I have a search form on a webpage which i will create a dynamic page from the content in putted. I have got it to work but there is another one of these forms and there is also selectable data. I want it to only show the hidden fields lines when sku, sku2, txtKeyword2 is set. Please find below what i have tried so far.
<form name="frmSearch" method="get" action="<?=$_SERVER['SCRIPT_NAME']?>">
<table width="100%">
<tr>
<th><h3>Search </h3>
<div class="alert-box">Insert Text for alert box</div>
<input name="txtKeyword" type="text" id="txtKeyword" value="<?=$_GET["txtKeyword"];?>" size="40">
<?php if(isset($_GET['sku'])) echo '<input type="hidden" name="sku" value="'.$_GET['sku'].'">'?>
<?php if(isset($_GET['sku2'])) echo '<input type="hidden" name="sku2" value="'.$_GET['sku2'].'">'?>
<?php if(isset($_GET['txtKeyword2'])) echo '<input type="hidden" name="txtKeyword2" value="'.$_GET['txtKeyword2'].'">'?>
<input class="alert button" type="submit" value="Search"></th>
</tr>
</table>
</form>
All i want is for it not to show the input lines if they are not set. I think i am doing right but i am not sure as i am learning php.
I have also tried the following code which did work but it outputted the following url.
index.php?txtKeyword=giro%25skyline&sku=%09%09<input+type%3D
I know this shouldn't happen but it makes my page work but when i goto enter data in to the other search form it adds part of the input line in to the url. Here is the code that i tried:
<form name="frmSearch" method="get" action="<?=$_SERVER['SCRIPT_NAME']?>">
<table width="100%">
<tr>
<th><h3>Search </h3>
<div class="alert-box">Insert text for the alert box</div>
<input name="txtKeyword" type="text" id="txtKeyword" value="<?=$_GET["txtKeyword"];?>" size="40">
<input type="hidden" name="sku" value="<?php if(isset($_GET['sku'])) echo ''.$_GET['sku'].'">'?>
<input type="hidden" name="txtKeyword2" value="<?php if(isset($_GET['txtKeyword2'])) echo ''.$_GET['txtKeyword2'].'">'?>
<input type="hidden" name="sku2" value="<?php if(isset($_GET['sku2'])) echo ''.$_GET['sku2'].'">'?>
<input class="alert button" type="submit" value="Search"></th>
</tr>
</table>
</form>
I would really like to know what is going on how i can fix it.
Thanks Ryan
<?php echo isset($_GET['sku']) ? '<input type="hidden" name="sku" value="'.$_GET['sku'].'">' : ''; ?>
However, just FYI, that is not secure at all.
For a start there is 2 likely vulnerabilities within that code:
XSS:
if $_GET['sku'] is something like: "><script>alert('XSS');</script>then you will get an alert box on your page, which in theory could be used for phishing, cookie stealing, creating a worm (like the SamiWorm). A good way to fix/prevent this is using htmlentities which encodes all html characters into their associated entities.
SQL Injection:
if $_GET['sku'] is something like ' UNION ALL SELECT id,username,password FROM users LIMIT 0,1-- then you could potentially have your database stolen (especially if someone decided to use a tool like SQLMap, which is an automatic SQL Injection tool). A good way of fixing this is by using mysql_real_escape_string() on the argument which escapes any disallowed characters.
So a better way would be something like this:
<?php echo isset($_GET['sku']) ? '<input type="hidden" name="sku" value="'.htmlentities(mysql_real_escape_string($_GET['sku'])).'">' : ''; ?>
Here is why your code didn't work:
You were trying to make PHP evaluate your closing html tag : "> inside your php echo will not work, as it will not know how to parse it.
It is easier to use ternary operators over short-ifs as, imho, they are easier to read/write for everyone else.
