Kinda strange...
I'm building a shopping cart. When the user types the quantity he wants and hits "add to cart", the <form> action should redirect them with a PHP $_SERVER['QUERY_STRING'] AND some other information (i.e. the product id, fetched in MySQL).
Here's my form, all in a PHP echo...
<?php
echo '<form method="GET" action="cart.php?'.$_SERVER['QUERY_STRING'].'&action=add&item_id='.$data->item_id.'">
<small>Quantity </small><input type="text" size="2" placeholder="1" name="add_quantity">
<input type="submit" name="add_clicked" class="button" value="Add to Cart">
</form>';
?>
Upon submission, the URL redirects to cart.php but only includes the query string, but leaves out the item id and the action=add.
Supposing I typed '2' in the quantity box, the URL looks like this cart.php?add_quantity=2 and nothing after that.
Would appreciate help!
Thanks!
When you submit a form via GET, the form data submission process will overwrite any existing query string that might be set in the address you put into the action attribute.
Use hidden form fields instead to transport your additional values.
(And as #Simon already said in his comment, go read up on what you have to do to prevent XSS when outputting data that was send from the client before.)
Submitting a form with GET will overwrite any query string you'd put in the url (I'm not sure what you wanted to do with your $_SERVER['QUERY_STRING'] though as that would give the query string used to access the page where your form is.
What you'll want to do is to use hidden input fields in your form for your action and item_id attributes.
<form method="GET" action="cart.php">
<input type="hidden" name="action" value="add"/>
<input type="hidden" name="item_id" value="<?=$data->item_id?>"/>
<small>Quantity </small><input type="text" size="2" placeholder="1" name="add_quantity">
<input type="submit" name="add_clicked" class="button" value="Add to Cart">
</form>
Upon submission this will go to the url cart.php?action=add&item_id=1234&add_quantity=2
Alternatively you could (and most likely should) submit the form via POST; then any data in the form will be sent as POST parameters and the query string parameters defined in your action will be kept.
Pass the info in the query strings via a hidden field. So let's assume you're passing the account number in the query string, it would look like this:
<input type="hidden" name="account_number" value="$account_number">
Related
When I use <form action="code.php?id=1" method="post"></form>, the form id is passed in the URL. But when I write the same code by replacing 'POST' by 'GET', the id is not passed to the URL.
Why?
When you submit a GET form, the values from the form are appended to the action URL, as the "query string" after the ?. Specifying an existing query string in the action attribute of such a form creates an ambiguity. Browsers don't merge the two query strings, they just throw away the old query string and build the new one based on the form.
With a POST form, there is no ambiguity: the data from the form is sent separately from the URL, so there is no need for the query string to be over-written.
However, it's probably best not to mix the two kind of parameters, so the solution is always to include your extra parameters as hidden fields, then it will work with both GET and POST forms:
<input type="hidden" name="id" value="1">
Better way is to pass id in hidden field.
<form action="code.php" method="post">
<input type="hidden" value="1" name="id" />
</form>
If your form is as below
<form action="code.php?id=1" method="post">
<input typ"text" name="username" />
<input type="submit" />
</form>
example script in code.php
<?php
print_r($_GET);
print_r($_POST);
print_r($_REQUEST);
?>
You will get form data in post array and url parameters in get array, in request you will get both get and post data in one array. But if you change from post to get method your form data added with the url instead of appending. This issue is because of ambiguity. To get solution i this situation, create a hidden field in your form those you also want to send with query string.
I am using a button to function in the same way as a hyperlink:
<form action="intro.html"><input type="submit" value="CLICK HERE TO ENTER" ></form>
This works for static links, but does not work with PHP $_GET arguments.
<form action="wrong_choice.php?stage=0"><input type="submit" value="Wrong Choice!" ></form>
Clicking that will proceed to "wrong_choice.php" but not "wrong_choice.php?stage=0"
How can I fix that?
Thank you
Better to use:
<input type="button" value="Wrong Choice!" onClick="document.location.href('wrong_choice.php?stage=0');" />
If you do not want javascript, add method to form, delete parameter from action and add input with type hidden, which stands for parameter.
Action does not accept query string!
If you want to append data into the form which isn't part of the inputs filled by the user, add inside the <form>
<input type="hidden" name="stage" value="0" />
Action is what you want to do with the information in the form: you want to send the form in a email or send the information to another script to manage or comeback to same script.
If you want pass arguments in the form you should put them in form's fields like that:
<form action="wrong_choice.php>
<input type='hidden' value='0' name="stage">
<input type="submit" value="Wrong Choice!" >
</form>
Thanks
In a php-script i have a form, method is post, action-attribute is empty, which is working so far. but when i add a value into the action-atribute, like so:
action="index.php?id=9&get-id=5"
the whole post-array is empty after submitting.
Someone has any idea what this could be about?
Thanx in advance, Jayden
edit: here is an Example:
$form = '<form name="form1" method="post" enctype="multipart/form-data" action="index.php?id=9&get-id=5">
<input type="text" name="name1" value="">
<input name="submit" type="submit" value="submit">
</form>';
The form is displayed in a tab in a js-tabmenu, which opens also by get-parameters, in each tab is a form and after submitting the get-param is needed to display the right tab with the right form.
try to use $_REQUEST
which is collection of $_GET and $_POST
You should not use both GET and POST in a request.
