i send an HTML email with a form and a button like this:
<form action="http://myurl/index.php" method="post">
<input type="hidden" name="testing" value="123456">
<button class="btn" type="submit">SEND</button>
</form>
then in my index.php page i read the testing variable, in this way:
echo $_POST['testing'];
but i can't read the variable and give me this:
Notice: Undefined index: testing
there is a way to send a variabile from an html mail to a php page?
Oh. Got that Email Part now.
Most Mail-Programs won't do POST requests, for security/privacy reasons. Use GET here:
in HTML:
SEND
and in PHP:
echo $_GET['testing']
Of course the data is visible in that case - but that's the entire point.
Emails don't play well with a lot of fairly standard html. In this case, I'd use something like this:
Submit
And then style your anchor to look like a button. Then on your php side, use this to make sure the variable gets there:
print_r($_GET);
What happens when you replace:
<button class="btn" type="submit">SEND</button>
With
<input type="submit" value="Send" />
I realize you are probably styling it given that you have a class statement but you can still style an input type="submit" easily enough. I ran into issues posting variables using the object.
Also, FWIW, you don't need to specify the full URL in the action. In fact, you should probably do the following to safeguard your self against XSS attacks:
<form action="<? echo htmlentities('/path/to/index.php'); ?>" method="post">
Related
I am trying to input submit value and want to pass the value to another page through GET but for that I have to use two Clicks button.
I want the same in a single click. Help required.
Code:-
<form method="post">
<input name="inwardid" type="text" id="inwardid" />
<?php $inwardid = $_POST['inwardid']; ?>
<input type="submit" value="Next" />
</form>
<a href="addbook.php?up=<?php echo $inwardid; ?>"><button>Proceed</button>
You want to send the value the user typed in to the other page. So use this for your <form>:
<form method="POST" action="addbook.php">
<input name="up" type="text" id="up">
<input type="submit" value="Proceed">
</form>
To access the value in addbook.php, use $_POST['up'].
This will send the value the user typed in the input label (type="text") to the addbook.php page, using a $_POST. No need for a $_GET, $_POST will do just fine.
As you deliberately asked for method GET, my solution shows you GET!
You must know there is no security issue when using GET. It depends what you want to do. GET is useful if you want to use a dynamic code in multiple ways depending on some some variables that you do not want to hard-code in your script, or simply do not want to send files or other huge data.
Lets admit a newspaper has a site called breaking_news.php and you want to access the breaking news of November 8, 2016you could use this as :
breaking_news.php?y=2018&m=11&d=08
The fact that one can see your GET vars means nothing. Even by using POST one can see your variables by looking at your code. And one way or the other you must protect against code injection and brute force.
But if your not in the mood to show this vars to your visitor you can use URL rewriting to rewrite the url above in the browser as
RewriteRule ^breaking/(.*)/(.*)/(.*)/news\.html$ breaking_news.php?y=$1&m=$2&d=$3 [NC,L]
so you send your visitor to see the (rewritten)URL
breaking/2018/11/08/news.html
but what the web-server is showing him is:
breaking_news.php?y=2018&m=11&d=08
A reason to use this if for example when you want your dynamic site to be taken into consideration by some searching engine as a static site, and get indexed. But this is again another battle field.
Second, you want to send the variable to "addbook.php", and not to itself.
Your question sounded like you want to send to "another page" not to the same page.
Third, I can see in your code snippet you want to submit the variable "up" and not "inwardid", as you did in your code.
And also I can see you want the "submit" button to be called "Proceed".
Your code would look like this:
<form method="GET" enctype="application/x-www-form-urlencoded" action="addbook.php" target="_blank">
<input name="up" type="text" id="inwardid" />
<input type="submit" value="Proceed" />
</form>
As I said you must protect against injection, and this means for example, that in the "addbook.php",to whom you are sending the variables you must write some code that protects you against this issues. As your question is not in this direction I will not enter this subject.
