I wanna make option edit product when user login.
Here is the link when user click edit on the web.
<a href="edit.php?id=<?php $id=$data['gameId'];echo $id;?>" ><input type="button" value="Edit"/></a>
Then in edit page, there's submit button, that I fill with some validation in doUpdate.php I tried to get id from URL in doUpdate.php to make an update in database (Id is the primary key, I use my sql as database) so I use this code
$id= $_GET['id'];
The problem is, why $id couldn't take the id value from the url? How should I fixed that? (It is not hosting yet, I use localhost cause I'm still learning)
If I'm understanding you correctly the problem isn't getting the id in edit.php, but getting the id in doUpdate.php. Presumably your edit page is POSTing date to the doUpdate page, in which case you need to do two things.
firstly inside your form on the edit page you'll need to add a hidden element inside you formcontaining the id you want to pass to doUpdate.php
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>"/>
and then in doUpdate.php fetch it from the $_POST global
$id = $_POST['id'];
You have to either edit the form action in your edit.php like <form name="edit" action="doUpdate.php?id=<?= $_GET['id'] ?> or you just create an input field, within the form, which has the value from your GET Parameter.
.
The code inside your <a> tag is incorrect. Also, you can't have a <button> inside an <a>. Try this:
Edit
It is possible for PHP to automatically set variables in this way using a feature called register_globals, but using this feature can open up security holes in your application which is why it is currently deprecated, and will eventually be removed from PHP.
The PHP manual has a detailed explanation of the feature and why it should not be used: http://php.net/manual/en/security.globals.php
Related
I have a page where the admin can see all the members who are registered, that means their information are stored in the database. It is in tabular form with Update links displayed beside each name which redirects to my update.php page with forms. After I click the Update link, I am redirected to my update.php and the URL displays the user id which I need to update :clinic/update.php?res_id=3
Now, I have a form in my update.php and I need to get that res_id=3 displayed in the URL to also be included in my MySQL INSERT STATEMENT in my action script which is add_assessment.php. I have tried using $ID=$_GET['res_id'] and $ID=$_POST['res_id'] but none of which is working. Can anybody please tell me what line of code do I have to use? Thanks
Without having any of your code to go by, I can only suggest stepping through your workflow and using var_dump on both $_GET and $_POST and making sure that the res_id is being passed from page to page.
You are not passing the value to the form so the $_POST or $_GET values on update.php will not be available to add_assessment.php.
In clinic/update.php?res_id=3 output $_GET['res_id'] as the value in a hidden form field like so:
<input type='hidden' name='res_id' value='<?php echo htmlspecialshars($_GET['res_id']); ?>' />
Then access it in add_assessment.php with $_POST['res_id']
OR
Append it to the action='add_assessment.php' in the form like so:
<form action='add_assessment.php?res_id=<?php echo htmlspecialshars($_GET['res_id']); ?>' method='post'>
Then access it in add_assessment.php with $_GET['res_id']
I have my index.php page that sends values over to edit.php via $_GET/html link. I can see the values go, including the table ID I want to use using echo statements. The problem is that I need the specific ID value used in another form using a submit form($_POST). I've tried different approaches including SESSION, making the $ID = $_GET.... I'm pulling my hair out.
Here is the order of things:
//Edit link on index.php sends the id='summary_id', which works
<td align="center">Edit</td>
//Edit.php grabs the variable and I set it to that variable
if(isset($_GET['id']))
echo "<pre>Value of GET \$_GET:</br>";print_r($_GET);echo"</pre>";
{
$summary_id = $_GET['id'];
$summary_id = $_POST['summary_id'];
But, when I try to use $summary_id in a form (using $_POST this time), I get no value. I'm not sure if what I'm trying to do is "legal". I've tried sending the summary_id as a hidden value in the form, but again, nothing is going through. I'm losing it after that initial $_GET.
You are doing wrong.You are overwriting the variable that is not available $_POST['summary_id']
if you really want to use post method use this
<form action="edit.php" method="POST">
<input type="hidden" value="<?php echo $row['summary_id'];?>" name="summary_id"/>
<input type="submit" value="EDIT"/>
</form>
or you can use header() to post the value
You are overwriting your own variable. Also, it's clear from this that you don't actually have PHP errors turned on.
You could use $_REQUEST instead as it contains both $_GET and $_POST.
I need a bit of clue here. What I want to do is to allow user to submit a url to my website through a bookmarklet. So when they click on the bookmarklet, the textfield with id (field_url) will be autofilled with the url on the page they are on. I looked around and found that I need to use this piece of code for the bookmarklet.
javascript:location.href="http://mywebsite.com/geturl.php?url="+encodeURIComponent(location.href);
My question: what should I put in geturl.php in order to autofill the textfield?
You're passing the URL through a GET parameter, so normally you'd just have to echo it in your php page:
<input type="text" id="field_url" value="<?php echo $_GET['url']; ?>" />
The shorthand method is <?=$_GET['url']?>, but I prefer to stay away from PHP shorthands.
I have a have in PHP and I have common fields such as 'Name' and 'Surname'.
Now when the user visits the page e.g. http://www.example.com/form.php the form fields 'Name' and 'Surname' are empty.
