I tried several solutions from looking at similar questions within the site but it won't work me. =( Please help.
This is an excerpt from my original code:
<form action="" method="get">
<input type="text" name="search" value="">
<input type="submit" value="Search">
<?php echo do_shortcode('[expand]
<input type="checkbox" name="title" <?php if(isset($_GET['title'])) echo "checked='checked'"; ?>>
<label for="ti">Title</label></td>
[/expand]'); ?>
</form>
Basically, I want my checkboxes to remain checked, if they were checked before hitting submit. Unfortunately, it's been hours and I can't get the php to work inside the shortcode.
Please help.
your can try this,
<form action="" method="GET">
<input type="text" name="search" value="">
<input type="submit" value="Search">
<?php
$check=isset($_GET['title']) ? "checked='checked'" : '';
echo do_shortcode('[expand]
<input type="checkbox" name="title" '.$check.' ><label for="ti">Title</label></td>
<input type="submit" value="Search">
[/expand]');
?>
</form>
No, you can't. The php code in your string is no PHP code. You'd have to detect the parts that are actually PHP, and evaluate them.
Create the string that you want to embed in [expand] tags before you pass it to the do_shortcode() function.
Instead of >
Title
[/expand]'); ?>
Simply do
<?php
$state = isset($_GET['title'])?"checked='checked'":"";
$expand = "[expand]
<input type=\"checkbox\" name=\"title\" ".$state. " >";
echo do_shortcode($expand);?>
Related
I am getting the error: Undefined index: data when running the code below
Here are the key parts of the code including sections that work fine:
I create a form to select dates - this all works fine
<div class="dates">
<form method="POST" action="">
<label for="StartDate">Start Date:</span></label>
<input type="datetime-local" id="StartDate" name="StartDate" value="<?php
if(isset($_POST['StartDate'])){echo $_POST['StartDate'];}?>"/>
<label for="EndDate">End Date:</span></label>
<input type="datetime-local" id="EndDate" name="EndDate" value="<?php if(isset($_POST['EndDate']))
{echo $_POST['EndDate'];}?>"/>
<input type="submit">
</form>
</Body>
</HTML>
</div>
I then run an sql query and add a checkbox to each line of data. I use lead_id as the value. This all displays fine and the value is being assigned correctly:
$result = mysqli_query($link,$query);
while ($row = mysqli_fetch_assoc($result))
{
?>
<form method="POST">
<?php
echo '<tr><td>'.$row['lead_id'].'</td>';
echo '<td>'.$row['status'].'</td>';
echo '<td>'.$row['campaign_id'].'</td>';
echo '<td>'.$row['call_date'].'</td>';
echo '<td>'.$row['user'].'</td>';
echo '<td>'.$row['status_name'].'</td>';
?>
<td><input type="checkbox" value='<?php echo $row['lead_id']?>' name="data[]"/></td></tr>";
</form>
<?php
}
I then have a submit button which is used to trigger an email - that all works aprt from it needs to contain the lead ids from the checked boxes and it doesnt due to this error
?>
<div>
<form method="post">
<input type="submit" name="Button1"
value="Send Email"/>
</form>
</head>
</div>
The error I get is Undefined Index: data
I am using the below code to attempt to output the data on screen as well as var_dump. All come out NULL as clearly for some reason it is not picking up the POST.
if(isset($_POST['data']) && !empty($_POST['data']))
foreach($_POST['data'] as $name) echo $name;
Id be grateful if anyone can see my error.
The issue is:
<form method="POST">
<?php
...
<td><input type="checkbox" value='<?php echo $row['lead_id']?>' name="data[]"/></td></tr>";
</form>
These checkboxes are in a different <form> tag and your submit button is in a different <form> tag which is below these checkboxes:
<div>
<form method="post">
<input type="submit" name="Button1"
value="Send Email"/>
</form>
</head>
</div>
That's why on form submit you are not getting those checkboxes. To resolve this, move checkboxes in the same <form> tag where submit button is.
I am facing the problem in WordPress. I passed the value from 1st page to 2nd page (here app-2) which shows the result (by using inspector) but when the form is submitted URL shows only
"app-2/?Screens=30"
But
"app-2/?type=app&Screens=30"
is meant to show. Why does this happen? Is it something to do with 'GET' method?
