I'm creating a small application which allows potential employees to list references. The listed references receive an email containing a URL with a unique string at the end.
(Example: www.the-address.com?url=503241c65b8fe4_07914393). The reference then follows this unique URL to upload a letter in the employee's behalf.
But every time any form is submitted, the random string part of the URL disappears
(Example: www.the-address.com?url=).
I don't understand why this would happen, since I submit the form like this:
<form action="upload_letter.php?url="' . $url . '" id="form_id" method="POST">;
Where $url = $_GET['url'].
Any generic reasons this would happen? I can provide more code, if needed.
If you really have the code like you write, you're closing the action attribute prematurely with the second " character. Try this instead:
echo '<form action="upload_letter.php?url='.urlencode($url).'" id="form_id" method="POST">';
The way you have it would end up as HTML like:
<form action="upload_letter.php?url="google.de" id="form_id"...>
With google.de outside the attribute value.
<?php
$data = array('url' => $url);
?>
<form action="upload_letter.php?<?php echo http_build_query($data) ?>" id="form_id" method="POST">
Or you can just add the URL as a hidden <input>
<form action="upload_letter.php" id="form_id" method="POST">
<input type="hidden" name="url" value="<?php echo htmlentities($url); ?>">
.
.
.
</form>
Then you can access URL via $_POST['url'].
Change method="POST" to method="GET"
If your code is what you wrote on your PHP file: it is wrong. No ";" at the end of an HTML line, and you can't concatenate strings with "." in HTML. You must open the PHP tag and write PHP code inside. For example:
<form action="upload_letter.php?url=<?php echo $url; ?>" id="form_id" method="POST">
But you can also use echo like Wolfgang answer
Probably $url is empty or undefined.
Check the HTML code to see if its written into the form's action.
why you put single quotes around:
. $url .
?
EDIT: Another way to say this:
Are you sure you're on a <?php ?> tag?
Related
Good morning to you all,
I would like to transfer to my target page an id that I have upstream recovered with GET, in the sending form with a php parameter,
<?php $idEleve = $_GET['id']; ?>
<form method="POST" action="addNotes.php?id=$idEleve">
I’m not sure it’s okay, please help me
There are two options.
1) You can transfer it as a GET parameter to the next page in your form action attribute:
<form method="POST" action="addNotes.php?id=" . <?= $idEleve ?>
Then receive it the same way:
$idEleve = $_GET['id'];
2) Use a hidden input field
<input type="hidden" name="id" value="<?= $idEleve ?>">
In that case it will be a part of your $_POST array:
$_POST['id']
Not sure if I titled it right, however my problem is stated below and I can't, for the life of me, figure it out.
In the same file, write a form consisting of a single text field and a
submit button. The “action” attribute to the form should be the same
page that the form is on (don’t hard code, use $_SERVER[‘PHP_SELF’]).
The form should send the contents of the text field via GET.
Upon submitting the form, you should be redirected to the same page,
but the URL should contain the string from the text field as a GET
request normally behaves.
<!-- I am supposed to pass the value of the text
field over to the url according to the question -->
<form action="questionThree.php" method="get">
<input type="text" name="text"><br>
<input type="submit">
</form>
Have trouble getting the code to display properly. They're supposed to be in html tags, although it's a php file.
Im baffled as to why you're passing it somewhere else however..
I think I have made sense from what you're asking so here goes...
On the submit input field add name="send"
then the HTML and PHP (for the same page) would be:
<form action="" method="get">
<input type="text"><br />
<input type="submit" name="send">
</form>
<?php
if (isset($_GET['send']))
{
$sentence = strtolower("My name is Justin and I am learning PHP programming and C++ programming");
function countWords($sentence)
{
//Using 'explode' to split words, thereby creating an array of these words
$wordsArr = explode(' ', $sentence);
$vals = array_count_values($wordsArr);
echo "<pre>";
print_r($vals);
echo "</pre>";
foreach ($vals as $key => $value)
{
echo "<b>" . $key . "</b> occurs " . $value . " times in this sentence <br/>";
}
}
countWords($sentence);
}
?>
Though I still see no purpose of the input text field?
I submit the s variable to page.php from an input form on a different page.
The URL has the complete string with the ampersand, when I try to echo the variable, the string is cut off after the ampersand.
form:
<form action="page.php" method="get">
<input type="text" name="s" id ="s" />
</form>
Variable is:
search & search
URL:
page.php?s=search+%26+search&var2=variable
variable echoes as:
search
I have tried:
echo htmlspecialchars($_GET['s']);
echo htmlentities($_GET['s']);
echo urldecode($_GET['s']);
You could use (at least) 3 differents ways to archieve this:
1 - urlencode(): use this function in the place you should generate the url to encode the string for URL format.
2 - use %26 (without the "+");
3 - Use $_SERVER['QUERY_STRING']: if you have only one param, you could get all the query_string this way.
UPDATE:
I.E:
$url = "page.php?s=".urlencode('search & search')."&var2=".urlencode('variable'); //or urlencode($variable)
Then use: urldecode() to parse the differents $_GETs.
I assume you have a code similar to this,
<a href="http://localhost/example/page.php?s=search+%26+search">
This kind, will result only the search after you try to echo it.
