST['personAge'];?>'>
</form>
notice that we set the next page numbers & do submit by using a command from the form of:
<button onclick='document.getElementById("page").value= "2";document.pagination.submit();'>Next page</button>
HTML
<link rel="stylesheet" type="text/css" href="<?php echo CSS_URL ?>modal.css" />
<form id="postinfo" action="" method="POST">
<input type="hidden" name="technician" value="<?php echo $technician; ?>">
<input type="hidden" name="custnum" value="<?php echo htmlentities(serialize($customerNum)); ?>">
<input type="hidden" name="meternum" value="<?php echo htmlentities(serialize($meterNumbers)); ?>">
<input type="hidden" name="remcred" value="<?php echo htmlentities(serialize($remCreditArray)); ?>">
<input type="hidden" name="visitdate" value="<?php echo htmlentities(serialize($dateArray)); ?>">
<a href ="<?php echo PROCESS_URL; ?>create_maint_token_excel.php" onclick="document.getElementById('postinfo').submit();">
<img src="<?php echo IMAGE_URL ?>Excel.png" name="Print Excel" title="Print Excel" alt="Print Excel" /></a>
</form>
PHP
$customerNum = unserialize($_POST['custnum']);
$meterNumbers = unserialize($_POST['meternum']);
$remCreditArray = unserialize($_POST['remcred']);
$dateArray = unserialize($_POST['visitdate']);
$technician = ($_POST['technician']);
I have tried numerous ways of posting these arrays to a php page but the page keeps telling me that custnum, meternum, remcred and visitdate are undefined.
I have tried using a form action and post, I have tried to use a piece of javascript and I keep getting the same problem, why is this not posting?
I have also tried using $_GET instead of $_POST on php page to no avail.
<a href ="<?php echo PROCESS_URL; ?>create_maint_token_excel.php" onclick="document.getElementById('postinfo').submit();">
This will not work, the submit will go into nirvana and you will be taken to the PHP page without the variables. You are doing two requests at once and your browser will go to the one without the form variables.
Try changing your form to this:
<form id="postinfo" action="<?php echo PROCESS_URL; ?>create_maint_token_excel.php" method="POST">
And your Link to this:
<a href ="#" onclick="document.getElementById('postinfo').submit();">
This should submit the form correctly without following the link.
Alternatively use a propper <input type="submit" /> button, you can add the image to it with CSS.
Why don't you just use a form submit button, rather than making life complax with javascript? But first.. Debug, check what is actually in your hidden input.
Better would probably be to keep all these details on the server in a table called maintenance, and only pass the record ID to the webpage. A lot less info that the user can tamper with.
Also, you can just use a regulaer weblink to link to load the next page with the variables in the url (read GET), unless there is some input from the user which requires a form, which we do not see.
You should be trying as,
<?php foreach ($customerNum as $item): ?>
<input type="hidden" name="custnum[]" value="<?php echo $item; ?>"/>
<?php endforeach ?>
In php you could get as,
$customerNum = $_POST['custnum'];
And use,
<a href ="javascript:void(0)" onclick="document.getElementById('postinfo').submit();">
<input type="hidden" name="technician" value="<?php echo $technician; ?>">
<input type="hidden" name="custnum" value="<?php echo htmlentities(serialize($customerNum)); ?>">
<input type="hidden" name="meternum" value="<?php echo htmlentities(serialize($meterNumbers)); ?>">
<input type="hidden" name="remcred" value="<?php echo htmlentities(serialize($remCreditArray)); ?>">
<input type="hidden" name="visitdate" value="<?php echo htmlentities(serialize($dateArray)); ?>">
<a href ="<?php echo PROCESS_URL; ?>create_maint_token_excel.php" onclick="document.getElementById('postinfo').submit();">
<img src="<?php echo IMAGE_URL ?>Excel.png" name="Print Excel" title="Print Excel" alt="Print Excel" /></a>
just replace to inpuit type submit or you can use type image and add action url to action tag of form then you would get values by post method like below exa
Here's a simplified test case:
<form id="postinfo" action="" method="post">
<input type="hidden" name="foo" value="1">
Submit
</form>
If you hit "Submit" you'll see that your browser will open the href URL before your JavaScript code has any chance to make a POST request to the action URL.
You'll possibly want one of these:
<!-- No action href -->
Submit
<!-- Cancel click event -->
Submit
<!-- No link at all -->
<div onclick="document.getElementById('postinfo').submit();">Submit</div>
Side note: If you use PHP serialization, beware of object injection.
my php configuration on server are showing i can post variables to maximum size upto 8MB , thats enough .. but how to check for number of variables , sever is running ubuntu 4.4 , php .
i have a page which takes students marks and send them to a action page , but on action page doing echo for the post variables nothing is being displayed , where are doing an echo "hello"; this shows ...
this is the page which sends the variables
<form name="frm" action="marklistI.php" method="POST" class="" >
<?php $tb->displayTable() ?>
<div class="mainframe">
<input type="hidden" name="batch" value="<?php print $_GET['batch']; ?>"/>
<input type="hidden" name="sem" value="<?php print $_GET['sem']; ?>" />
<input type="hidden" name="chance" value="<?php print $_GET['chance']; ?>"/>
<input name="submit" type="submit" class="hide" value="Save"/>
<input type="hidden" name="url" value="<?php print $_SERVER['REQUEST_URI']; ?>"/>
</div>
</form>
and this are the variables are coming to action page .. but on echo they are not showing any value .