To avoid problems with special chars you must "url-encode" your variable specially when sending them per POST method. In this case you must use this enctype if your handling text. Because this enc-type is transforming special chars into the corresponding ASCII HEX-Values.
Using GET your safe, because GET cant send in another enc-type. So your variable will automatically be url-encoded and you receive a string that is compliant to RFC 3986 similar by using:
rawurlencode($str)
Lets admit someone smart guy fills in a your input box the following code, in the desire to break your site. (This here is not exactly a dangerous code but it looks like those who are.)
<?php echo "\"?> sample code in c# and c++"; ?>
using enctype="application/x-www-form-urlencoded" this will become something like this:
%3C%3Fphp%20echo%20%22%5C%22%3F%3E%20sample%20code%20in%20c%23%20and%20c%2B%2B%22%3B%20%3F%3E
what makes it safe to be transported in a URL, and after receiving and cleaning it using
strip_tags(rawurldecode($_GET['str']))
it would output something like this, what is a harmless string.
sample code in c# and c++
I just started using twitter bootstrap, and I got stuck trying to get my form submit button to submit (PHP $_POST). Does anyone know why its not working?
No clue really..
I've been doing this previously and its been working until bootstrap:
<?php
if (isset($_POST["login"]) && $_POST["login"]=="login") {
echo "login here";
}
?>
<form action="http://mysite.com" method="post">
<input type="hidden" id="login" name="login" value="login" />
<button class="btn success" type="submit">Login</button>
</form>
The page seems to load but the PHP does not. Is the POST information being blocked?
My form input elements did not have an id or name (I didn't include them in my example).
Not an HTML expert, but I've always used <input type="submit" /> and not <button type="submit" />, not sure that button is a functional form element.
Also, your button element is closed twice - first with /> in the opening tag, and then again with a closing tag for no reason.
Maybe you are wrong with the action="http://mysite.com"? That attribute is for specifing the form data receiver, so in your case I think it's the page itself. So, if your page is named mypage.php, use action="mypage.php".
I had this same issue as well, turns out I was missing the name="submit". Gotta have that so the $_POST has a key in the assoc array!
it is adviseable that every element has a name thus (name="elementName") this makes it easy to reference them in your php scipt; also ensure that a form action and method are set.
Near the top of my page, I have this:
<?php $id = $_GET['id']; ?>
Then I have some form check conditionals that read from POST:
if (isset($_POST['completeSubmit'])) {
//code
}
And finally, I have an HTML form which looks like this:
<form action="<?php echo $_SERVER['PHP_SELF']."?id=$id"; ?>" name="complete" method="post">
<input type="submit" id="textButton" name="completeSubmit" value="[mark as complete]">
</form>
The page is initially accessed by using GET with an id variable like this:
http://website.com/page.php?id=1
All subsequent form submissions (which get redirected to the same page) fail. I know you can't send both GET and POST in the same request, but seeing as my form is submitting to $_SERVER['PHP_SELF']."?id=$id" using POST shouldn't it work? This is my first time trying this so it is quite possible I've overlooked something trivial.
You can use get and post at the same time, but you shouldn't. If you want to continue to send the ID this is as simple as:
<form ...
<input type="submit" ...
<input type="hidden" name="id"
value="<?php echo htmlspecialchars($_GET['id'], ENT_QUOTES); ?>" />
</form>
Of course you can not use GET and POST methods simultaneously.
However you can use a query string while sending a form using POST method, which being used to populate $_GET array.
To find a certain error you have to provide more info. At least 2 things:
how does HTML form look
what do yo see in the query string after posting the form.
and errr...
do you use any header redirects in the form processing?
I was wondering if my code below is even correct, I've been having numerous errors with this, but am not sure if the problem really exists here. The code is below:
The user will click 'Exit Group'.
<p class="logout"><a id="exit" name="logout" href="#">Exit Group</a></p>
The code that should be execute when 'Exit Group' is clicked is below:
if(isset($_GET['logout'])){
//CODE TO BE EXECUTED
}
However, the code I am trying to execute when the user clicks 'Exit Group' is not even being executed. There is nothing wrong with the code within the braces, as numerous people have checked it. But I was wondering if my problem may lie in the code above? Thank you.