N.B: $_GET['type'] works perfectly.
<form action="app-2/?
type=<?php $type=$_GET['type']; echo $type;?>
&Screens=<?php echo $_POST['Screens'];?>"
method="GET">
<input type="radio" name="Screens" value="3 - 5" required/>
<input type="radio" name="Screens" value="16 - 30" />
<input type="submit" value="submit">
</form>
$(".submit-form").submit(function(e){
e.preventDefault;
window.location.href = 'app-2/'+$(".submit-form").serialize();
return false;
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<form action="" method="GET" class='submit-form'>
<input type="hidden" name="type" value=<?php echo $_GET['type']; ?>
<input type="radio" name="Screens" value="3 - 5" required/>
<input type="radio" name="Screens" value="16 - 30" />
<input type="submit" value="submit">
</form>
You can try with javascript Please check answer it will helps you :)
Try this one:
<?php
$parameters = "";
$parameters .= "?type=".(isset($_GET["type"])?$_GET["type"]:'')."&Screens=".isset($_GET["Screens"])?$_GET["Screens"]:'';
?>
<form action="app-2/<?=parameters?>"
method="GET">
looks like ordinary question but could not find correct solution. lets say I have this form:
<form name="form" action="nextpage.php">
<input type="text" name="input_name" value="<?php echo $_POST['input_name'];?>" />
<input type="submit" name="submit" value="Next"/>
</form>
For example if I add "My input text >" as value of the input the nextpage.php is broken.
I tried to use for:value="<?php echo strip_tags($_POST['input_name']);?>" or
:value="<?php echo htmlspecialchars($_POST['input_name']);?>" but none of them works.. Why is that and how to avoid it? Thanks
First, you should sanitize your posted value for security, but that aside, php provides a function that automatically escapes special characters called addslahes http://php.net/manual/en/function.addslashes.php, save your post value to a variable using the addslashes function, then use the variable as your value.
try this
<?php
$_POST['input_name']="ddd"; ?>
<form name="form" method="POST" action="nextpage.php">
<input type="text" name="input_name" value="<?php echo $_POST['input_name'];?>" />
<input type="submit" name="submit" value="Next"/>
</form>
and in nextpage.php
<?php
$name=$_POST['input_name'];
echo $name;
Try this:
<form name="form" action="nextpage.php" method="POST">
<input type="text" name="input_name" value="<?php echo $_REQUEST['input_name'];?>" />
<input type="submit" value="Next"/>
</form>
I have a search form on a webpage which i will create a dynamic page from the content in putted. I have got it to work but there is another one of these forms and there is also selectable data. I want it to only show the hidden fields lines when sku, sku2, txtKeyword2 is set. Please find below what i have tried so far.
<form name="frmSearch" method="get" action="<?=$_SERVER['SCRIPT_NAME']?>">
<table width="100%">
<tr>
<th><h3>Search </h3>
<div class="alert-box">Insert Text for alert box</div>
<input name="txtKeyword" type="text" id="txtKeyword" value="<?=$_GET["txtKeyword"];?>" size="40">
<?php if(isset($_GET['sku'])) echo '<input type="hidden" name="sku" value="'.$_GET['sku'].'">'?>
<?php if(isset($_GET['sku2'])) echo '<input type="hidden" name="sku2" value="'.$_GET['sku2'].'">'?>
<?php if(isset($_GET['txtKeyword2'])) echo '<input type="hidden" name="txtKeyword2" value="'.$_GET['txtKeyword2'].'">'?>
<input class="alert button" type="submit" value="Search"></th>
</tr>
</table>
</form>
All i want is for it not to show the input lines if they are not set. I think i am doing right but i am not sure as i am learning php.