$dept =$_COOKIE['dept'];
$join=$_POST['batch'];
$type='e';
$sem=$_POST['sem'];
$chance=$_POST['chance'];
try placing this code on your action page:
if (isset($_GET)) {
echo "<h3>GET METHOD</h3>";
var_dump($_GET);
}
if (isset($_POST)) {
echo "<h3>POST METHOD</h3>";
var_dump($_POST);
}
if (isset($_COOKIE)) {
echo "<h3>COOKIE METHOD</h3>";
var_dump($_COOKIE);
}
See which method returns your variables and use it, otherwise, you are not filling any values on the form.
this is your code:
<form name="frm" action="marklistI.php" method="POST" class="" >
<?php $tb->displayTable(); ?>
<div class="mainframe"> <input type="hidden" name="batch" value="<?php print $_GET['batch']; ?>"/>
<input type="hidden" name="sem" value="<?php print $_GET['sem']; ?>" />
<input type="hidden" name="chance" value="<?php print $_GET['chance']; ?>"/>
<input name="submit" type="submit" class="hide" value="Save"/>
<input type="hidden" name="url" value="<?php print $_SERVER['REQUEST_URI']; ?>"/>
</div>
</form>
One possible reason for your issue:
You use "_GET[]" variables here but the form is POST.
GET and POST are two different methods to send data, GET is in the URL path (a=&b=&c=) while POST is hidden in the HTML headers.
So make sure you read those results as "$_POST['name']" and not GET.
I suggest this in the "receiving script" for debugging:
var_dump($_GET);
var_dump($_POST);
And in your browser use Chrome or Firefox + Firebug and Press "f12".
In that debugger you can catch the POST when you click the button and you can look which variables were sent.
That should help you debug your issue fast.
One other suggestion, I personally would write the code less "mixed".
It makes it hard to read and hard to modify.
Why not like this:
<?php
echo "
<form name='frm' action='marklistI.php' method='POST' class='' >".
$tb->displayTable().
"<div class='mainframe'>
<input type='hidden' name='batch' value='$_GET[batch]'/>
<input type='hidden' name='sem' value='$_GET[sem]' />
<input type='hidden' name='chance' value='$_GET[chance]'/>
<input name='submit' type='submit' class='hide' value='Save'/>
<input type='hidden' name='url' value='$_SERVER[REQUEST_URI]'/>
</div>
</form> ";
?>
My guess for your problem is that those values in the formular are actually empty, that's why you don't receive anything.
I originally had a submit button like this
<form action="<?php $self ?>" method="post" >
<input name="search" type="hidden" >
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "search">
</form>
it made this statment true
if(isset($_POST['Search'])){}
For a time all was well
then i made my submit button a image
<form action="<?php $self ?>" method="post" >
<input name="Search" type="hidden" />
<INPUT value="Search" TYPE="image" SRC="search.jpg" BORDER="0" ALT="Search">
</form>
For more time all was good untill i wanted to make this button into a text link..
I looked on the internet and read many things where i learned that it cant be done in html but java script was needed..
so i tryed to use this code but it no longer made my statment true..
this is the javascript submit button i found
<a href='javaScript:document.FORM_NAME.submit()'>Submit</a>
My two questions to you wizards out there are
1) where do i put the value of the submit?
2) how do i get this to replace my earlyer submit buttons?
Making a button into a text link is simple CSS.
<input type="submit" id="submit" value="submit" class="submitbutton" />
CSS:
input.submitbutton{
margin: 0;
border: none;
background-color: transparent;
padding: 0;
}
/* Make sure the hover has the same element properties as the first, obviously changing the font colour on hover is something acceptable */
input.submitbutton:hover{
margin: 0;
border: none;
background-color: transparent;
padding: 0;
}
For starters you need to give your form a name corresponding to what's in the Javascript link (in this case, FORM_NAME):
<form name="FORM_NAME" action="<?php $self ?>" method="post" >
<input name="search" type="hidden" />
<a href='javaScript:document.FORM_NAME.submit()'>Submit</a>
</form>
Then on the page that checks the form, you need to check for $_POST['search'], which comes from the input. I don't think case matters, but it makes sense to always check using the same string anyway.
I'm not 100% sure what this form is meant to do since it doesn't seem to submit anything, don't you want to use a text input so the user can search for something?
If you want an image as a submit button? Why not use the button element
<button name="search" value="search" type="submit">
Send<img src="/icons/wow.gif" alt="wow" /></button>
see:
http://www.w3.org/TR/html401/interact/forms.html#h-17.5
Just out of curiosity, how will users without javascript enabled submit the form?
How about using CSS to style submit input to look like a text rather than a button?
examples here:
http://cssm.wordpress.com/2006/10/01/how-do-i-make-a-submit-button-look-like-text/
http://forums.digitalpoint.com/showthread.php?t=403667