im trying to change the value of a field in $_POST so that it will load the correct content for whatever has been posted.
When a user goes onto my website $_POST is initially set as
$_POST['order_page_content'] = 'list'
I then have a form in my view.content.php file that looks like this:
<td><form action='http://localhost/magento_soap_client/fulfilment' method='POST'>
<input type='hidden' name='order_page_content' value='info'/>
<input type='hidden' name='order_id' value='$order_info->order_id'/>
<input type='submit' value='View'/>
</form></td></tr>";
So the value of $_POST['order_page_content'] should change to info when the button is clicked. Therefore the content of the page should change...
Once the button is clicked, i can see via firebug that the value has changed in the post, its just my page isn't getting set to it
So how do i make the content change based on the post value that got submitted? Or what is going wrong?
EDIT
Ok guys ive tried what you said, but its still not happening, i dont know if i have put it in the wrong place or what... i think the easiest way is to show you my code.
The script to decide which content it is is here:
link
and the script that calls it is here:
public function get_html() {
$m_html = null;
if($_POST['order_page_content'] == 'list'){
$m_obj_html = new content();
$m_html = $m_obj_html->get_page_content('list');
}
else if($_POST['order_page_content'] == 'info'){
$m_obj_html = new content();
$m_html = $m_obj_html->get_page_content('info');
}
return $m_html;
}
The post['order_page_content'] is getting set in the bootstrap initially to list
Thanks
<input type='hidden' name='order_id' value='<?php echo $order_info->order_id; ?>'/>
if it's already in php use
<input type='hidden' name='order_id' value='". $order_info->order_id ."'/>
$_POST is set globally from PHP.
If you have something in your script like:
$_POST['order_page_content'] = 'list';
So your variable is on each page load overwritten.
Try to check for it before you set it.
if (!array_key_exists('order_page_content', $_POST)
{
$_POST['order_page_content'] = 'list';
}
$_POST is set with post data sent from the client when they access the site. You can access it if they send any. Your form looks like it should work. What I do see though is that you make them send this against a page on the localhost. Is localhost running an apache or similar server with PHP? If it is, then on that page add this:
if(!empty($_POST['order_id'])){
print_r($_POST);
}
If that form is on the page you send them to, and you want the value to be remembered (still be there after they send in the form/post data, then do this:
<input type='hidden' name='order_id' value='<?php if(!empty($_POST['order_id'])) echo $_POST['order_id']; ?>' />
Tom You can check it with the use of if condition
if($_POST['order_page_content']=="info"){some code} else { some code}
Seems like the problem was this line:
<form action='http://localhost/magento_soap_client/fulfilment' method='POST'>
The url in action was resetting everything, so i have now taken it out and left action blank and works fine
Thanks for your help though guys
Related
I need to redirect the user to a site that gets the "Short_proj_name" information. So i did this:
<form action="Main.php?short_proj_name=<?=$_REQUEST['short_proj_name']?>" method="post" name="formProjName" target="_blank" id='frmProjName'>
However, upon searching, i found out that there are several reasons NOT to use $_REQUEST, one of them being security and all that. However, simply doing $_POST['short_proj_name'] or $_GET['short_proj_name'] never returns the information i need.
Basically, how would i go about doing an if statement that checks if the $_GET is empty, and does a $_POST instead? Can i do that in the action method of my form?
EDIT:
Adittionally, is it possible that maybe using both $_POST and $_GET return null, yet using $_REQUEST doesnt? As far as i know, $_REQUEST is both get and post together, but none of them returns any information
It works if i do it as so:
if(!empty($_POST['short_proj_name']))
{
$projName = $_POST['short_proj_name'];
}
elseif (!empty($_GET['short_proj_name']))
{
$projName = $_GET['short_proj_name'];
}
else
{
$projName = $_REQUEST['short_proj_name'];
}
But i'm not sure if that solves the security problem at all
I think the answer here is to always use _GET.
A form can actually send both _GET and _POST data based on what you use in the "action" attribute of the form. The action part doesn't care what you set the "method" attribute as.
