I have a https page named user.php that gets data and posts it to another receiving.php https page. My problems is whenever I submit my data for posting the receiving.php displays server error. I have read articles about cURL but I don't have a clear picture of the syntax.
user.php
<form action="https://www.mydomain.com/ssl/receiving.php">
<input type="text" name="variable" />
<input type="submit" name="buttonName" />
</form>
receving.php
if(isset($_POST["buttonName"]))
{
$variable=$_POST['variable'];
}
You want to add method="POST" to your form tag. By default it'll submit through GET. If that doesn't work, try var_dump($_POST) in receiving.php to see exactly what's coming through. cURL is mainly for when you want a script to make a request to a server on its own. A form submit shouldn't need to worry about cURL.
What error are you receiving though? This shouldn't display an error as your isset() should just return false.
you need to use the $_GET method instead of $_POST because $_GET is a method that displays your request in the form in URL. while $_POST for security reason is just getting data from the form and not displaying the actions you've requested.
<form action="https://www.mydomain.com/ssl/receiving.php">
if you want to use $_POST you need to make your form method set to method="POST" or by default your method form is using "GET".
So you instead of using $_POST , you need to use $_GET in your case.
Related
loaded page from javascript. tested for GET & POST. Only GET set as expected;
window.location.href = "medications_edit_revised.html?recordId="+id ;
Retrieved and used the data from the GET[]
Reloaded page from SUBMIT as shown below.
<form method="post" action="">
<table id="detailsDivTable">
<?php
$editClass->selectTheRecord();
?>
</table>
<fieldset name="Group1">
<legend>Group box</legend>
<input name="saveButton" type="submit" value="Save" />
<input name="deleteButton" type="submit" value="Delete" />
<input name="cancelButton" type="submit" value="Cancel" />
</fieldset>
</form>`
Tested GET[] & SET[]
if (isset($_GET['recordId']) ) {
$recordId = $_GET['recordId'];
require_once "medications_edit_revised.class.php";
$editClass = new editRevisedClass($DBH, $recordId);
}
if(isset($_POST['saveButton'])) {
Both tested TRUE. Is this normal behavior. I expected the GET[] would have been cleared when the form was POSTed
If yes is there a way to clear the GET before sending the SUBMIT
Thanks
When you set the URL like this:
window.location.href = "medications_edit_revised.html?recordId="+id ;
You have set URL params. Then when you do this:
Reloaded page from SUBMIT as shown below.
<form method="post" action="">
Because the action is empty it'll retain the URL parameters, because that's what empty and (eg) $_SERVER['PHP_SELF'] do - they send to the current URL, params and all.
You already know the URL so just set it as needed:
action="medications_edit_revised.html"
You seem to be confusing POST/GET requests and the PHP $_POST and $_GET superglobal variables.
PHP will populate $_GET with data in the query string of the URL the request was made to.
PHP will populate $_POST with data in the request body of a POST request if that data is encoded using a supported encoding.
It doesn't matter if the request was caused by JavaScript, a form submission, or something else.
Is this normal behavior.
Yes
If yes is there a way to clear the GET before sending the SUBMIT
Submit the form to a URL which does not have a query string.
The URL the form is submitted to will be specified by the action attribute.
If you don't have an action attribute, it will be submitted to the URL of the current page. If that URL has a query string, then so will be the URL that the form is submitted to (and thus $_GET will be populated).
If you want to avoid that, then specify the action explicitly.
Can you please past some of your code?
If you use GET to revice your variable, it gets it from the URL: example.com?name=jesper&lastname=kaae
The differences is:
GET requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by robots or crawlers, which should not need to consider the side effects that a request should cause.
And
POST submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.
You can read more about them here
I am writing PHP code for my hosting web page.
I create a search domain filled on page with $_GET to check if domain was available. I need to protect my $GET function in code.
The $GET code to process searching of a domain:
if(isset($_GET['search'])){
$domena = ($_GET['search']);
}
HTML CODE
I have a submit button with FORM POST ACTION and I get the URL:
www.domain.com/index.php?search=domain.com
I need know if I can hide the URL search=domain.com
Note - I don't want to use AJAX or other language, just PHP.
