I use one view for adding/editing DB data:
<input name="blah" id="blah" value="<? set_selected('blah')?> />
In my controller for edit I do this:
$_POST['blah'] = 'DB value';
$this->load->view('...');
But the input field is blank. I want the inputs to be prepopulated for my edit case.
CI Views can take a data array as the second parameter as others have mentioned.
http://codeigniter.com/user_guide/general/views.html
I don't like the idea of setting the $_POST array and then passing that as your data array. $_POST should just be used for values passed from the UI form. Since you would have to manually set your $_POST array anyways, you might as well use a separate array object. I would create an array with all your set values. i.e. array('blah' => $dbvalue); and pass that instead of a pre-populated $_POST array.
Secondly, your example code uses 'set_selected()'. The function is 'set_select()' and is meant for a option tag. So there are two issues with that line of code. It needs to either be
<input .... value="set_value('blah')" />
or
<option ....value="v1" "set_select('blah', 'v1')">
You need to pass $_POST to view, the posted data should pass from the controller to the view in the second parameter of the view loading function.
try this
$this->load->view('content', $_POST);
Whatever you pass to the view get turned into an actual variable. So your code would be.
<input name="blah" id="blah" value="<?php echo $blah; ?> />
$_POST['blah'] = 'DB value';
$this->load->view('...', $_POST);
Related
I want to POST values coming from a url .
My url is xxx.com/aa.php?name=RAM
On aa.php page I have written like this
<?php $NAME=$_POST["name"]; ?>
but its value is getting null .
but when using GET Method its values is getting as 'RAM'.
How can I retrieve values using POST from a url ? or is it not possible?
Use $_GET instead of $_POST
<?php $NAME=$_GET["name"]; ?>
If you are not sure about $_GET & $_POST method then you can try $_REQUEST also.
$NAME=$_GET["name"]; //work in get method
$NAME=$_POST["name"]; //work in post method
$NAME=$_REQUEST["name"]; //work in both method
When the parameter is in the URL it is a GET parameter.
You can not fetch a GET parameter from the $_POST array, but the $_GET array.
You can also use the $_REQUEST Array to get both POST and GET variables.
In your case, the GET variable with the key name is RAM, as it should be.
edit:
Worth to mention is that the $_REQUEST array pretty much is a concatenation of $_POST, $_GET and $_COOKIE, so it might behave unexpected if any of the others (than the one you are after) are using the same key names.
I would recommend using the type you are actually wanting, in this case, the $_GET list.
The only solution to pass the data with hidden method is either you should use curl or using form submission with post method like
<form name="" action="aa.php" method="post">
<input typ="hidden" name="name" value="RAM">
<input type="submit" name="submit" value="submit">
</form>
then you can get this as
$_POST['name']
on aa.php page
if you are not sure about your method i.e. $_GET or $_POST.you should use $_REQUEST.
$NAME=$_REQUEST["name"];
for more information:http://www.tutorialspoint.com/php/php_get_post.htm
Which is the most secure way to send an array through POST?
foreach ($id as $array)
{
<input type="hidden" name="prova[]" value="<?php echo $array; ?>"/>
}
<input type="submit" name="submit"/>
or using implode() to create a single variable, pass the variable and then use explode() to get back the values into a new array?
Edit If you are asking about security, see my addendum at the bottom Edit
PHP has a serialize function provided for this specific purpose. Pass it an array, and it will give you a string representation of it. When you want to convert it back to an array, you just use the unserialize function.
$data = array('one'=>1, 'two'=>2, 'three'=>33);
$dataString = serialize($data);
//send elsewhere
$data = unserialize($dataString);
This is often used by lazy coders to save data to a database. Not recommended, but works as a quick/dirty solution.
Addendum
I was under the impression that you were looking for a way to send the data reliably, not "securely". No matter how you pass the data, if it is going through the users system, you cannot trust it at all. Generally, you should store it somewhere on the server & use a credential (cookie, session, password, etc) to look it up.
http://php.net/manual/en/reserved.variables.post.php
The first comment answers this.
<form ....>
<input name="person[0][first_name]" value="john" />
<input name="person[0][last_name]" value="smith" />
...
<input name="person[1][first_name]" value="jane" />
<input name="person[1][last_name]" value="jones" />
</form>
<?php
var_dump($_POST['person']);
array (
0 => array('first_name'=>'john','last_name'=>'smith'),
1 => array('first_name'=>'jane','last_name'=>'jones'),
)
?>
The name tag can work as an array.
You could put it in the session:
session_start();
$_SESSION['array_name'] = $array_name;
Or if you want to send it via a form you can serialize it:
<input type='hidden' name='input_name' value="<?php echo htmlentities(serialize($array_name)); ?>" />
$passed_array = unserialize($_POST['input_name']);
Note that to work with serialized arrays, you need to use POST as the form's transmission method, as GET has a size limit somewhere around 1024 characters.
I'd use sessions wherever possible.
There are two things to consider: users can modify forms, and you need to secure against Cross Site Scripting (XSS).
XSS
XSS is when a user enters HTML into their input. For example, what if a user submitted this value?:
" /><script type="text/javascript" src="http://example.com/malice.js"></script><input value="
This would be written into your form like so:
<input type="hidden" name="prova[]" value="" /><script type="text/javascript" src="http://example.com/malice.js"></script><input value=""/>
The best way to protect against this is to use htmlspecialchars() to secure your input. This encodes characters such as < into <. For example:
<input type="hidden" name="prova[]" value="<?php echo htmlspecialchars($array); ?>"/>
You can read more about XSS here: https://www.owasp.org/index.php/XSS
Form Modification
If I were on your site, I could use Chrome's developer tools or Firebug to modify the HTML of your page. Depending on what your form does, this could be used maliciously.
