I need to pass some data with these 2 methods together ( GET AND POST ).
I write this method, but I don't know if it is safe:
<form method="post" action="profile.php?id=<?php echo $_SESSION['id']; ?>" enctype="multipart/form-data">
<input type="text" size="40" name="title" >
<textarea name="description" rows="2" cols="30"></textarea>
<input id="starit" name="submit" value="Create" type="submit" />
</form>
<?php
a= $_GET['id'];
b= $_POST['title'];
c= $_POST['description'];
?>
Is this code safe ? Or there are other ways to do that ?
This is not a combined GET and POST request; rather, it's a POST request with query parameters.
What you have written would be the right way. Always make sure that you get the expected fields:
if (isset($_GET['id'], $_POST['title'], $_POST['description']) {
// go ahead
}
Btw, make sure that you escape your output:
<form method="post" action="profile.php?id=<?php echo rawurlencode($_SESSION['id']); ?>">
And if you're not uploading files, you don't need to set the enctype of your <form>.
you can use both and get with REQUEST instead of GET or POST, with the same name of params it will get the "request-order" order GET and then POST by default.
http://php.net/request-order
it is in php.ini
This is better :
<form method="post" action="profile.php?id=<?php echo urlencode($_SESSION['id'])); ?>">
don't write method attribute in your form condition
and add formmethod=" " attribute in input...
for example:
<input type="submit" formmethod="get" name="inputGet" value="updateGet" >
<input type="submit" formmethod="post" name="inputPost" value="updatePost" >
Related
html:
<form method="GET">
<input type="text" name="k" id="header-search" value="<?=$_GET["k"];?>"/>
<input type="submit" id="header-submit" value="" />
</form>
When current url is:
https://example.com/search/cats?b=5
After click on submit button it remove b query and show like this:
https://example.com/search/cats?k=sometext
But i want this result:
https://example.com/search/cats?b=5&k=sometext
I have other query like b, d and also c maybe add more in future, so this is not a static, maybe url have b maybe d or maybe c or maybe all together or maybe no one.
I tried this but looks like no changes:
action="<?=$_SERVER['REQUEST_URI'];?>"
You can add the variables inside hidden inputs:
<form method="GET">
<?php if(isset($_GET['b']){ ?>
<input type="hidden" name="b" value="<?=$_GET["b"];?>"/>
<?php } ?>
<input type="text" name="k" id="header-search" value="<?php echo isset($_GET["k"]) ? $_GET["k"] : '';?>"/>
<input type="submit" id="header-submit" value="" />
</form>
However this solution will not work very well if you have many different types of variables that may or may not exist all the time. If you add all the variables as hidden, they will all be visible when you submit the form. To prevent this, you will need to check if the variables are isset() and only print them if they are.
Here is a solution that uses hidden fields and handles any amount of get parameters:
<form method="GET">
<?php
foreach($_GET as $key => $value){
// do not make a hidden input for k, there is already a text input for k
if($key != 'k'){
echo '<input type="hidden" name="'.$key.'" value="'.$value.'"/>';
}
}
?>
<input type="text" name="k" id="header-search" value="<?php echo isset($_GET["k"]) ? $_GET["k"] : '';?>"/>
<input type="submit" id="header-submit" value="" />
</form>
I am trying to get the value of a form (text field) with _POST, and store it to a text file but it doesn't work. Here's my code:
HTML
<form>
<input type="text" name="test" id="test" value="">
<input type="button" onclick="location.href='example.com/index.php?address=true';" value="ODOSLAŤ" />
</form>
PHP
if (isset($_GET['address'])) {
$email = $_POST['test'];
$myfile = fopen("log.txt","a") or die("Error.");
fwrite($myfile, "\n".$email);
// this prints nothing
echo $email;
}
I can't get the value of that text field. Nor GET nor POST doesn't work for me. What am I doing wrong?
You are missing a post method in your form.
<form method="post" action="example.com/index.php?address=true">
<input type="text" name="test" id="test" value="">
<input type="submit" value="ODOSLAŤ" />
</form>
You also have to change the following line.
if (isset($_GET['address'])) {
With
if (isset($_POST['address'])) {
You want to post after triggering an action as FreedomPride mentioned
Conclusion
You want to declare for example a post methodif you know that you would like to post that data in the future.
As FreedomPride also mentioned :
You are using a GET, but if a user does not input anything your script won't work, there by it is recommended to use a POST
You are not submitting your form.
Change your code as follows....
<form method="post" action="example.com/index.php?address=true">
<input type="text" name="test" id="test" value="">
<input type="submit" value="ODOSLAŤ" />
</form>
You'll get what you want....
This is what you're missing as Tomm mentioned.
<form method="post" action="yourphp.php">
<input type="text" name="address" id="test" value="">
<input type="submit" name="submit"/>
</form>
In your PHP, it should be post if it was triggered
if (isset($_POST['address'])) {
$email = $_POST['test'];
$myfile = fopen("log.txt","a") or die("Error.");
fwrite($myfile, "\n".$email);
// this prints nothing
echo $email;
}
Explanation :-
In a form, an action is required to pass the action to the next caller with action. The action could be empty or pass it's value to another script.
