Accidentally, I discovered that whenever there is a backslash at the end of a search, the page after clicking submit will return a broken search form.
In my case, the submit button turned into a text area.
Using Google Chrome's "inspect element" I saw that my search form turned into this:
<form method="get" action="">
<input type="hidden" name="type" value="books">
<input type="text" name="search" value="\"> <input type=">
</form>
</div></div></div><div id=" sidebar"="" class="sidebar widget-area"></form>
The following code is my form. I am guessing that I need to sanitize/escape the value from the input type text? But why isn't esc_attr() working?
<form action="" method="get">
<input type="text" name="search" value="<?php echo esc_attr(stripslashes($_GET['search'])); ?>">
<input type="submit" value="Search">
<input type="checkbox" name="title">
</form>
P.S. I am using this custom search form to search custom fields and display the resulting custom post types using Pods Plugin. It doesn't appear that this is a Pods plugin issue though.
https://github.com/pods-framework/pods/issues/1620
Also, this doesn't appear to be a conflict from another theme or plugin.
I've made some test, I'm guessing that your question was missunderstood, this code should work:
<form action="" method="get">
<input type="text" name="search" value="<?php echo urldecode($_GET['search']); ?>">
<input type="submit" value="Search">
<input type="checkbox" name="title">
</form>
You can check the php urldecode function for extra info.
Decoding an url is the oposite of encoding it, when a special character is submited it needs to be encoded, when you want to display it you'll have to decode it.
EDIT:
After the form is submitted, when its values are processed, then you have to use esc_attr(stripslashes($_GET['search'])) so that the value becomes encoded and sql-injections and other format issues are avoided, again this has to happen in the php file where the form is processed, usually after an if ($_GET) statement.
I have tried dozens of sanitation and escaping. But in the end, only preg_replace worked against that annoying backslash.
Related
This is simplified code of index.php :
<form action="index.php" method="get">
<input type="text" name="course">
<button>Find</button>
</form>
Suppose, in the text field "ADAM" is put and after pressing Find button url becomes
myweburl/index.php?course=ADAM
But I want to make it
myweburl/index.php?course=ADAM#courseid
NB: Here courseid is a div id name inside index.php. By this way, I will be able to scroll down the result area.
Do you know how to do this?
Why not do it in a more legitimate way
<form action="index.php" method="get">
<input type="text" name="course">
<input type="hidden" name="courseid" value="<?php echo $courseId;?>">
<button>Find</button>
</form>
Then you get a url like this
myweburl/index.php?course=ADAM&courseid=1234
Now you dont have to do any text manipulation in the script that processes the data you just use
$_GET['course']
$_GET['courseid']
Simply add the hashtag to the action attribute.
The browser would know to move it to the end of the url string (after the GET parameters).
<form action="index.php#courseID" method="get">
<input type="text" name="course">
<button>Find</button>
</form>
Would result:
index.php?course=xxxx#bla
Tested on Chrome, if someone find other results please update.
I have a free form search that I moved from my main content to my header. Once I moved the form into the header the text inside of it stopped showing. The placeholder works but when you begin typing it is completely blank. The search and the functionality work perfectly, I just cannot see what I am typing. Any ideas?
<form class="search" action="/all-results/" method="get">
<fieldset>
<span class="text"><input name="searchProducts" value="All" type="hidden">
<input type="hidden" name="search_selection" value="all">
<input name="byString" id="s" type="text" value="" placeholder="<?php echo __('Search','Avada'); ?>" /></span>
</fieldset>
<form name="input" action="/all-results/" method="get">
<input type="submit" id="search_button" value="Search">
</form>
</form>
Your HTML is invalid. You can not nest a <form> element inside another <form>. Messing up forms and tables are two of the best ways to produces peculiar browser behaviour, so my guess is that this is your problem.
If you correct your HTML (validate it!) and the problem persists, then post a minimal HTML page with CSS so that there is something for us to debug.
I have a problem with creating a simple search form, used to search my database.
I started using the POST-method and everything worked fine, but switched to using GET-method instead to be able to bookmark my search results. But now I have trouble with the "action-url" when posting.
<form action="index.php?page=searchresult'" method="post">
This worked fine, I got my var's sent to the stated URL, but
<form action="index.php?page=searchresult" method="get">
Doesn't work. When I check my HTML code everything looks great, but I end up going to the URL
site.com/index.php?ALL THE GET-variables linedup here.
I am loosing the "?page=searchresult" part when using the GET-method?!
Am I missing something here, please help?!
Humble regards :)
Try changing this to
<form action="index.php?page=searchresult" method="get">
Put the page element as a hidden tag.
<form action="index.php" method="get">
<input type="hidden" name="page" value="searchresult"/>
<!-- Rest of the input elements -->
<input type="submit" />
</form>
This should fix your issue.
If you are using GET methood then you can pass page parameter in hidden field
like
<input type="hidden" name="page" value="searchresult">
GET sends data in the query string. If the URL in the action has a query string, it will be overwritten by the new one generated by the form.
Store your data in hidden inputs instead.
Well, this is interesting, but you can fix it using an hidden <input>, such as this:
<form action="index.php" method="get">
<input type="hidden" name="page" value="searchresult" />
<input type="submit" value="submit" />
</form>
Just compile the "value" of the hidden input with what you need to pass.
Tried it and it actually works.
Edit:
obviously, from php, use this:
<?php $page = ((isset($_GET['page'])?($_GET['page']):("nope")); ?>
Add a hidden page data in the form.
<form action="index.php" method="get">
<input type="hidden" name="page" value="searchresult" />
Simply because "page=searchresult" is a get data.
You have a quote too much, try removing it.
|
\|/
<form action="index.php?page=searchresult'" method="post">
I have an
<input type=text name=search />
and I wanted to add the value of input to my href
<a href='index.php?search=$search>submit</a>
But I think that won't work on php alone right?
How can I add the value of my input to my href as it clicks?
NOTE: need to appear in the browser url menu this way
index.php?search=anyvalue
as soon as they click it. because I'm using pagination
Straight HTML - no PHP or JavaScript Needed
<form action="index.php" method="get">
<input type="text" name="search" />
<button type="submit">Submit</button>
</form>
Once clicked it will take the user to: index.php?search={value of input}
For pagination to work it would be:
Page 2
Page 3
try this:
<form method="get" action="index.php">
<input name="search" type="text" />
<input type="submit" />
</form>
If that's not what your looking for just elaborate a bit on what you are trying to achieve.
you must open a php tag like this:
<a href='index.php?search=<?php echo $search;?>' >submit</a>
but it work after submitting the form.
use javascript
When clicking a button, I would like my URL to become this:
users.php?action=search&formvar1=value&formvar2=value&...
This is what I've tried:
<form id="search" action="users.php?action=search" method="get">
But this doesn't seem to work (it doesn't add the action=search part). Is there any way to do this? I know it works when using POST instead of GET, so why wouldn't it here?
Thank you
You can do that similarly to a POST form. Simply include the default attribute as hidden form field:
<form id="search" action="users.php" method="get">
<input type="hidden" name="action" value="search">
This way it will be added as parameter to the URL like all other variables.
The browser is building the query string from scratch.
Instead, you can add an <input type="hidden" name="action" value="search" />.