You must only use post, therefore the two variables 'id' and 'get-id' should be in the form (use hidden fields)
edit:
try changing your code to:
<form name="form1" method="post" enctype="multipart/form-data"
action="index.php?id=9&get-id=5">
<input type="hidden" name="id" value="9">
<input type="hidden" name="get-id" value="5">
<input type="text" name="name1" value="">
<input name="submit" type="submit" value="submit">
</form>
then if you :
print_r($_POST);
at the top of the index.php page you should be able to see what is going on.
Also - just to check are there any redirects in your code, ie does index.php then redirect somewhere else as that would cause the $_POST to get lost
If you're trying to access id or get-id from your script: Those were appended to the url, even if you submit that form via post. Therefore you will find their values in $_GET, as usual. Only the values of <input> fields (and textarea etc., simply: all form elements) are in $_POST.
So say I'm currently on index.php or index.php?p=about within my current web build.
I am trying to build a search form that will be displayed on most pages, but I want the form action to go to http://mywebsiteurl.com/?p=search&q=GETDATA, as my website's paging depends on the data passed to the 'p' attribute.
How would I append the search parameter to the URL in a static fashion, upon submission?
Perhaps something like this:
<form method="get" action="index.php">
<input type="hidden" name="p" value="search" />
<input type="text" name="q" value="" />
<input type="submit" value="search" />
</form>
You can use a hidden field in your form to maintain the value of the p parameter:
<input type="hidden"
name="p"
value="<?= htmlentities($_GET['p'], ENT_QUOTES) ?>" />
You should put the value of the parameter p inside a hidden form field inside the search form; something like:
<input type="hidden"
name="p"
value="<?php echo(htmlspecialchars($_REQUEST["p"])); ?>" />
It's not a good idea to put the parameter to the form action parameter; post requests are handled differently than GET requests, the values in a POST request aren't appended to the URL by ? and & as with GET; meaning that you wouldn't actually get the p parameter into the script handling the POST request from the form...
Also take care not to show the request parameter unreflected (hence the htmlspecialchars, thanks for the hint!), since malicious clients could try to inject code into your page (HTML injection / XSS).
The problem I have is that I have multiple submit inputs in a single form. Each of these submit inputs has a different value and I would prefer to keep them as submit.
Whenever the user presses Enter, it is as though the topmost submit input is being pressed, and so it is causing problems for the code checking which input was clicked.
Is there a way for PHP to determine whether or not the input was clicked, or was just the input that was selected when the user pressed the Enter key?
You can identify which button was used provided you structure your HTML correctly
<input type="submit" name="action" value="Edit">
<input type="submit" name="action" value="Preview">
<input type="submit" name="action" value="Post">
The $_POST array (or $_GET/$_REQUEST) will contain the key "action" with the value of the enacted button (whether clicked or not).
Now, "clicking" is explicitly a client-side behavior - if you want to differentiate between a click and a keypress, you'll need to add some scripting to your form to aid in that determination.
Edit
Alternatively, you can be "sneaky" and use a hidden submit that should correctly identify a key-pressed for submission, but this probably has some significant impact on accessibility.
<?php
if ( 'POST' == $_SERVER['REQUEST_METHOD'] )
{
echo '<pre>';
print_r( $_POST );
echo '</pre>';
}
?>
<form method="post">
<input type="text" name="test" value="Hello World">
<input type="submit" name="action" value="None" style="display: none">
<input type="submit" name="action" value="Edit">
<input type="submit" name="action" value="Preview">
<input type="submit" name="action" value="Post">
</form>
Roberto,
PHP is server-side technology and therefore runs on the server - so there is no way for it to determine what keys where pressed at the client (aka the user). That is, of course, unless you specifically code the client-side to include such information with the server requests (posting form data is a form of request too).
One way to accomplish that is by using Javascript in your client code.
See this page as a starting point regarding handling form submit events using Javascript.
http://www.w3schools.com/jsref/jsref_onSubmit.asp
You may also have to add a listener for key press events on your page in order to capture the user pressing the Enter key and then recording this information.
http://www.howtocreate.co.uk/tutorials/javascript/domevents offers a discussion on the topic of adding/removing event listeners in Javascript but you have to be very careful when using events because improperly used they can be the source of memory leaks which are hard to debug and cause for unhappy users :)
PHP alone can't determine how the form submit event was triggered, because that happens on the client-side while PHP is a server-side language. You'd have to implement Javascript to listen for -- and log to the server-side -- key presses and mouse clicks, and then analyze that data to find what you're looking for.
Now, PHP can tell which submit input was triggered, as it will appear in the form data while the others will not. Most browsers make the first submit input the default (the one that is triggered on an Enter key press). You could re-order all your submits so as to control which submit is triggered.
PHP can't really know what happened on the client side.
I'd recommend using javascript. When the user do the action, catch it and store it in an hidden field that will be submited with the form. You can also keep track of what input is active and store it in an hidden field.
The code would go a bit like that (i didnt checked the syntax)
<input type="text" onfocus="setCurrent(this)" id="1" />
<input type="hidden" id="hid" />
function setCurrent(o){
$('hid').value = o.id;
}
I think that playing around with events catching and hidden fields should give you the result that you want.
Hope that helps
It's how you write the markup on the client side.
For example, here is one (non-XHTML) way you could do this:
In the HTML file:
<form method="post" action="myform.php" id="myform">
... form items here ...
<input type="submit" name="enter_key" value="true" style="display:none">
<input type="hidden" name="pressed_button" id="pressed_button" value="false">
<input type="button" value="Submit"
onclick="document.getElementById('pressed_button').value='true';document.getElementById('myform').submit();">
</form>
In myform.php:
if ($_POST['pressed_button']=='false') {
// Logic for enter key
} else {
// Logic for button press
}