I have also tried the following code which did work but it outputted the following url.
index.php?txtKeyword=giro%25skyline&sku=%09%09<input+type%3D
I know this shouldn't happen but it makes my page work but when i goto enter data in to the other search form it adds part of the input line in to the url. Here is the code that i tried:
<form name="frmSearch" method="get" action="<?=$_SERVER['SCRIPT_NAME']?>">
<table width="100%">
<tr>
<th><h3>Search </h3>
<div class="alert-box">Insert text for the alert box</div>
<input name="txtKeyword" type="text" id="txtKeyword" value="<?=$_GET["txtKeyword"];?>" size="40">
<input type="hidden" name="sku" value="<?php if(isset($_GET['sku'])) echo ''.$_GET['sku'].'">'?>
<input type="hidden" name="txtKeyword2" value="<?php if(isset($_GET['txtKeyword2'])) echo ''.$_GET['txtKeyword2'].'">'?>
<input type="hidden" name="sku2" value="<?php if(isset($_GET['sku2'])) echo ''.$_GET['sku2'].'">'?>
<input class="alert button" type="submit" value="Search"></th>
</tr>
</table>
</form>
I would really like to know what is going on how i can fix it.
Thanks Ryan
<?php echo isset($_GET['sku']) ? '<input type="hidden" name="sku" value="'.$_GET['sku'].'">' : ''; ?>
However, just FYI, that is not secure at all.
For a start there is 2 likely vulnerabilities within that code:
XSS:
if $_GET['sku'] is something like: "><script>alert('XSS');</script>then you will get an alert box on your page, which in theory could be used for phishing, cookie stealing, creating a worm (like the SamiWorm). A good way to fix/prevent this is using htmlentities which encodes all html characters into their associated entities.
SQL Injection:
if $_GET['sku'] is something like ' UNION ALL SELECT id,username,password FROM users LIMIT 0,1-- then you could potentially have your database stolen (especially if someone decided to use a tool like SQLMap, which is an automatic SQL Injection tool). A good way of fixing this is by using mysql_real_escape_string() on the argument which escapes any disallowed characters.
So a better way would be something like this:
<?php echo isset($_GET['sku']) ? '<input type="hidden" name="sku" value="'.htmlentities(mysql_real_escape_string($_GET['sku'])).'">' : ''; ?>
Here is why your code didn't work:
You were trying to make PHP evaluate your closing html tag : "> inside your php echo will not work, as it will not know how to parse it.
It is easier to use ternary operators over short-ifs as, imho, they are easier to read/write for everyone else.
Here is my complete version:
<form name="frmSearch" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
<table width="100%">
<tr>
<th><h3>Search </h3>
<div class="alert-box">Insert text for the alert box</div>
<input name="txtKeyword" type="text" id="txtKeyword" value="<?php echo isset($_GET["txtKeyword"]) ? htmlentities(mysql_real_escape_string($_GET["txtKeyword"]))) : ''; ?>" size="40">
<input type="hidden" name="sku" value="<?php echo isset($_GET['sku']) ? htmlentities(mysql_real_escape_string($_GET['sku'])) : ''; ?> ">
<input type="hidden" name="txtKeyword2" value="<?php echo isset($_GET['txtKeyword2'])) ? htmlentities(mysql_real_escape_string($_GET['txtKeyword2'])); ?>">
<input type="hidden" name="sku2" value="<?php echo isset($_GET['sku2']) ? htmlentities(mysql_real_escape_string($_GET['sku2'])); ?> ">
<input class="alert button" type="submit" value="Search"></th>
</tr>
</table>
</form>
I'm trying to create a BMI calculator. This should allow people to use either metric or imperial measurements.
I realise that I could use hidden tags to solve my problem, but this has bugged me before so I thought I'd ask: I can use $_POST['variableName'] to find the submitted variableName field-value; but...I don't know, or see, how to verify which form was used to submit the variables.