If you want to hide search parameter, then send it by POST method and accept it by $_POST instead of $_GET.
if(isset($_POST['search'])){
$domena = ($_POST['search']);
}
Have you thought about using the $_POST method? The data sent from the user will be in the HTTP request and not in the url. The $_GET method would be posted in the url.
Mozilla does a good job explaining this.
Make sure to specify method $_POST in your form. For example:
<form action="http://foo.com" method="post">
<input name="say" value="Hi">
<input name="to" value="Mom">
<button>Send my greetings</button>
</form>
Then to retrieve your data, use the same code you posted in your question but change $_GET to $_POST
Suppose my Form codes look like this
URL : localhost/my-url.php
<form action="hello.php">
...bla bla bla
</form>
I will process the data in hello.php and i want to redirect to user to same url after processing (according to above example)
localhost/my-url.php
I know we can use header but i don't know how to get that url from which form was submited :(
Googled but didn't found any use full.
Thanks.
Add a hidden value in your form:
<input type="hidden" name="lastUrl" value="<?php echo $_SERVER['REQUEST_URI'] ?>" />
You now have the URL in $_POST['lastUrl'] data. You need to do it that complicated because $_SERVER["HTTP_REFERER"]; is send by the browser, and not all of them do this reliable.
You should put a hidden field in your form and set its value to current page url.
Then you submit the form and get the value of hidden field.
Then you can redirect user to hidden field (which is actually a URL of the page where you are submitting form) by using javascript or php.
You can use the
$_SERVER["HTTP_REFERER"];
to get the original URL where the form was posted from.
Remember to escape it, if you use it however. ]
Alternatively, you can process the form using AJAX, send process things (redirection) client-side.
Note that form data can be changed and intercepted if you wish to send the URL of the page as form data.
<form action="create_page.php?subject=<?php echo urlencode($current_subject["id"]); ?>" method="post">
After the form been submitted, the $current_subject["id"] vanishes.
I know it happens in GET method, but why would it disappear in POST method?
Strange things happen when the form does not pass my validation function, the parameter stays there. But when it passes, it goes away. I know I could use hidden field, but I am curious why this happens.
may be seems you have an empty value for $current_subject["id"] so try to a check
if(!empty($current_subject["id"])) {
// do yourstuff
}
or for best alternate way try to use as a hidden in form
<form action="create_page.php">
<input type ="hidden" name="subject" value="<?php echo urlencode($current_subject['id']);?>">
Yes it will not work and for that you need to go back to the definition of GET and POST.
In GET request the form parameters are encoded in the URL and is called a query string.
So using
$_GET will expect the parameters in the query string.
A POST request passes the form parameters in the body of the HTTP request, not in the URL.
So using $_POST will expect the data in the HTTP request not in the query string.
And this is the very reason why data is passed in the hidden field as in your example.
I have some forms, and am currently using an implementation as described below:
<form action="/formpost.php" method="post" name="form1" id="form1">
<input type="hidden" name="to" id="to" value="__COMMENT1" />
<!-- rest of form -->
</form>
__COMMENT1 refers to the page where I want the user to be redirected after the form posts.
Pretty much what happens is that the form is posted to formpost.php, the $_POST array is converted to $_SESSION['POST'], the $_POST is unset, and then the user is redirected to the location referenced in the value of the hidden input field ([id = to] always the same ID/name.) I can then continue to use the user's form submitted values (referenced from the $_SESSION array) regardless of whether they go 'back', refresh, etc.
Is there anything wrong with this?
Are there any benefits to using the POST/REDIRECT/GET pattern instead?
Nothing wrong with your method, it's more convenient than PRG.
though, I see no point in keeping POST variables unless in case of error.
and there is no point in unsetting $_POST, of course.
Well, after some explanation it seems that your setup is quite wrong.
there is no point in making single action for all forms as well as in unnecessary redirect.
make your form action the actual script that validates the form.
on success, redirect wherever you want.
on error:
save POST data and error messages into session and redirect to the same URL
populate the form and unset POST data and errors
show the form