From what you are showing above, the params are all in the "action" part of the form so these are always passed into _GET anyway. If the inputs were inside the form then those would be received via _POST
Here's an example.
In PHP I would receive $_GET['monkey'] = '1' and $_POST['lion'] = 1
<form method='post' action='receive.php?monkey=1'>
<input type='text' name='lion' value='1' />
<input type='submit' />
</form>
There shouldn't really ever be an instance where you need to check if the answer is in _GET or _POST and as mentioned in a comment, it's quite a security risk to use $_REQUEST or check if it's in _GET or _POST.
Most times, you can just push the page request URL back into the form "action" to ensure all the same _GET params are included on the form _POST.
The big mistake most people do is try to move them from _GET into hidden input fields inside a form thinking they need to do that to carry all that data through.
However, this type of function call might help you but I wouldn't approve of it.
function getRequestParam($param){
if(isset($_GET[$param])){return $_GET[$param];}
if(isset($_POST[$param])){return $_POST[$param];}
return "";
}
you can like
<?php
if(!empty($_POST))
{
$projName = $_POST['short_proj_name'];
}
else
{
$projName = $_GET['short_proj_name'];
}
?>
<form action="Main.php?short_proj_name=<?=$projName ?>" method="post" name="formProjName" target="_blank" id='frmProjName'>
but i think it's ugly
Here is a simple code :
<?php
if (isset($_GET) && $_GET['short_proj_name'] != '')
echo $_GET['short_proj_name'];
else if (isset($_POST) && $_POST['short_proj_name'] != '')
echo $_GET['short_proj_name'];
else
echo $_REQUEST['short_proj_name'];
?>
But if you get the value from a post or get, it can be anything so be careful...
If the "short_proj_name" is a file name, a nasty person can get access to other files just by guessing their names...
The issue I have been experiencing deals with input from HTML which was generated using PHP echo statements. Here is the function I have that outputs the form:
function confirm_recipients()
{
echo "<form action = ' ' name ='email_options' method='post'>";
echo "<input type='submit' name='sendRecipients' value='Yes, I want to send the emails' >";
echo "</form>";
}
Later on in the same PHP page, I call the function and then check to see if the submit button was set.
confirm_recipients();
if (isset($_POST['sendRecipients']))
{
//perform actions
}
However, this code is not functional seeing as even when the submit button is set (clicked by the user), the if statement block is never executed. Perhaps there is an issue with posting from the same file I want to "read in" from? Thanks for any advice.
Updates
Thank you for such immediate response. Sadly none of the suggestions have worked (removing the space in the action value or the suggestion made by user623952). No errors have been reported, the button is just failing to be set. I am looking for other places in the file that might have errors, perhaps in the order I call the function.
This works fine for me:
<?php
print "<pre>".print_r($_POST,true)."</pre>";
confirm_recipients();
function confirm_recipients() {
echo "<form action = ' ' name ='email_options' method='post'>";
echo "<input type='submit' name='sendRecipients' value='Yes, I want to send the emails' >";
echo "</form>";
}
if (isset($_POST['sendRecipients']))
{
print "<br/>sendRecipients is set!<br/>";
}
?>
I think your problem might be somewhere else in the code.
It's okay to POST the form data to the same script that contains the form. Change the action attribute to the URL of the script, do not set it to whitespace, which is what you did.
I don't think the value of a submit input is sent as part of the POST. Try using an input type="hidden" with the name 'sendRecipients'.
I might be on the wrong path (tiredness..) for the moment but i have passed 4 hours or something similar to debug my code. I have a form that is auto submitted when I click on a radio button, once clicked the next form appear and let me input the customer information. But when the page reload for displaying the other form, my variable $CustomerType is set and correct and, when i complete the input form (the second one) the php check if everything in it seems correct and it does, but it says my variable $CustomerType is missing then reload the page and ask me again to set the type.