My code's below (though I'm not sure it's strictly relevant to the question):
<?php
$bmiSubmitted = $_POST['bmiSubmitted'];
if (isset($bmiSubmitted)) {
$height = $_POST['height'];
$weight = $_POST['weight'];
$bmi = floor($weight/($height*$height));
?>
<ul id="bmi">
<li>Weight (in kilograms) is: <span><?php echo "$weight"; ?></span></li>
<li>Height (in metres) is: <span><?php echo "$height"; ?></span></li>
<li>Body mass index (BMI) is: <span><?php echo "$bmi"; ?></span></li>
</ul>
<?php
}
else {
?>
<div id="formSelector">
<ul>
<li>Metric</li>
<li>Imperial</li>
</ul>
<form name="met" id="metric" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="form/multipart">
<fieldset>
<label for="weight">Weight (<abbr title="Kilograms">kg</abbr>):</label>
<input type="text" name="weight" id="weight" />
<label for="height">Height (<abbr title="metres">m</abbr>):</label>
<input type="text" name="height" id="height" />
<input type="hidden" name="bmiSubmitted" id="bmiSubmitted" value="1" />
</fieldset>
<fieldset>
<input type="reset" id="reset" value="Clear" />
<input type="submit" id="submit" value="Submit" />
</fieldset>
</form>
<form name="imp" id="imperial" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="form/multipart">
<fieldset>
<label for="weight">Weight (<abbr title="Pounds">lbs</abbr>):</label>
<input type="text" name="weight" id="weight" />
<label for="height">Height (Inches):</label>
<input type="text" name="height" id="height" /
<input type="hidden" name="bmiSubmitted" id="bmiSubmitted" value="1" />
</fieldset>
<fieldset>
<input type="reset" id="reset" value="Clear" />
<input type="submit" id="submit" value="Submit" />
</fieldset>
</form>
<?php
}
?>
I verified that it worked (though without validation at the moment -I didn't want to crowd my question too much) with metric; I've added the form but not the processing for the imperial yet.
To identify the submitted form, you can use:
A hidden input field.
The name or value of the submit button.
The name of the form is not sent to the server as part of the POST data.
You can use code as follows:
<form name="myform" method="post" action="" enctype="multipart/form-data">
<input type="hidden" name="frmname" value=""/>
</form>
You can do it like this:
<input type="text" name="myform[login]">
<input type="password" name="myform[password]">
Check the posted values
if (isset($_POST['myform'])) {
$values = $_POST['myform'];
// $login = $values['login'];
// ...
}
The form name is not submitted. You should just add a hidden field to each form and call it a day.
In the form submitting button (id method of form is post):
<input type="submit" value="save" name="commentData">
In the PHP file:
if (isset($_POST['commentData'])){
// Code
}
For some reason, the name of the submit button is not passed to the superglobal $_POST when submitted with Ajax/jQuery.
Use a unique value on the submit button for each form like so
File index.html
<form method="post" action="bat/email.php">
<input type="text" name="firstName" placeholder="First name" required>
<input type="text" name="lastName" placeholder="Last name" required>
<button name="submit" type="submit" value="contact">Send Message</button>
</form>
<form method="post" action="bat/email.php">
<input type="text" name="firstName" placeholder="First name" required>
<input type="text" name="lastName" placeholder="Last name" required>
<button name="submit" type="submit" value="support">Send Message</button>
</form>
File email.php
<?php
if (isset($_POST["submit"])) {
switch ($_POST["submit"]) {
case "contact":
break;
case "support":
break;
default:
break;
}
}
?>
As petervandijck.com pointed out, this code may be susceptible to XSS attacks if you have it behind some kind of log-in system or have it embedded in other code.
To prevent an XSS attack, where you have written:
<?php echo "$weight"; ?>
You should write instead:
<?php echo htmlentities($weight); ?>
Which could even be better written as:
<?=htmlentities($weight); ?>
You can use GET in the form's action parameter, which I use whenever I make a login/register combined page.
For example: action="loginregister.php?whichform=loginform"
I had a similar problem which brought me to this question. I reviewed all the preceding answers, but ultimately I ending up figuring out my own solution:
<form name="ctc_form" id="ctc_form" action='' method='get'>
<input type="hidden" name="form_nm" id="form_nm">
<button type="submit" name="submit" id="submit" onclick="document.getElementById('form_nm').value=this.closest('form').name;">Submit</button>
</form>
It seamlessly and efficiently accomplishes the following:
Passes the form name attribute via a hidden input field, without using the fallible value attribute of the submit button.
Works with both GET and POST methods.
Requires no additional, independent JavaScript.
You could just give a name to the submit button and do what needs to be done based on that. I have several forms on a page and do just that. Pass the button name and then if button name = button name do something.
Only the names of the form fields are submitted, but the name of the form itself is not. But you can set a hidden field with the name in it.