I know my question is kind of confusing but what I meant is that I want to display an HTML form in a PHP 'echo'. So my entire HTML code is inside my php open and closing tags and then inside my HTML script I wanted to have a php code but I get an error saying:
Parse error: syntax error, unexpected 'echo' (T_ECHO), expecting ',' or ';'
and my code goes something like this:
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
// this line is where I get the error
<input type="hidden" name="res_id" value='echo($_GET['res_id']);' />
?>
You can use . to concatenate strings in PHP. So you could write it like so:
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
// this line is where I get the error
<input type="hidden" name="res_id" value="'.$_GET['res_id'].'" />';
?>
. can be used to concatenate strings. You can also use , which sends them as separate echos.
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
<input type="hidden" name="res_id" value="' . intval($_GET['res_id']) . '" />';
?>
Don't forget XSS protections. The intval() is turning the user input from $_GET into an integer, ensuring that it isn't malicious. It seems this is an important ID for your system. You should ensure that changing it won't break your code, if it will, consider using Sessions instead.
XSS or Cross Site Scripting, is when an attack injects javascript onto your page in an attempt to make it work differently or redirect the user. In this case, an attacker could send this form to a different location. If this form contains Credit Card info, other personal info, or internal data from your application; an attacker could gain access to that info simply by linking a user to the form with the bad data in it.
If setup right, the user might not ever even know they had their information stolen!
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
<input type="hidden" name="res_id" value="' . $_GET['res_id'] . '" />';
?>
Here you go:
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
<input type="hidden" name="res_id" value="' . $_GET['res_id'] . '" />';
?>
Here you find a explanation from the offical php documentation how to work with the php-tag: http://php.net/manual/en/language.basic-syntax.phpmode.php
Related
I am trying to pass a value that I have received from my database to another php page to use within another SQL statement.
I have tried using sessions and also passing using the $_POST method on the other page but have had no luck.
Here is a snippet of my code looping through to display all records:
while($row = mysqli_fetch_array($sql)){
echo '<td>
<img src='.'"'.$row['image'].'"'.'><br/>
<form method="post" action="edit-record.php">
<input type="text" name="imgID" value='.'"'.$row['id'].'"'.'>
<input type="submit" value="Edit" id="edit_btn" class="admin_btn"></form>
</td>';
}
The value that I need is the ID for each specific image - $row['id'].
When the user clicks the EDIT button, they should be redirected to another page which displays only the specific record. This is why I need the ID received passed to the next page to insert into a query statement.
I hope this made sense and any help will be greatly appreciated.
UPDATE: Thanks for all of your help. I solved the problem by playing around with a few of your suggestions to pass the id via GET in the action of the form.
<form method="post" action="edit-record.php?id='. $row['id'].'">
No idea why that hadn't occurred to me! Thanks again.
while($row = mysqli_fetch_array($sql)){
echo '<td>
<img src="'.$row['image'].'"><br/>
<form method="post" action="edit-record.php">
<input type="text" name="imgID" value="'.$row['id'].'">
<input type="submit" value="Edit" id="edit_btn" class="admin_btn">
</form>
</td>';
}
in edit-record.php...
<?php
echo $_POST['imgID'];
?>
There is no reason your code technically wouldn't work but instead you could just eliminate the form and use a simple link...
while($row = mysqli_fetch_array($sql)){
echo '<td>
<img src="'.$row['image'].'"><br/>
edit
</td>';
}
and in edit-record.php...
<?php
echo $_GET['id'];
?>
4 Ways to do this...
1) Use a cookie
2) Use a session (which by default uses a cookie but in a different way)
3) Use cURL
4) add it to the GET parameters... ie. somepage.com/page.php?id=1
Strange concatenation
<input type="text" name="imgID" value="'.$row['id'].'">
Sure you select id on the mysql query???
If you make
echo $_POST['imgID'];
what is the result???
You can pass the id via get in the action form:
<form method="post" action="edit-record.php?id='. $row['id'].' ">
On the other page you recive the form in $_POST and the id in $_GET['id']
~Aha, I think the problem is your quotes. Single quotes don't allow variables to be interpreted.~
Nevermind, thats not your problem, but I already wrote it out, so I'll leave it. Look how much cleaner those quotes are :)
Switch up your quotes like so:
echo "<td>
<img src='{$row['image']}'><br/>
<form method='post' action='edit-record.php'>
<input type='text' name='imgID' value='{$row['id']'}'>
<input type='submit' value='Edit' id='edit_btn' class='admin_btn'></form>
</td>";
Need curly braces around array element (e.g {$row['id']})
One of my pages (video.php) is opened using form action as follows:
<?php
//Lots of code, including a WHILE loop
echo "<form action=\"video.php?id=".$row['id']."\" method=\"post\" target=\"_top\">
<input type=\"image\" src=\"".$image."\" style=\"width:180px;height:120px\"
alt=\"Submit\"></form>";
?>
On the page video.php?id, I get the id as follows and declare other global scope vars. However, why is the $_GET variable not seen in my echoed alert when I submit a form as in the following simplified code?
