I know there are a few ways to pass a variable to another page for a form. But is there any secure way to pass the variable to another page?
POST
First form in the page
$firstName= 'Sarah';
$lastName = 'Lim';
$name = $firstName.' '.$lastName;
<form id="Staff" name="Staff" method="post" action="nextpage.php" enctype="multipart/form-data">
<input name="name" type="text" id="name" value="<?php echo $name?>"/>
<input type="submit" name="submit" value="Submit">
</form>
Passing variable to nextpage.php
$StudName = $_POST['name'];
$split = preg_split('/[ \.]/', $StudName);
echo $split[0].$split[1];
In this case, I must use session to pass the variable to nextpage.php. Is there any other more secured way or neater way? As if I have alot of fields in a form, there would be alot of "$_POST['...']" in my second page.
The only secure way I can think of is to use https, if you're looking for neater code you could do something like $p = $_POST; which will let you do echo $p['blah']; for example.
Related
I just sent data to a page called diak_o.php with post method but I need to use this data on an another page. How can I send it to two pages or send from the first page to the next?
<form action="diak_o.php" method="post">
<input type="text" name="name"><br>
<input type="submit" value="Bejelentkezés" />
</form>
You could store it in Sessions and access it on multiple pages like this:
Page 1:
<form action="page2.php" method="post">
<input type="text" name="page1text"/>
<input type="submit"/>
</form>
Page 2:
<?php
session_start();
$dataFromPage1 = $_SESSION['page1text'] = $_POST['page1text'];
echo $dataFromPage1;
?>
You can use $_SESSION or just but i think $_POST should still work in the next file too...
when you send that data from this page to second page like diak_o.php in this page you can access it by below code.
in diak_o.php write code like below.
<?PHP
session_start();
echo $_POST['name'];
$_SESSION["name"] = $_POST['name'];
?>
in the other page you can use $_SESSION["name"] by accessing it.
you can also use COOKIE OF PHP.
On this URL there are different methods for passing data from one page to another.
http://www.discussdesk.com/how-to-get-data-from-one-page-to-another-page-in-php.htm
Thanks.
You need to give your button a name attribute, then on diak_o.php you check if the button isset, after that you check if the text input is not empty, else assign a session to the text input
Your Form
<form action="diak_o.php" method="post">
<input type="text" name="name"><br>
<input type="submit" value="Bejelentkezés" name="submit" />
</form>
diak_o.php
<?php
session_start();
if(isset($_POST['submit'])){
if(empty($_POST['name'])){
die("enter name");
}else{
$_SESSION['name']= $_POST['name'];
}
}
?>
anotherpage.php
<?php
session_start();
echo $_SESSION['name']; // will output the value from form.
?>
when ever your wanna use the value on your pages, just use $_SESSION['name'];
My website involves a user submitting data over several pages of forms. I can pass data submitted on one page straight to the next page, but how do I go about sending it to pages after that? Here's a very simplified version of what I'm doing.
Page 1:
<?php
echo "<form action='page2.php' method='post'>
Please enter your name: <input type='text' name='Name'/>
<input type='submit' value='Submit'/></form>";
?>
Page 2:
<?php
$name=$_POST["Name"];
echo "Hello $name!<br/>
<form action='page3.php' method='post'>
Please enter your request: <input type='text' name='Req'/>
<input type='submit' value='Submit'/></form>";
?>
Page 3:
<?php
echo "Thank you for your request, $name!";
?>
The final page is supposed to display the user's name, but obviously it won't work because I haven't passed that variable to the page. I can't have all data submitted on the same page for complicated reasons so I need to have everything split up. So how can I get this variable and others to carry over?
Use sessions:
session_start(); on every page
$_SESSION['name'] = $_POST['name'];
then on page3 you can echo $_SESSION['name']
You could store the data in a cookie on the user's client, which is abstracted into the concept of a session. See PHP session management.
if you don't want cookies or sessions:
use a hidden input field in second page and initialize the variable by posting it like:
page2----
$name=$_POST['name']; /// from page one
<form method="post" action="page3.php">
<input type="text" name="req">
<input type="hidden" name="holdname" value="<? echo "$name"?>">
////////you can start by making the field visible and see if it holds the value
</form>
page3----
$name=$_POST['holdname']; ////post the form in page 2
$req=$_POST['req']; ///// and the other field
echo "$name, Your name was successfully passed through 3 pages";
As mentioned by others, saving the data in SESSION is probably your best bet.
Alternatly you could add the data to a hidden field, to post it along:
page2:
<input type="hidden" name="username" value="<?php echo $name;?>"/>
page3
echo "hello $_POST['username'};
You can create sessions, and use posts. You could also use $_GET to get variables from the URL.
Remember, if you aren't using prepared statements, make sure you escape all user input...
Use SESSION variable or hidden input field
This is my workaround of this problem: instead of manually typing in hidden input fields, I just go foreach over $_POST:
foreach ($_POST as $key => $value) {
echo '<input type="hidden" name="' . $key . '" value="' . $value . '" />';
}
Hope this helps those with lots of fields in $_POST :)
I am making account registeration page with php. My problem is taht, if somebody uses username which is already in use, page reloads and all inputs will empty.