Here is my complete version:
<form name="frmSearch" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
<table width="100%">
<tr>
<th><h3>Search </h3>
<div class="alert-box">Insert text for the alert box</div>
<input name="txtKeyword" type="text" id="txtKeyword" value="<?php echo isset($_GET["txtKeyword"]) ? htmlentities(mysql_real_escape_string($_GET["txtKeyword"]))) : ''; ?>" size="40">
<input type="hidden" name="sku" value="<?php echo isset($_GET['sku']) ? htmlentities(mysql_real_escape_string($_GET['sku'])) : ''; ?> ">
<input type="hidden" name="txtKeyword2" value="<?php echo isset($_GET['txtKeyword2'])) ? htmlentities(mysql_real_escape_string($_GET['txtKeyword2'])); ?>">
<input type="hidden" name="sku2" value="<?php echo isset($_GET['sku2']) ? htmlentities(mysql_real_escape_string($_GET['sku2'])); ?> ">
<input class="alert button" type="submit" value="Search"></th>
</tr>
</table>
</form>
Related
So, i want to get id from $_POST["id"] when i push a button in a table
<form action="dosomething.php" method="post">
<td> <?php echo $row["id"]; ?> </td>
<td> <button>Do something</button> </td>
</form>
is that even possible?
thanks for any answers and help
Yes it is.
You will need to set a hidden input somewhere inside your form tags, like :
<form action="dosomething.php" method="post">
<input type="hidden" name="id" value="<?= $row["id"]; ?>" />
<td> <?php echo $row["id"]; ?> </td>
<td> <button onclick="this.form.submit();">Do something</button> </td>
</form>
This is not an elegant code and you should probably consider using javascript, especially if you have a lot rows and buttons.
My goal is to populate a hidden form field with the utm_source from url.
Basically this:
<input id="fieldihhdji" name="cm-f-ihhdji" type="hidden" value="<?php echo $_GET["utm_source"] ?>" />
The problem is this form works perfectly on one page, but not on another.
Working: museumhack.com/test-a/?utm_source=hello (form field is hidden, but populates value)
Not working: museumhack.com/test-b/?utm_source=hello (at the bottom)
It seems like the pages may be processing the double quotes differently, but not clear how to fix. Wordpress required a plugin to process on page PHP -- I installed that and don't think it's the problem.
Here is the entire form that I copy/pasted between pages:
<form action="http://museumhack.createsend.com/t/d/s/ihhykl/" method="post" id="lead-capture">
<p>
<input id="fieldName" name="cm-name" type="text" placeholder="Your Name"/>
</p>
<p>
<input id="fieldEmail" name="cm-ihhykl-ihhykl" type="email" placeholder="you#email.com" required />
</p>
<p>
<input id="fieldjuuilj" name="cm-f-juuilj" type="text" placeholder="(212)555-5555" />
</p>
<p>
<input id="fieldihhdji" name="cm-f-ihhdji" type="hidden" value="<?php echo $_GET["utm_source"] ?>" />
</p>
<p>
<button type="submit">Request Quick Quote</button>
</p>
Thanks,
Try this code , this might help you
<input id="fieldihhdji" name="cm-f-ihhdji" type="hidden" value="<?php echo $_GET['utm_source']='';?>">
My studybook gives me an assignment which requires me to have 2 forms on one page and output them both to the same page. Is this even possible? Both forms work fine independently. Both have the action:
<?php echo $_SERVER['PHP_SELF']; ?>".
Both have a submit button, but the button only submits the form it's part of. This probably makes sence though.
Thing is i need the page to either post both form outputs when clicking one of the 2 submit buttons or press them subsequently but the information from the first form needs to stay on the page.
Is this possible or am i trying do to the impossible?