//video.php?id page
<?php session_start();
include 'connect.php';
$Vid = mysqli_real_escape_string($_GET['id']);
$login_id = mysqli_real_escape_string($_SESSION['login_id']);
if (isset($_POST['sample'])) {
echo "<script>
alert('$Vid');
</script>";
}
else//etc.
?>
<html><head></head><body>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post" id="Form">
<button name="button" type="submit">Click</button>
<input type="hidden" name="hidden" value="sample">
</form>
</body></html>
When I alert $Vid, nothing is alerted (blank alert box). Obviously, I see the SESSION variable when I alert $login_id. Am I missing something with the $_GET? Is there any way for the global var $Vid to be recognized? If I could use $Vid it would save me 5 or 6 queries based on how my code is currently written.
This how you can correct
Put $row['id'] inside a hidden text box with name as "id"
Your form method is POST, so use $_POST to grab the data in the POST file.
I think you escaped wrongly and thus the id is not appended (notice the backslash after $row['id']?), try the following:
echo '<form action="video.php?id='.$row['id'] . '" method="get" target="_top">
<input type="image" src="' . $image . '" style="width:180px;height:120px"
alt="Submit"></form>";
Imho your coding style is very unreadable with all those backslashes. It's okay to mix single/double quotes where needed…
[edit] and you obviously need to change the method to "get". ;-)
Changed action from $_SERVER['PHP_SELF'] to action="" and now the GET variables are seen.
I'm pretty new to the whole PHP/HTML deal, and I've run into a problem that I don't know how to fix. It's a pretty simple form that lets you enter data into database. The PHP code is as following:
<?
include("../sqlcontext.php");
$foo = mysql_query("SELECT*FROM users WHERE checksum='".$_COOKIE['userCookie']."'");
if($_COOKIE['userCookie'] == '' || !mysql_num_rows($foo)){
echo 'Du er ikke logget ind :( log ind her';
}
else{
if($_POST['genreKnap']){
$nameGenre = $_POST['nameGenre'];
$textGenre = $_POST['textGenre'];
$succes = mysql_query("INSERT INTO genre VALUES('null','$nameGenre','$textGenre')");
if($succes){
echo 'Yay!';
}else {
echo 'Oh no';
}
}
?>
The form is as following:
<form name="form1" method="post" enctype="text/plain" action="">
<table>
<tr>
<td>Genre navn:</td>
<td><input type="text" name="nameGenre" id="nameGenre" style="width:100%; padding-right: 1px" /></td>
</tr>
<tr>
<td>Genre beskrivelse:</td>
<td><textarea name="textGenre" id="textGenre" style="width:100%; padding-right: 1px"></textarea></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="genreKnap" id="genreKnap" value="Go!"/></td>
</tr>
</table>
</form>
Whenever I press the submit button, it seems as though it acts as if it was a get method and not a post.
Aha!!!
You are not posting the form correctly.
Set the
action=""
to
action="code.php"
Assuming your php page is called code.php. Just change it to the name/path of the php page and the form will send the data to your php code to process.
When you leave action="" to blank, it posts the data to itself (the same page). It is not acting as GET, it is still acting as POST, but posting to the wrong place. I think you worded the title of the question wrong.
What do you mean it is acting like get instead of post.
Can you not read $_POST variables in your PHP?
remove the 'enctype="text/plain"' in your form code.
enctype="text/plain"
Take that out. It is provided for debugging purposes only and doesn't generate anything that is sane to parse with a machine.
Valid form enctypes:
application/x-www-form-urlencoded: This is the default content type
multipart/form-data
The content type "application/x-www-form-urlencoded" is inefficient
for sending large quantities of binary data or text containing
non-ASCII characters. The content type "multipart/form-data" should be
used for submitting forms that contain files, non-ASCII data, and
binary data.
Source: http://www.w3.org/TR/html401/interact/forms.html#h-17.13.3.4
You're all ignoring the primary question and focusing on irrelevent items.
First of all more than anything he's using a short php opener <? not <?php now not every web server accepts short openers first up check that.
Echo out your $_POST vars and see if they're returning the correct items
echo "POSTS BELOW<br />";
echo $_POST['nameGenre']."<br />";
echo $_POST['textGenre']."<br />";
echo "<br />GETS BELOW<br />";
echo $_GET['nameGenre']."<br />";
echo $_GET['textGenre']."<br />";
Put this block of code directly below your php opener see what data it returns.
Also this if($_POST['genreKnap']){ is generally a bad way of doing it as its user input the safest way is a hidden field <input type="hidden" name="action" id="action" value="dopost" /> and change your if clause to if($_POST['action']=="dopost && isset($_POST['action'])){
Also set your form action="" to the actual page name not blank
Give all that a try and if its still not working we'll try something different
If you are send normal data without any files by the form .