Try this way,
<a href="http://localhost/example/page.php?s=<?php echo urlencode("search+%26+search") ?>">
it's a convenient way to encode a query part of the url.
and also try this one, an example from the official php documentation
<?php $query_string = 'foo=' . urlencode($foo) . '&bar=' . urlencode($bar);
echo '<a href="mycgi?' . htmlentities($query_string) . '">';
?>
and for more information, please refer to this.
http://php.net/manual/en/function.urlencode.php
I just tried what you said and the problem doesn't seem to be the encoding of url.
Try this out https://www.google.co.in/?q=search+%26+search , Google searches for search & search, there might be a problem on page.php where you are trying to echo the variable.
Additionally, to prove that google is not doing anything special i just made two files named index.php and page.php and the result was as expected.
index.php
<html>
<body>
<form action="1.php" method="get">
<input type="text" name="s" id="s">
</form>
</body>
</html>
page.php
<?php
echo $_GET['s'];
?>
output:
search & search
Try to debug your code on page.php where you are trying to echo the variable or paste the whole code here.
Try this though I test it locally, here's the code
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Problem</title>
</head>
<body>
<form action="page.php" method="get">
<input type="text" name="s" id ="s" />
<input type="text" name="var2" id ="d" />
<input type="submit" name="name" value="submit">
</form>
</body>
</html>
and page.php
<?php
if (isset($_GET['s'])) {
echo $_GET['s'] .' '. $_GET['var2'];
}
?>
when you run it to your browser, it will display two input form and a submit button.
The output will be
search & search variable
I try also pasting in the url
page.php?s=search+%26+search&var2=variable&name=submit
I result the same
I hope this would help
One of my pages (video.php) is opened using form action as follows:
<?php
//Lots of code, including a WHILE loop
echo "<form action=\"video.php?id=".$row['id']."\" method=\"post\" target=\"_top\">
<input type=\"image\" src=\"".$image."\" style=\"width:180px;height:120px\"
alt=\"Submit\"></form>";
?>
On the page video.php?id, I get the id as follows and declare other global scope vars. However, why is the $_GET variable not seen in my echoed alert when I submit a form as in the following simplified code?
//video.php?id page
<?php session_start();
include 'connect.php';
$Vid = mysqli_real_escape_string($_GET['id']);
$login_id = mysqli_real_escape_string($_SESSION['login_id']);
if (isset($_POST['sample'])) {
echo "<script>
alert('$Vid');
</script>";
}
else//etc.
?>
<html><head></head><body>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post" id="Form">
<button name="button" type="submit">Click</button>
<input type="hidden" name="hidden" value="sample">
</form>
</body></html>
When I alert $Vid, nothing is alerted (blank alert box). Obviously, I see the SESSION variable when I alert $login_id. Am I missing something with the $_GET? Is there any way for the global var $Vid to be recognized? If I could use $Vid it would save me 5 or 6 queries based on how my code is currently written.
This how you can correct
Put $row['id'] inside a hidden text box with name as "id"
Your form method is POST, so use $_POST to grab the data in the POST file.
I think you escaped wrongly and thus the id is not appended (notice the backslash after $row['id']?), try the following:
echo '<form action="video.php?id='.$row['id'] . '" method="get" target="_top">
<input type="image" src="' . $image . '" style="width:180px;height:120px"
alt="Submit"></form>";
Imho your coding style is very unreadable with all those backslashes. It's okay to mix single/double quotes where needed…
[edit] and you obviously need to change the method to "get". ;-)
Changed action from $_SERVER['PHP_SELF'] to action="" and now the GET variables are seen.
I know my question is kind of confusing but what I meant is that I want to display an HTML form in a PHP 'echo'. So my entire HTML code is inside my php open and closing tags and then inside my HTML script I wanted to have a php code but I get an error saying:
Parse error: syntax error, unexpected 'echo' (T_ECHO), expecting ',' or ';'
and my code goes something like this:
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
// this line is where I get the error
<input type="hidden" name="res_id" value='echo($_GET['res_id']);' />
?>
You can use . to concatenate strings in PHP. So you could write it like so:
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
// this line is where I get the error
<input type="hidden" name="res_id" value="'.$_GET['res_id'].'" />';
?>
. can be used to concatenate strings. You can also use , which sends them as separate echos.
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
<input type="hidden" name="res_id" value="' . intval($_GET['res_id']) . '" />';
?>
Don't forget XSS protections. The intval() is turning the user input from $_GET into an integer, ensuring that it isn't malicious. It seems this is an important ID for your system. You should ensure that changing it won't break your code, if it will, consider using Sessions instead.
XSS or Cross Site Scripting, is when an attack injects javascript onto your page in an attempt to make it work differently or redirect the user. In this case, an attacker could send this form to a different location. If this form contains Credit Card info, other personal info, or internal data from your application; an attacker could gain access to that info simply by linking a user to the form with the bad data in it.
If setup right, the user might not ever even know they had their information stolen!
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
<input type="hidden" name="res_id" value="' . $_GET['res_id'] . '" />';
?>
Here you go:
<?php
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
<input type="hidden" name="res_id" value="' . $_GET['res_id'] . '" />';
?>
Here you find a explanation from the offical php documentation how to work with the php-tag: http://php.net/manual/en/language.basic-syntax.phpmode.php