I tried this:
<form action="register.php" method="post">
<input type="text" name="username" value="<?php if(isset($_POST['username'])) { echo $_POST['username']; } ?>" />
</br>
In my opinion, the best way is to send the check for a duplicate username via AJAX. Use JavaScript to send the request a second or two after the user is done typing.
If you don't want to use AJAX, store the field values in the session and spit them back out when the page reloads. This is your page:
<?php if(isset($_SESSION['username'])) { echo $_POST['username']; } ?>
Then, in the form submission code:
$_SESSION['username'] = $_POST['username'];
Your code could work if your form-handling code and you form markup are in the same PHP file, but you certainly aren't violating separation of concerns like that, are you? ;)
You have set the method of your form to POST, so you can't use $_GET, instead you have to use $_POST.
<form action="register.php" method="post">
<input type="text" name="username" value="<?php echo htmlspecialchars($_POST['username']); ?>" />
</br>
Im kind of new to php, and am trying to learn how to accomplish a normaly simple task, but am running into language barrier :). Hoping you guys have some advise or a few code snippets to guide me in the right direction.
I'm using a wordpress site, and have built a page within it (using new page post), inside this page ive built a form that is calling an external js file, heres a link to this page:
( http://69.195.124.135/~fivestk2/cash-closing-cost-estimator/).
Where im having trouble is how to pass the form vars over to the next page. the next page should just be a summary of the vars, and a few extra fields to input an email by the user so that the summarized page can be emailed.
my logic is that i should be able to do this below for each var in my form
<form method="post" action="resultvars.php">
<input type="text" var="var1"/><br/>
<input type="text" var="var2"/><br/>
<input type="text" var="var3"/><br/>
<input type="text" var="var4"/><br/>
<input type="submit" var="submit"/>
</form>
accesing the posted page (resultvars.php) i thought would fill in the vars into the results page but all i get when i try is a page displaying code.
<?php $name0 = $_POST['name0'];
$var1 = $_POST['var1'];
$var2 = $_POST['var2'];
$var3 = $_POST['var3'];
$var4 = $_POST['var4'];
echo $name0.'<br/><br/>';
echo $name1.'<br/><br/>';
echo $name2.'<br/><br/>';
echo $name3.'<br/><br/>';
echo $name3.'<br/><br/>';
?>
I just a little advise on how to code my original form above so that it will work inside these wordpress pages, i think this example i found is what i need, but im new to working with this stuff. Thanks for reading
There are better ways to create your page, but for now, sticking to your issue, you should change your HTML code to this -
<form method="POST" action="resultvars.php">
<input type="text" name="var1" value="Var 4"/><br/>
<input type="text" name="var2" value="Var 4"/><br/>
<input type="text" name="var3" value="Var 4"/><br/>
<input type="text" name="var4" value="Var 4"/><br/>
<input type="submit" name="submit" value="Submit" />
</form>
Couple that with some minor changes to your PHP and you should be able to view the Posted values -
<?php
$var1 = $_POST['var1'];
$var2 = $_POST['var2'];
$var3 = $_POST['var3'];
$var4 = $_POST['var4'];
echo $var1.'<br/><br/>'; // You could just do - echo $_POST['var1'].'<br/><br/>';
echo $var2.'<br/><br/>';
echo $var3.'<br/><br/>';
echo $var4.'<br/><br/>';
?>
i am trying to create a donate page. the hole page is php,
there is a textbox that hold the amount value which should be send via hidden input with the url to the the payment gateway. i have tryed many time but it is not working. i am still a beginner in this could any one please help me in fixing my code here
<div class="donate">
<?php
$amount = $_REQUEST['amount'];
$txtCurrency = 840;
$txtAmount = number_format($amount, 2, '.', '');
echo $amount;
$key = "TEST";
$txthttp = "http://test.com/you.php";
?>
<form action="payment.php" name="form1">
<input type="text" id="amount">
<input type="submit">
<input type="hidden" name="txtAmount" value="<?= $txtAmount; ?>">
<input type="hidden" name="txthttp" value="<?= $txthttp; ?>">
<input type="hidden" name="signature" value="<?= $key; ?>">
</form>
</div>
In general, you should avoid using $_REQUEST when you can use $_GET or $_POST. $_REQUEST allows variables to be set by either an HTTP GET or POST, which can pose a security risk, since your site will presumably use one or the other. With that said, here's what I would do:
Add method="post" to your form tag.
Access the input elements by looking at $_POST['txtAmount'], $_POST['txthttp'], etc.
In general, you can view all variables set in the POST by doing this:
var_dump($_POST);
You can access these values from payment.php with $_POST['txtAmount'], $_POST['txthttp'], $_POST['signature']. How you handle them will be up to your code. I see that you used the $_REQUEST array, which will work, however I believe it's better form to be specific and use the $_POST array.