If you click the link, nothing happens because the URL only contains the fragment identifier #. Not even a GET request will be issued.
You use this kind of link normally to jump to an element inside the page (e.g. Top to jump to an element with ID top). This is completely handled in the browser.
And if you only put the fragment identifier there, just nothing will happen. This is very often used if the link should execute some JavaScript and should actually not link to something else.
You are testing the $_POST array at the server side. But this array only contains elements, if you initiate a POST request by a form. That means you need to create a form with a submit button, e.g.:
<form action="" method="POST">
<input type="submit" name="logout" value="Exit Group" />
</form>
Here comes the name attribute into play, which will be the key in the $_POST array. But assigning this on a normal link will have no effect.
You could do it also with the link, but with a GET request this way:
<a id="exit" href="?logout=1">Exit Group</a>
<!-- ^-- parameter must be part of the URL, name has no effect -->
and
if(isset($_GET['logout'])){
//CODE TO BE EXECUTED
}
Note that you have to pass a parameter logout it here.
It seems you have mixed up GET and POST requests. If you have a form, the name s of the form elements will be transmitted as parameters to the server. That means given this form:
<form method="POST">
<input type="text" name="foo" value="" />
<input type="text" name="bar" value="" />
<input type="submit" name="send" value="Send" />
</form>
if the user clicks on the submit button, the $_POST array at the server side will have the keys:
$_POST['foo']
$_POST['bar']
$_POST['send']
This does not work with links though. A click on a link will create a normal GET request, and here, the parameters must be part of the URL, appended after a question mark ? and separated by an ampersand &:
Link
will result in
$_GET['foo']
$_GET['bar']
$_GET['andMore']
You probably should read about the HTTP protocol.
a isnt a form control. it needs to be an input or select if it's within a form.
For manual linking, do href="/page?logout"
You're using a regular hyperlink, no form will get posted. you need a submit button of some kind in a form with method="post" to do that. regular links just result in GET requests and nothing will ever be posted that way.
edit: added simple example:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<title>Form test</title>
</head>
<body>
<?if ($_SERVER['REQUEST_METHOD'] == 'POST'):?>
<pre><? print_r($_POST)?></pre>
<?endif;?>
<? // $_SERVER['REQUEST_URI'] holds the current URL, so we know that ?>
<? // we'll end up back in this file when the form is submitted. ?>
<form method="post" action="<?= $_SERVER['REQUEST_URI']; ?>">
<input type="text" name="textbox"
value="<?= isset($_POST['textbox'])?$_POST['textbox']:'Type something' ?>" />
<input type="submit" name="submitbutton" value="Submit" />
</form>
</body>
</html>
$_POST will only be filled if you use a form with method=post.
Yes. A POST and a GET are two different things ;)
if(isset($_GET['logout']))
This <a id="exit" name="logout" href="#"> should be <a id="exit" href="?logoff=true#">.
Then logoff will be in the $_GET array.
I need to replace a button on my web page with a hyperlink.
I am calling a PHP script using the button.
I extract the id using the following statement:
$id = $_POST['id'];
HTML code:
<form id="test1" method="post" action="my.php?action=show">
<input type="hidden" name="id" id="id" value="1" />
<input type="submit" name="submit" value="Click" onclick="return display(1);" />
</form>
Here is what I came up with:
Click
Does my code have a flaw? Is there a better approach?
Looks good, except for three things:
Use & instead of &.
Use id=1 instead of id='1'.
Use $_GET instead of $_POST. If you want backwards compatibility, you can opt for $_REQUEST.
You can make the link post the form:
Click
That way it works without changing the PHP code.
No - looks fine to me, though the '1' doesn't need to be in inverted commas, andy you'll need to change your $_GET to $_POST in your first line of PHP.