In your PHP you're actually using a GET. What if the user didn't input anything. That's why it's recommended to use POST .
I have a form located at a url containing get parameters,my form is also using this method.When the form is submitted it rewrites the previos get parameters.
Is there a simple way to rewrite only my form parameters?
I have in mind a Javascript solution ,however I want to know if there is a simpler way?Using HTML/PHP perhaps?
As far as I know, u u are not interested in using JS, then using form's hidden element is only way u have like this-
<form action="demo_form.asp">
First name: <input type="text" name="fname"><br>
<input type="hidden" name="country" value="Norway">
<input type="submit" value="Submit">
</form>
<p>Notice that the hidden field above is not shown to a user.</p>
The question is how u can use it with PHP, right?
The solution is here-
//In PHP
if( isset($_GET['fromPerson']) )
{
echo $fromPerson;
}
So combined HTML and PHP code will be like this (assuming a get element from prevous page is named fromPerson)-
<form action="demo_form.asp">
First name: <input type="text" name="fname"><br>
<?php
if( isset($_GET['fromPerson']) )
{
echo '<input type="hidden" name="country" value=".$_POST['fromPerson'].">';
}
?>
<input type="submit" value="Submit">
</form>
Lets say you get a parameter p1 from a get request, it should look like this:
http://server.com/?p1=123
In your form, you can add hidden fields that would have the same effect when you submit, like this:
<form method="GET">
<input type="hidden" value="<?php echo $_GET["p1"]; ?>" name="p1">
</form>
That way you can resend the variables as many times as you need.
I'm not sure I understand your question... Can you post your code?
I assume you mean something like this?
in index.php
<input type="hidden" name="id" value="<?php echo $id; ?>" />
in return.php
Edit
Maybe I don't understand English as well as I thought. I need some help. I read the other posts but I am still not able to send variables to another page using POST instead of GET. Please help me with this example:
I have two pages. The first one has a query (Users). Then I make a table with the results and using the following code I can send user id to another page where I can edit some information.
First page:
<td><div align="center">
<a href="Users_modify.php?id=<?php echo $row_Users['id'];?>">
<img src="Icons/info-icon.png" width="20" height="20"></a></div></td>
Second page:
$colname_recordset1 = "-1";
if (isset($_GET['id'])) {
$colname_recordset1 = $_GET['id'];}
and after this I can use the variable to make a query.
With respect I ask you for a sample of the first page statement in order to be able to use POST on the second page. Thank you for your time!
You can only use $_POST on a form.
If it is associated in a link, you can use $_GET or you can use $_REQUEST to get the query string.
You'll fill $_POST by using a form:
<form action="…" method="post">
<input type="hidden" value="$id">
…
<input type="submit" value="Save">
</form>
posting it by form
<form action="second page url" method="post">
<input type="hidden" name="id" value="$id">
…
<input type="submit" value="Post">
</form>
First Page
<form method="post" action="page2.php">
<input type="hidden" name="idField" value="<?php echo $id; ?>" />
<input type="submit"/>
</form>
Second Page
<p>
<?php
echo $_POST["idField"];
?>
</p>
<form action="">
<input placeholder="SEARCH" name="search_input" type="text"/>
<input type="submit" name="search_submit"/>
</form>
If people search by "Keyword Item" I want URL will be http://mydomain.com/search?keywords=Keyword%20Item
How can I do it? I know needs configure in form action, get etc.
Thanks in advance.
Update
When I am trying with this code
<form action="http://search.golfoutletsusa.com/search?" method="get">
<input placeholder="SEARCH" name="Keywords" type="text"/>
<input type="submit" name="search_submit"/>
</form>
The URL is: http://search.golfoutletsusa.com/search?Keywords=85&search_submit=Submit+Query
I just want "&search_submit=Submit+Query" will be removed from URL.
<?php echo $_GET["keywords"]; ?>
You will need to change the name of the text field from search_input to keywords though.
You should also consider using an id attribute along with the name. And as the other answer says, form action and method should be set correctly.
Solution:1
You can add the following code at the top of your search.php (or, whatever the processor file):
<?php
if(isset($_GET["search_submit"]))
{
$keywords = $_GET["Keywords"];
header("Location: search.php?Keywords=$keywords");
}
?>
OR
Solution:2
You can omit the name of submit button if it is not really necessary to give it a name. So instead of
<input type="submit" name="search_submit"/>
just use
<input type="submit" />
Set action of the form to search.php and method to get.
Then change the name of your input element to keywords.
But still the url won't be - http://mydomain.com/search?keywords=Keyword%20Item
It will be - http://mydomain.com/search.php?keywords=Keyword%20Item
Simply put everything in the form properties, only you have to select a file which will receive all this, /search will not suffice:
<form action="search.php" method="get">
<input type="text" name="keywords" placeholder="SEARCH" />
<input type="submit" name="submit" />
</form>
EDIT: In the search.php file you would get the variable contents with the get global variable like this:
$search_query = $_GET['keywords'];
After that you simply write the rest of the code to do the search... Note that this would lead to an URL like http://www.example.com/search.php?keywords=query