the forms are as follows;
form 1:
<form name="orderform" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Korting:
<tr>
<td>
<input type="checkbox" name="korting[]" value=15 /> Student 15% <br>
<input type="checkbox" name="korting[]" value=10 /> Senior 10% <br>
<input type="checkbox" name="korting[]" value=5 /> Klant 5% <br>
<hr />
</td>
</tr>
<tr>
<td>
betalingswijze
<input type="radio" name="betalingswijze" value="paypal"> Paypal
<input type="radio" name="betalingswijze" value="mastercard"> Mastercard
<input type="radio" name="betalingswijze" value="visa"> Visa
<hr />
</td>
<tr>
<td>
<img src="toshiba.jpg" alt=" " />
</td>
</tr>
<tr>
<td>
Toshiba Sattelite A100-510 Basisprijs 999.99
</td>
</tr>
<tr>
<td><!--Shopping Cart Begin-->
<input type="hidden" name="toshibaproduct" value="001" />
<input type="hidden" name="toshibamerk" value="toshiba" />
<input type="hidden" name="toshibamodel" value="Sattelite A100-510" />
Operating system <select name="toshibaos" value="Toshiba">
<option value="xp">Windows XP</option>
<option value="vista">Windows Vista</option>
<option value="linux">Linux</option>
</select>
Aantal: <input type="text" size=2 maxlength=3 name="toshibaaantal" value="0" />
<input type="hidden" name="toshibaprijs" value="999.99" />
<input type="image" src="bestel.jpg" border=0 value="bestellen" />
<hr />
<tr>
<td>
<img src="acer.jpg" alt=" " />
</td>
</tr>
<tr>
<td>
Acer Aspire 5735Z Basisprijs 529.99
</td>
</tr>
<tr>
<td>
<input type="hidden" name="acerproduct" value="002" />
<input type="hidden" name="acermerk" value="acer" />
<input type="hidden" name="acermodel" value="Aspire 5735Z" />
Operating system <select name="aceros" value="Acer">
<option value="xp">Windows XP</option>
<option value="vista">Windows Vista</option>
<option value="linux">Linux</option>
</select>
Aantal: <input type="text" size=2 maxlength=3 name="aceraantal" value="0" />
<input type="hidden" name="acerprijs" value="529.99" />
<input type="image" src="bestel.jpg" border=0 value="bestellen" />
<hr />
</td><!--Shopping Cart End-->
</tr>
</form>
Form 2
<form name="klant gegevens" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border=1 >
<tr>
<td colspan="2">
<b>Factuur klantgegevens</b>
</td>
</tr>
<tr>
<td width="100">Naam: </td>
<td>
<input type="text" sie="55" name="naam" />
</td>
</tr>
<tr>
<tr>
<td>Adres: </td>
<td>
<input type="text" sie="55" name="adres" />
</td>
</tr>
<tr>
<td>Woonplaats:</td>
<td>
<input type="text size="34" name="woonplaats">
Postcode:<input type="text" size="6" name="postcode">
</td>
</tr>
<tr>
<td>e-mail:</td>
<td>
<input type="text" size="55" name="email">
</td>
</tr>
<tr>
<td>Feedback:</td>
<td>
<textarea cols="40" rows="3" name="commentaar">
</textarea>
</td>
</tr>
</table>
<input type="image" src="checkout.png" value="send"/>
</form>
Both have functions which kick in on submit. Sorry for the spacings. I have them better in my own files but i just don't know how to get them right on this site.
Greetings,
Lennart
The action represent the page that will receive the posted data. You may use differents actions or the same action with different parameters.
If you use the same action, you had to insert a parameter that permit to manage different cases. You may insert an hidden field to do this.
Consider these simple forms:
<form name="form_a" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<input type="hidden" name="form" value="A">
<button type="submit">Form A</button>
</form>
<form name="form_b" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<input type="hidden" name="form" value="B">
<button type="submit">Form B</button>
</form>
To manage the different submission, you had to check the value of the hidden field:
if(isset($_POST['form'])){
switch ($_POST['form']) {
case "A":
echo "submitted A";
break;
case "B":
echo "submitted B";
break;
default:
echo "What are you doing?";
}
}
You can't submit two separate forms at the same time, because each submission represent a different request to the server.
You may merge manually the fields of the two forms, or use Javascript to do this for you.
Keep in mind that if you do this via Javascript, the field of the forms had to have differents names.
As you caan see here you can do simply via jQuery:
var str1 = $("form_a").serialize();
var str2 = $("form_b").serialize();
$.post(url, str1 + "&" + str2);
Where url is the action params of the form
Your form should be like this.
First form
<form method="post" >
...