I could, for example, add extra values to your array, or values that don't belong in the array. If this were a file system manager, then I could add files that don't exist or files that contain sensitive information (e.g.: replace myfile.jpg with ../index.php or ../db-connect.php).
In short, you always need to check your inputs later to make sure that they make sense, and only use safe inputs in forms. A File ID (a number) is safe, because you can check to see if the number exists, then extract the filename from a database (this assumes that your database contains validated input). A File Name isn't safe, for the reasons described above. You must either re-validate the filename or else I could change it to anything.
Why are you sending it through a post if you already have it on the server (PHP) side?
Why not just save the array to s $_SESSION variable so you can use it when the form gets submitted, that might make it more "secure" since then the client cannot change the variables by editing the source.
It all depends on what you really want to do.
I have a have in PHP and I have common fields such as 'Name' and 'Surname'.
Now when the user visits the page e.g. http://www.example.com/form.php the form fields 'Name' and 'Surname' are empty.
I would like to now have a link similar to this http://www.example.com/form.php?name=John
so that when the client hits the link the PHP form will now have the name field already filled with 'John' in it.
I know this can be done in HTML but how can I do it in PHP?
Just to let to know I do not own the PHP form - I just want a link from my website to fill the PHP form (which I do not have control over).
Thanks in advance.
Can be done using $_GET
An associative array of variables passed to the current script via the URL parameters.
e.g.:
<? php
if(isset($_GET['name']))
{
$test = $_GET['name'];
}
?>
<html>
<body>
<form>
<input type="text" name="test" value="<?php if(isset($test)){echo "$test";}?>"/>
</form>
</body>
</html>
Note: code isnt tested or anything.. Also, there are possible security risks with getting values from your URL (can be considered user input), so make sure you are aware of that and how to prevent
You could store that value and then when you're about to output the input fields
you just pass along the stored value.
$name = $_GET['name'];
// ... later on
echo '<input type="text" value="'.$name.'"/>';
By using $_GET superglobal
<input name="name" value="<?php echo !empty($_GET['name']) ? $_GET['name'] : '';?>" />
<input name="surname" value="<?php echo !empty($_GET['surname']) ? $_GET['surname'] : '';?>" />
You can use the get method in php to get the name and make use of it
You can retrive this information by the $_GET["name"] function, or $_REQUEST["name"].
Reserver variables
Be carefull with those operations, you might have validation a/o security problem.
Note: if you are not sure that the "name" variable is set or not, you have to use also the
isset function to test it.
You can use the $_GET superglobal, so your input could look like this:
<input type="text" name="name" value="<?php if(isset($_GET['name'])) { echo $_GET['name']; } ?>" />
The $_REQUEST superglobal does a similar thing but I would just use $_GET.
It looks like everyone's answers here assume you are building the form yourself, which doesn't appear to be the case based on your question.
The thing that you want to do may or may not be possible. If the form accepts certain kinds of parameters in certain ways, you may be able to hook in to that functionality and set it up so that when someone clicks a link on your page, that information gets passed to the other page.
One way forms can accept this information is in the form of a "get" request. With this method, values are passed as part of the url, as in your example: http://www.example.com/form.php?name=John. Assuming your page has access to a php variable called $name, you can create a link from your code to build this kind of url like this:
Sign up!
If the page does not accept get parameters in this way (and I have a hard time imagining that they would), you may have to try other techniques to send along the information (assuming that they will even accept it!). The two other ways I imagine you could do this are by passing the value with "post" or creating a cookie for the page. If you tell us what page you are trying to set up this behavior on, we might be able to examine it and give you a better answer.
i am trying to post a form to php that contains multiple identical fields e.g. there can be multiple body_styles and multiple make and model
when i serialize the form i get the following output
SelectbsmContainer0=&body_style=hatchback&body_style=mpv&make=bmw&model=5+series+gran+turismo&valueA=200&valueB=800
how can i parse this at php end??
Change your html so that your fields are an HTML "array" like this:
<input name="body_style[]" value="" />
<input name="body_style[]" value="" />
Then you can access them via PHP's $_GET super global like so:
$first_body_style = $_GET['body_style'][0];
$second_body_style = $_GET['body_style'][1];
Or
foreach($_GET['body_styles'] as $value) {
var_dump($value);
}
Thanks to a certain PHP feature, you are going to have a lot of trouble unless you rename the fields so the names end with [], at which point they will appear in $_POST as arrays.
is there a way to create custom post variables when a user presses submit, like this:
$_POST['var'] = 'hi';
In order to set post values on the page with the form you should use hidden input tags.
i.e.
<input type="hidden" name="var" value="hi" />
It will be invisible and your receiving script will see that key/value passed along.
Variables POSTed by the browser to your PHP script will only correspond to the fields of the form that was used in the browser -- which means you have to put your custom data in that form.
If you don't want them displayed, you can use a hidden input field :
<input type="hidden" name="var" value="hi" />
But note that the data will still be sent by the browser -- which means you have to escape/filter/protect it, like any other value that comes from the user ; and it cannot be trusted : anyone can pretty easily modify the value of that form field, even if it's not visible.
while $_POST variable is an array, you can also define var like this
$_POST['var'] = 'hi';
it is same like hidden field. :)