I have an HTML 5 form page. I know the method attribute action in the form tag determines what to do once submit button his hit.
So far I have something like this: <form action="form_action.php" method="post". I know some form's in HTML5 have a required attribute, but I understand that the PHP code should also do the required checking for security purposes.
If a person hits submit, I would like the required messages to pop up on the same html5 form page rather than completely redirecting to my php code. Can someone please explain how to do this or provide references?
I read something about the superglobal _SERVER(["PHP_SELF"]) but if I use this, how do I pass variables to my PHP script? I will be doing some SQL in PHP too.
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Any help appreciated. Thanks.
If you want to process the contents of a form before they are sent to the server (e.g. on the client side), you have to do it using JavaScript, not PHP.
For an introduction on how to do that, try to google "javascript form validation" or something similar. A good starting point could be this tutorial. You may also want to look at jQuery which makes writing JavaScript easier and has become the standard way of writing JavaScript code that works in all browsers.
You could use header("Location: first_page.php") on your action.php page to redirect to your first page (eventually with some options) if the inputs are not correct.
Related
Is it possible and also is it worth doing (security talking, as a extra step, of course not as the main security thing) to send a regular html form (not ajax) to a php script but to hide the scripts url?
So for example if i have:
<form action="http://example.com/phpscript" method="post" enctype="multipart/form-data">
when the form is submited the user will be redirected to a succes page but not on the http://example.com/phpscript url (or maybe to this url but with some masking or some other ideas...).
I don't believe it's possible unfortunately.
The best you could do is send it to your php page that takes care of your form then redirect with, ie :
header("Location: index.php);
When creating a simple form which a PHP script will process, does it matter if we link to that form via the form tag? For example, we have:
<form name="studentapp" method="post">
With the PHP script being below the HTML form. The file is saved as a PHP itself, so it can interpret the PHP code. There isn't really anything special about the name. But how about this:
<form action="application.php" method="post">
Where the file is an HTML file, but it links to a PHP file for processing the data.
Is one better to use than the other?
EDIT: There is an error in the code I posted. One should use the action tag to link a separate PHP file for processing. (Thanks user Stony)
Both of them is wrong ;)
The action tag is to define the page to send the form to. The name is only an optional name to process the form via javascript for example.
<form name="myformname" action="application.php" method="post">
Besides of what's been said (that you need to use the action attribute) it depends on your workflow. If you want to display the form again, them it makes sense to keep everything on the same page. Or you can move your php processing block to the top of the page and exit if form has been submitted, therefore not showing the form again. I really don't think it matters if you use the same page or a different one. Again, it depends on your workflow.
Php newb here. I have a registration form that when you have errors in registering, it just redirects back to the form, not telling what the error is. So I'm wanting to make an error.php, and make it, instead of redirecting to the registration page, redirect to the error.php?error=whatever.. Thing is, I'm not sure how to use the $_GET methods and whatnot. Any help?
On redirection
The best way to do this is IMO is to send the form data via AJAX to your PHP file, then have your PHP file respond with a yes/no on if the data is valid or not. Once the AJAX return says your data is valid, then proceed to the registration page (or wherever you're going).
This avoids the need for the user to go back and forth just to figure out what form data they did wrong.
On $_GET
See the $_GET section of the PHP Manual. You can access $_GET as an array, or get specific values from it.
This PHP...
<?php
echo $_GET['example'];
?>
...would retrieve and echo the value of the following text box.
<form method="get" action="targetFile.php">
<input name="example" type="text" />
</form>
Also, make sure you're running this on a server of some kind, even if it's local. A web browser alone cannot process PHP and thus will give you the "white page of doom." I use XAMPP.
I know some people hate W3schools, but if you're still struggling check out this guide.
People
I want to know how to submit form without action attribute shown.
Like this
<form action="someact.php" method="post">
...
</form>
Some suggest to use $_PHP['SELF'], but I want my form to be processed using another php file like separating UI part and process part so that anyone can't see my process file ?
I want like this
<form method="post">
...