I can't paste all my code out here (~300 lines) but here is the core :
<?php $_POST['CustomerType']="SOMEONE"; ?> // Ok so this was the trick, it solved the main bug but it now fix my choice to SOMEONE only. Can't change to another type
<form method="post" action="<?php echo escaped_html($_SERVER['PHP_SELF'],'URL');?>">
<?php
$array=show_enum("customer", "CustomerType");
$checked="";
foreach($array as $CustomerType)
{
$checked="";
if(isset($_POST['CustomerType']))
{
if($_POST['CustomerType']==$CustomerType) $checked="checked";
}
echo "<input type='radio' name='CustomerType' value=".$CustomerType." ".$checked." onClick='this.form.submit()'>".$CustomerType."</input>";
}
?> </form>
EDIT Ok there is some news : by modifying the top who was : <?php $_POST['CustomerType']="SOMEONE"; ?>
TO
if(!isset($_POST['CustomerType'])) $_POST['CustomerType']="SOMEONE";
It seems to solve the second problem of the form, which couldn't let me change the type (auto-rollback to SOMEONE). But now, on form submit my choices are always rolling back to [CustomerType] => SOMEONE instead of SOMEBODY (and i checked SOMEBODY).
It means that i can't hold the value $_POST['CustomerType'] on page reload for submitting.
For example : This one which seems identical except that it's submitted with "save" button instead of onsubmit is working fine.
$array=show_enum("customer", "Language");
foreach($array as $Language)
{
$checked="";
if(isset($_POST['Language']))
{
if($_POST['Language']==$Language) $checked="checked";
}
else if($Language=="FR") $checked="checked";
echo "<input type='radio' name='Language' value=".$Language." ".$checked." />";
string2languagepic($Language);
}
Picture of the problem *OnSubmit = onClick='this.form.submit()
After looking at your code a little more I think I have spotted your problem, try the following and see if it works.
echo "<input type='radio' name='CustomerType' id='CustomerType' value='$CustomerType' $checked onClick='this.form.submit();' >"
If that fails you could always add a hidden field, and when clicking on the radio button it adds a value to it and then submits the form.
How do I maintain the $post value when a page is refreshed; In other words how do I refresh the page without losing the Post value
This in not possible without a page submit in the first place! Unless you somehow submitted the form fields back to the server i.e. Without Page Refresh using jQuery etc. Somesort of Auto Save Form script.
If this is for validation checks no need for sessions as suggested.
User fills in the form and submits back to self
Sever side validation fails
$_GET
<input type="hidden" name="first"
value="<?php echo htmlspecialchars($first, ENT_QUOTES); ?>" />
validation message, end.
alternatively as suggested save the whole post in a session, something like this, but again has to be first submitted to work....
$_POST
if(isset($_POST) & count($_POST)) { $_SESSION['post'] = $_POST; }
if(isset($_SESSION['post']) && count($_SESSION['post'])) { $_POST = $_SESSION['post']; }
You can't do this. POST variables may not be re-sent, if they are, the browser usually does this when the user refreshes the page.
The POST variable will never be re-set if the user clicks a link to another page instead of refreshing.
If $post is a normal variable, then it will never be saved.
If you need to save something, you need to use cookies. $_SESSION is an implementation of cookies. Cookies are data that is stored on the user's browser, and are re-sent with every request.
Reference: http://php.net/manual/en/reserved.variables.session.php
The $_SESSION variable is just an associative array, so to use it, simply do something like:
$_SESSION['foo'] = $bar
You could save your $_POST values inside of $_SESSION's
Save your all $_POST's like this:
<?php
session_start();
$_SESSION['value1'] = $_POST['value1'];
$_SESSION['value2'] = $_POST['value2'];
// ETC...
echo "<input type='text' name='value1' value='".$_SESSION['value1']."' />";
echo "<input type='text' name='value2' value='".$_SESSION['value2']."' />";
?>
Actually in html forms it keeps post data.
this is valuble when you need to keep inserted data in the textboxes.
<form>
<input type="text" name="student_name" value="<?php echo
isset($_POST['student_name']) ? $_POST['student_name']:'';
?>">
</form>
put post values to session
session_start();
$_SESSION["POST_VARS"]=$_POST;
and you can fetch this value in another page like
session_start();
$_SESSION["POST_VARS"]["name"];
$_SESSION["POST_VARS"]["address"];
You can use the same value that you got in the POST inside the form, this way, when you submit it - it'll stay there.