<input type="hidden" name="form1submission" value="yes" >
<input type="submit" name="submit" value="Submit" >
</form>
Second form
<form method="post" >
...
<input type="hidden" name="form2submission" value="yes" >
<input type="submit" name="submit" value="Submit" >
</form>
And your php for first form.
if('POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['form1submission'])) {
// first form code.
}
And second form php code.
if('POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['form2submission'])) {
// second form code.
}
That's it.
DUPLICATE POST
Yes you can!
First, add the proper action to all forms, secondly, give them an unique name
HTML Side
Don't forget to add the http method what you want (GET or POST)
<form method="post">
<input type="hidden" name="orderform" />
<!-- rest of form goes here -->
</form>
<form method="post">
<input type="hidden" name="klant_gegevens" />
<!-- rest of form goes here -->
</form>
Leaving the action-attribute empty or removing it entirely will make the form submit to the current page (see this post), and usage of $_SERVER["PHP_SELF"] can lead to XSS-injection read under "Big Note on PHP Form Security"
Note:
Avoid using space for field names, it can make some problem to match them...
PHP Side
getting input values, by filtering on received form name
if (isset($_POST["orderform"])) {
// The first form was submitted
}
if (isset($_POST["klant_gegevens"])) {
// The second form was submitted
}
Note:
Use print_r() or var_dump(), to debug the content of exchanged values
looks like ordinary question but could not find correct solution. lets say I have this form:
<form name="form" action="nextpage.php">
<input type="text" name="input_name" value="<?php echo $_POST['input_name'];?>" />
<input type="submit" name="submit" value="Next"/>
</form>
For example if I add "My input text >" as value of the input the nextpage.php is broken.
I tried to use for:value="<?php echo strip_tags($_POST['input_name']);?>" or
:value="<?php echo htmlspecialchars($_POST['input_name']);?>" but none of them works.. Why is that and how to avoid it? Thanks
First, you should sanitize your posted value for security, but that aside, php provides a function that automatically escapes special characters called addslahes http://php.net/manual/en/function.addslashes.php, save your post value to a variable using the addslashes function, then use the variable as your value.
try this
<?php
$_POST['input_name']="ddd"; ?>
<form name="form" method="POST" action="nextpage.php">
<input type="text" name="input_name" value="<?php echo $_POST['input_name'];?>" />
<input type="submit" name="submit" value="Next"/>
</form>
and in nextpage.php
<?php
$name=$_POST['input_name'];
echo $name;
Try this:
<form name="form" action="nextpage.php" method="POST">
<input type="text" name="input_name" value="<?php echo $_REQUEST['input_name'];?>" />
<input type="submit" value="Next"/>
</form>
I tried several solutions from looking at similar questions within the site but it won't work me. =( Please help.
This is an excerpt from my original code:
<form action="" method="get">
<input type="text" name="search" value="">
<input type="submit" value="Search">
<?php echo do_shortcode('[expand]
<input type="checkbox" name="title" <?php if(isset($_GET['title'])) echo "checked='checked'"; ?>>
<label for="ti">Title</label></td>
[/expand]'); ?>
</form>
Basically, I want my checkboxes to remain checked, if they were checked before hitting submit. Unfortunately, it's been hours and I can't get the php to work inside the shortcode.
Please help.
your can try this,
<form action="" method="GET">
<input type="text" name="search" value="">
<input type="submit" value="Search">
<?php
$check=isset($_GET['title']) ? "checked='checked'" : '';
echo do_shortcode('[expand]
<input type="checkbox" name="title" '.$check.' ><label for="ti">Title</label></td>
<input type="submit" value="Search">
[/expand]');
?>
</form>
No, you can't. The php code in your string is no PHP code. You'd have to detect the parts that are actually PHP, and evaluate them.
Create the string that you want to embed in [expand] tags before you pass it to the do_shortcode() function.
Instead of >
Title
[/expand]'); ?>
Simply do
<?php
$state = isset($_GET['title'])?"checked='checked'":"";
$expand = "[expand]
<input type=\"checkbox\" name=\"title\" ".$state. " >";
echo do_shortcode($expand);?>