I have a problem in my php form :
isbn number is a GET variable .
Thus view.php opens in a URL like : localhost/../view.php?isbn=0810982463. Whereas I want the url structure to be like localhost/..../0810982463. I know it can be done by using the Post method, Can it be done using the GET method ?
<form action="view.php" method="get">
<p class="name">
<label for="isbn">ISBN No. </label>
<input type="text" name="isbn" id="isbn" value="0199555311">
</p>
<p class="submit">
<input type="submit" value="Search Book" />
</p>
</form>
No matter what, the GET form submission will be in a query string format, just look at Google's form submission, or even Stack Overflow's own searching. This is the way things have been standardized across browsers.
If you want it to look pretty, after the submission, you'll need to redirect the user to a pretty URL.
Related
I am trying to pass three parameters from one php file to another. Two of those parameters are in variables that are already determined long before the button is clicked to call the second php file, but one will be taken from a text box at the time the button is clicked.
So far I have the following (snippet) in the first php file. The two parameters that are in the existing variables show up in the URL just fine, but I can't figure out how to get the student number to be included. The URL just has "studentNumber=?&club=..."
Thanks!
<input type="text" id="studentNum" placeholder="Student Number">
<input type="button" value="Add Student" onclick="window.location = '<?php $url = 'http://npapps.peelschools.org/editor/add.php?studentNumber='.$_GET["StudentNum"].'&club='.$club.'&type='.$type.''; echo $url;?>'" />
Is it really necessary to use window.location? I would encourage you to use something like this
function doSubmit() {
document.getElementById("myformid").submit();
}
<form id="myformid" action="receivingPHP.php" method="POST">
<input id="studentnr" type="text" value="42" />
<button onclick="doSubmit()">Send</button>
</form>
Of course there is no receivingPHP.php file on the StackOverflow servers, so if you try this script you will reach a white page (close it in the top right corner where it says close)
If you use $_GET["StudentNum"], it must come from an HTML-form or a html-link:
example
or
<form method="GET"><input name="StudentNum" value="1337"></form>
Good luck
The URL of your current page needs to have had studentNum present as a query parameter to be able to use $_GET. For example, if current page URL =
http://npapps.peelschools.org/myotherpage.php?studentNum=100
then you can $_GET["studentNum"]. Also, if you are accessing this URL via ajax
http://npapps.peelschools.org/myotherpage.php
then it must be passed as a data parameter.
Find out what the URL of the page is where you have the HTML that you have shown, and if studentNum has not been passed as a query parameter or data parameter from however you get there (e.g. an anchor tag href) then add that parameter to the URL.
Ended up reworking it so that all the information was sent in a form rather than trying to embed it in a button. The secret came from w3schools where I figured out how to hide the known parameters in a hidden input element in the form, as follows:
<form action="add.php" method="GET">
<input name="studentNo" type="text" placeholder="Student Number" />
<input name="club" type="hidden" value="<?php echo htmlspecialchars($club); ?>" />
<input name="type" type="hidden" value="<?php echo htmlspecialchars($type); ?>" />
<input type="submit" value="Add Student" />
</form>
Let's say I have a form that looks like this:
<form action="/script.php" method="post">
<input name="my_input" length="80" />
<input type="submit" value="submit" />
</form>
Now I also want to include a numeric identifier - call it a ticket id. "Here's the ticket history, do you want to add something?" The user can't modify that.
My question is...what is the safest way to get that ticket id in the form submission?
No problem accomplishing it, but my question is around security. So here are the ways to get a variable back that I can think of:
<form action="/script.php" method="post">
<input name="my_input" length="80" />
<input type="hidden" name="ticket_id" value="12345" />
<input type="submit" value="submit" />
</form>
or
<form action="/script.php?ticket_id=12345" method="post">
<input name="my_input" length="80" />
<input type="submit" value="submit" />
</form>
I'm concerned that someone could craft a malicious POST and submit it and append their comments to a different ticket. i.e., compose a POST from their own server/browser/tool. If I was doing this with GET then they certainly could do that just by changing the url vars - it's possible to do that also with POST too, right?
I can check that the user owns that ticket of course and do some other validation, but fundamentally, how do you present data to a user and safely get it back again in an HTML form?