An little example:
<?php
$var = mysql_real_escape_string($_POST['var']);
?>
<form id="1" name="1" action="/" method="post">
<input type="text" value="<?php print $var;?>"/>
<input type="submit" value="Submit" />
</form>
You can use file to save post data so the data will not will not be removed until someone remove the file and of-course you can modify the file easily
if($_POST['name'])
{
$file = fopen('poststored.txt','wb');
fwrite($file,''.$_POST['value'].'');
fclose($file);
}
if (file_exists('poststored.txt')) {
$file = fopen('ipSelected.txt', 'r');
$value = fgets($file);
fclose($file);
}
so your post value stored in $value.
I have a text area page which is launched from the previous page:
$message = $_POST['editPost'];
header("location:editPost.php?msg=$message");
The editPost.php retrieves this and fills the text area like so:
echo "<form action='index.php' method='post'>
Your Post:<br/>
<textarea name='comments' cols='100' rows='100'>".$_GET["msg"]."</textarea>
<br/>
<input type=submit value='submit'>
</FORM>";
The problem I'm getting is not all the data of 'msg' seems to get passed across, or the message gets cut of at the point where it reaches a quotation mark e.g. '
The text I want it to fill the textarea with this text:
So this is my second blog post for this assignment, I've progressed a bit since my previous post
however it only add this to the text area this:
So this is my second blog post for this assignment, I
As I say it seems to not contain any more of the string after the quotation mark is reached. Is there anyway around this so I can pass the whole message across?
EDIT
I might add, I'm aware a more simple solution would be to retrieve the message again from the MySQL database as that's what I'm using, but I'm just intrigued as to how this works.
if(isset($_POST['edit'])) {
//$_SESSION['postToEdit'] = $_POST['editPost'];
$message = htmlentities($_POST['editPost'], ENT_QUOTES);
header("location:editPost.php?msg=$message");
That is what I do with the data once it is posted from this form:
foreach($posts as $postid=>$post)
{
echo '<div class="blogPosts">'.$post;
if(isset($_SESSION['username'])) {
if($_SESSION['isAdmin'] == "true") {
echo "<br/><br/><form name='adminTools' action='index.php' method='post'>
<input type='hidden' name='editPost' value='$post'>
<input type='submit' value='Edit' name='edit'/>
<input type='hidden' name='deletePost' value='$postid'>
<input type='submit' value='Delete' name='delete' /></form>
</div>";
echo "<form action='index.php' method='post'>
Your Post:<br/>
<textarea name='comments' cols='100' rows='100'>".htmlspecialchars($_GET["msg"])."</textarea>
<br/>
<input type=submit value='submit'>
</FORM>";
textarea seems an odd container for it, but that's your call
I think I get it.
header("location:editPost.php?msg=$message"); doesn't smells good.
If you simply want to fix the problem use http://php.net/manual/en/function.urlencode.php and when getting the value http://www.php.net/manual/en/function.urldecode.php
You're getting a post request and then forwarding it using header location. That's definitely a poor way to do it. The problem probably is taking place when you pass the parameter as a query string on ?msg=$message
Since MVC and alike applications (n-layered apps) is the standard now. You should not do that spaghetti code, mixing html and php and using header as your FrontController dispatcher.
I'd suggest you to use for example, the SLIM framework. If you do not want to learn this. You should at least follow the standards described here.
E.g.:
<?php
// index.php
// load and initialize any global libraries
require_once 'model.php';
require_once 'controllers.php';
// route the request internally
$uri = $_SERVER['REQUEST_URI'];
if ($uri == '/index.php') {
list_action();
} elseif ($uri == '/index.php/show' && isset($_GET['id'])) {
show_action($_GET['id']);
} else {
header('Status: 404 Not Found');
echo '<html><body><h1>Page Not Found</h1></body></html>';
}
In short, create a FrontController file that will map to the desired actions (controllers) according to the request without using header() to execute specific actions (the exception is only if actually the headers are needed, in fact).
Use addslashes($message) before passing it in querystring and stripslashe($_GET['msg']) function before displaying it.
Click addslashes() and stripslashes() for more references.