Then enctype is not always needed .
But even if you want to include it
The correct way is :
enctype="multipart/form-data"
Also give a url in the action method of the form : <form action='example.php'>
I hope it solves the problem .
I'm creating a small application which allows potential employees to list references. The listed references receive an email containing a URL with a unique string at the end.
(Example: www.the-address.com?url=503241c65b8fe4_07914393). The reference then follows this unique URL to upload a letter in the employee's behalf.
But every time any form is submitted, the random string part of the URL disappears
(Example: www.the-address.com?url=).
I don't understand why this would happen, since I submit the form like this:
<form action="upload_letter.php?url="' . $url . '" id="form_id" method="POST">;
Where $url = $_GET['url'].
Any generic reasons this would happen? I can provide more code, if needed.
If you really have the code like you write, you're closing the action attribute prematurely with the second " character. Try this instead:
echo '<form action="upload_letter.php?url='.urlencode($url).'" id="form_id" method="POST">';
The way you have it would end up as HTML like:
<form action="upload_letter.php?url="google.de" id="form_id"...>
With google.de outside the attribute value.
<?php
$data = array('url' => $url);
?>
<form action="upload_letter.php?<?php echo http_build_query($data) ?>" id="form_id" method="POST">
Or you can just add the URL as a hidden <input>
<form action="upload_letter.php" id="form_id" method="POST">
<input type="hidden" name="url" value="<?php echo htmlentities($url); ?>">
.
.
.
</form>
Then you can access URL via $_POST['url'].
Change method="POST" to method="GET"
If your code is what you wrote on your PHP file: it is wrong. No ";" at the end of an HTML line, and you can't concatenate strings with "." in HTML. You must open the PHP tag and write PHP code inside. For example:
<form action="upload_letter.php?url=<?php echo $url; ?>" id="form_id" method="POST">
But you can also use echo like Wolfgang answer
Probably $url is empty or undefined.
Check the HTML code to see if its written into the form's action.
why you put single quotes around:
. $url .
?
EDIT: Another way to say this:
Are you sure you're on a <?php ?> tag?
I've been having a rather irritating issue regarding capturing SQL information and then placing it into a PHP form (in theory, it should be kinda easy).
Here's the code for the SQL database information:
<?
$select = "SELECT * FROM beer WHERE country_id = 3";
$data = mysql_query($select) or die("Unable to connect to database.");
while($info = mysql_fetch_array($data)) {
echo '<center>';
echo '<h2>'.$info['name'].'</h2>';
echo '<table style="padding:0px;"><tr>';
echo '<tr><td><b>ABV%:</b></td><td width="570">'.$info['abv'].'</td></tr>';
echo '<tr><td><b>Bottle Size:</b></td><td width="570">'.$info['bottleSize'].'</td></tr>';
echo '<tr><td><b>Case Size:</b></td><td width="570">'.$info['caseSize'].'</td></tr>';
echo '<tr><td><b>Price:</b></td><td width="570">$'.$info['price'].'</td>';
echo '</tr></table>';
echo '</center>';
echo '<br/>';
echo '<img src="" border="0"><br><br>';
echo '<form name="cart" method="post" action="cart.php"> <table border="0"> <tr>';
echo '<td><input type="hidden" name="bname" value="'.$info['name'].'"><input type="hidden" name="price" value="'.$info['price'].'"></td>';
echo '<td><b>Quantity:</b></td>';
echo '<td><input type="text" name="qty" size="3"></td>';
echo '<td><input type="submit" value="Add to Cart" a href="cart.php?name=foo&price=bar" /a></td>';
echo '</tr></table></form>';
}
?>
I want when the submit value is pressed to somehow transmit the price, quantity and name to a basic HTML form (so that all the user has to do is add name, address, etcetc). I am completely stumped on how to do this.
If anyone could help, it would be much appreciated.
As you mentioned Amazon checkout, here is one thing you probably don't understand.
Amazoin doesn't use the form to move items data between server and browser to and fro.
It is stored in a session on a server time. All you need is some identifier put into hidden field.
To use a session in PHP you need only 2 things:
call session_start() function before any output to the browser on the each paghe where session needed.
Use `$_SESSION variable.
That's all.
Say, page1.php
<?
session_start();
$_SESSION['var'] = value;
and page2.php
<?
session_start();
echo $_SESSION['var'];
You wrote that code? because it's simply the same code as here.
You'll need to write an HTML form in your cart.php file
and use the $_POST variable to show the values of the price , quanitity and name.
For example:
<form method='post'>
<input type='text' name='price' value='<?=$_POST['price']?>'>
<input type='text' name='quanitity' value='<?=$_POST['qty']?>'>