Is there something other than creating a unique serial number ("FORM 12345 should present ticket id 6789") record on the server side and then checking it back?
I'm using PHP & MySQL on the backend though I'm not sure my question is specific to those technologies.
use session
form.php
<?
session_start();
$_SESSION['ticket_id'] = '1234';
?>
script.php
<?
session_start();
$ticket_id = $_SESSION['ticket_id'];
?>
I'm working on building a more user-friendly frontend access page in Wordpress for a content library built on ContentDM (http://www.oclc.org/support/questions/contentdm/default.htm). One of the things that was requested as part of the site was a search form that instead of searching Wordpress, goes to the ContentDM library and searches there.
It appears that the search syntax for ContentDM is as follows:
http://libraryID.contentdm.oclc.org/cdm/search/searchterm/INPUT_TERM/order/nosort
With "INPUT_TERM" being whatever the user searched for.
In other words, in order to create a search form that went directly there, I'd have to dynamically insert the contents of the input element into the middle of the "action" attribute of the form.
I'm guessing my best bet is to just send it to a PHP page that sticks $_POST['whatever'] into the URL and does a redirect. But is there in fact a way to do it dynamically from the form (ideally without Javascript) and save a step?
Thanks!
I guess something like this could work:
<form action="" method="get"
onSubmit="location.href='http://libraryID........./'+this.children[0].value+'/order/nosort; return false;">
Search: <input type="search" />
<input type="submit" value="Go" />
</form>
This will redirect the browser to the search page given in the search box, however it's not terribly reliable.
You might want to see if there's a query string "version" of the URL - maybe that search URL is affected by mod_rewrite to "look pretty", and you might be able to have http://libraryID.contentdm.oclc.org/cdm/search as the action, and have the input field named searchterm:
<form action="http://libraryID.contentdm.oclc.org/cdm/search" method="get">
Search: <input type="search" name="searchterm" />
<input type="submit" value="Go" />
</form>
I would like to make a button on my website that automatically logs me in on another website. I recon I can use either Javascript/jQuery or PHP/cURL to do this.
Which is the best way to go?
You may use either remote javascript or iFrame. Find more details here: http://kuza55.blogspot.com/2007/06/building-secure-single-sign-on-systems.html
Also checkout google's approach named SAML: http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html
It depends what the website is. JavaScript and jQuery alone cannot be used due to the cross-domain policy. You could perhaps use a combination of cURL and AJAX to achieve something similar.
I think you might need to provide a little more information about the site, and exactly why you'd want to do this...
I'm not sure if this is exactly what you're looking for, but one thing I have done in the past is to mimic the login form on the site you want to log in to.
For example lets say you want to log in to 'example.com'. In the source code for the login page of 'example.com' you will find the html code for the login form.
Example
<form name="blabla" action="action.php" method="post">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="sumbit" value="Login" />
</form>
Create a form on your site similar to the one you find in 'example.com'. If you want you can even hide the fields, include values to make it a one button login. The trick is making sure that the action has the actual url. For example if the form says 'action.php' for 'example.com' you would put 'http://example.com/action.php'
Example
<form name="blabla" action="http://example.com/action.php" method="post">
<input type="hidden" name="username" value="testuser" />
<input type="hidden" name="password" value="testpass" />
<input type="sumbit" value="Login" />
<form>
This will log you in to the site in most cases. If you don't want to leave your own site you can set a 'target' for the form to an iframe or something.
Why is it that when I pass parameters through encoded URL and GET method in HTML form, the URL encoded parameters are dropped?
e.g. Setup:
<form action="process.php?hello=world" method="GET">
<input type="text" name="foo" value="bar">
<input type="submit">
</form>
Result: the variable hello will not be recognized in process.php.
Is this bad practice?
Is this how PHP processes it, or is it related to how the browser send the request? Is there the same problem in other languages?
Yes, that is bad practice because it just doesn't work.
If you want to pass in "hidden form input" then you must use a hidden form element:
<input type="hidden" name="hello" value="world" />
As rezzif states in his comment, you can mix GET & POST like so:
<form action="/something?foo=bar" method="POST">
<input type="text" name="baz" />
</form>
As a general rule I avoid mixing the two though. I find it bizarre to have GET params in my form action.