</form>
But it processed to the file I want.
Help please ?
Firstly, I don't quite understand why you would want this. The whole point of the action attribute is to tell the browser where to send the request, and "hiding" it achieves nothing - any half-way competent hacker (or even less than half-way) can still find the information you are hiding, no matter what you do.
Having said that, you could do something like this:
<form id="hidden_action_form" method="post">
<!-- ... -->
</form>
<script type="text/javascript">
document.getElementById('hidden_action_form').action = 'someact.php';
</script>
Why on earth would you need a "hidden" process file? That's impossible: the browser has to know where the request should be sent.
If you explain the problem you're having in the first place, and not the problem that arose from your solition to that problem, other people might be able to help you.
I get the impression that you mix up two things. The PHP-file is only on your server and will not be sent over to the browser. The server (normally apache httpd) processes the file and generates HTML code from it. This code is then sent over to the browser.
When you have a form you MUST have an action associated because as CodeCaster pointed out: The browser needs to know where to send the data. It's like a hyper link without setting the href-Attribute. Nothing can ever happen because the browser does not know what to do.
You can't do that. A form must always have an action attribute.
Noone can see the contents of the file that is going to process the form data (if this is your problem).
You won't be able to hide that without javascript. Even javascript won't hide it, but can post the data to another file while the user gets directed to the (public) file defined in the action of the form.
You can use an ajax post() call to POST data to another file. See the link provided to do this with jQuery and make sure that ajax sends the post first and then redirects/loads the user-content.
Notice though that if a client has javascript disabled, the whole POST will not be executed. Also if someone takes a look into your js, one can see the hidden filename there too, unless you password-protect the js file.
I'm having problems submitting my ajax form. I am used to the old fashioned way with refresh but this new stuff is beyond me for the time being. It's time to start learning new technolohies.
I have an autosuggest box that is getting my results from a database and populating the textbox just fine. When I designed this about 6 months ago, I was searching the database on the value rather than the key value. This is a problem today and needs to be fixed.
WHat the ajax has returned to my script is the key/value pair. Now that I have the id, I need to pass that into my php method so I can process it from there.
Can somone please give me a hand with this? It seems simple enough but again, javascript was never my thing so I am lost.
Here is all of the relevant code. Also, I don't think, at least from the code samples I have seen so far that I even need a form tag. Am I correct on this? Ideally, I want to submit the found ajax value with the enter button and NOT using a button.
So, just to clarify, this is what happens. The user types 2 or 3 letters. The ajax queries the db on a "LIKE" operator and returns the matches. The user chooses the one he wants and then the id goes out to my method and returns the exact record in a different window.
<form method="post" class="hdrForm" id="search" action="../../index.php?cer=2" target="_top">
<input type="text" name="string" class="hdrInput" id="string" value="Quick Search"><div id="acDiv"></div>
</form>
Note.. I need the "id" in this function to be submitted. Right now, I am getting the POST val off the form tag and that's not correct but how?
AC.chooseFunc = function(id,label)
{
document.forms.search.submit();
}
Thanks for any help that you guys can give me on this.
Take a look at jQuery. It is a javascript library. It contains functionality for doing Ajax.
jQuery Ajax documentation.
document.getElementById("search").onsubmit = function() {
// Do what you want with the form
return false; // Stops submit continuing
}
This also degrades gracefully (if your server side program is written right) in that users without javascript get the form submitted normally to the page in the action attribute, without the AJAX.
I'd suggest you use a framework such as jQuery. A basic tutorial (including AJAX) is available
You have two problems. One is that you are telling the form to submit:
document.forms.search.submit();
That is what is causing your form to submit in the standard, non-xhr way - causing a refresh. Also, because your form does not contain an input element for the id, that is not being sent to the server even with a regular form submission.
I agree with the posters that it would be a good idea to use jQuery or something to do your ajax based submission. Something like this could be used inside of your "AC.chooseFunc" function instead of the form submit.
And yes, if you go ajax entirely, you don't even need a form tag.