I would like to now have a link similar to this http://www.example.com/form.php?name=John
so that when the client hits the link the PHP form will now have the name field already filled with 'John' in it.
I know this can be done in HTML but how can I do it in PHP?
Just to let to know I do not own the PHP form - I just want a link from my website to fill the PHP form (which I do not have control over).
Thanks in advance.
Can be done using $_GET
An associative array of variables passed to the current script via the URL parameters.
e.g.:
<? php
if(isset($_GET['name']))
{
$test = $_GET['name'];
}
?>
<html>
<body>
<form>
<input type="text" name="test" value="<?php if(isset($test)){echo "$test";}?>"/>
</form>
</body>
</html>
Note: code isnt tested or anything.. Also, there are possible security risks with getting values from your URL (can be considered user input), so make sure you are aware of that and how to prevent
You could store that value and then when you're about to output the input fields
you just pass along the stored value.
$name = $_GET['name'];
// ... later on
echo '<input type="text" value="'.$name.'"/>';
By using $_GET superglobal
<input name="name" value="<?php echo !empty($_GET['name']) ? $_GET['name'] : '';?>" />
<input name="surname" value="<?php echo !empty($_GET['surname']) ? $_GET['surname'] : '';?>" />
You can use the get method in php to get the name and make use of it
You can retrive this information by the $_GET["name"] function, or $_REQUEST["name"].
Reserver variables
Be carefull with those operations, you might have validation a/o security problem.
Note: if you are not sure that the "name" variable is set or not, you have to use also the
isset function to test it.
You can use the $_GET superglobal, so your input could look like this:
<input type="text" name="name" value="<?php if(isset($_GET['name'])) { echo $_GET['name']; } ?>" />
The $_REQUEST superglobal does a similar thing but I would just use $_GET.
It looks like everyone's answers here assume you are building the form yourself, which doesn't appear to be the case based on your question.
The thing that you want to do may or may not be possible. If the form accepts certain kinds of parameters in certain ways, you may be able to hook in to that functionality and set it up so that when someone clicks a link on your page, that information gets passed to the other page.
One way forms can accept this information is in the form of a "get" request. With this method, values are passed as part of the url, as in your example: http://www.example.com/form.php?name=John. Assuming your page has access to a php variable called $name, you can create a link from your code to build this kind of url like this:
Sign up!
If the page does not accept get parameters in this way (and I have a hard time imagining that they would), you may have to try other techniques to send along the information (assuming that they will even accept it!). The two other ways I imagine you could do this are by passing the value with "post" or creating a cookie for the page. If you tell us what page you are trying to set up this behavior on, we might be able to examine it and give you a better answer.
I want to develop a system where a user should be able to post the comments on the author published news.
I am very much confused about the Insert Statement that i should be using to store the user commenting system, i have two mysql table one is news and another is comments below is the screenshot of two tables.
news
comments
in the comments table i have defined a foreign key (new_id) , in which i want to store the value that is related to the particular news for example a news with id no. 7, how do i achieve this dynamic feat? how do i automatically relate it to the news when a user post the comment (nevertheless to say that the user will be giving the input from the form )?
EDIT : I want to use One news article on one page.
thank you
Well first off you need to know how you are going to view a news item? Is this going to have all news articles on one page and below each news article is a to post new comments? If so then each of these forms generated per news article should have the news ID in the form potentially as .
Example:
<p>News article 1.</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="new_id" value="1"/>
<textarea name="comments"></textarea>
<input type="submit" name="submit" value="Post COmment"/>
</form>
<p>news article 2</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="new_id" value="2"/>
<textarea name="comments"></textarea>
<input type="submit" name="submit" value="Post COmment"/>
</form>
Then on this page at the top you can check for whether or not user pressed submit button:
<?php
if(isset($_POST['submit'])){
//$_POST['new_id'] is news article id
//$_POST['comments'] is comments for this
//sql to store new_id = $_POST['new_id'] and comments = $_POST['comments']
{
Alternatively:
Lets say on your home page you have links to each news article and you retrieve them on subsequent page using $_GET. So index.php displays news and getNews.php is where news is displayed. You could want to on index.php generate a link to getNews.php?id=
THis way on getNews.php you know which news article to get using $_GET['id'] and you can easily post comments to this using a similar technique to above, take $_GET['id'] and toss it into your form on getNews.php as hidden field.
Caution: be careful and sanitize your $_GET variable before using it.
?>
first your structure looks good.
i assume "new_id" is id of the newspost!
i would switch from datetime to timestamp. its range is smaller but i dont think you are gonna have posts in the past? and it has additional features like automatical timezone conversion.
anyways! the usual approach is to include the "news_id" as a hidden form field in the form that is used to submit the comment!
then you can fetch it with $_POST["whatever-you-named-it"];
and then you construct your insert statement... dont' forget to mysql_real_escape_string() every user supplied data to avoid mysql injection.
Generally that id (the id of the entity you're attaching something to) is either in the URI the form is POSTed to, or is simply a hidden element in the form.
For example:
<?php
//somehow you need to set this value, if the comment form is on the same
//page as the news then you should already have this id. If not, then you
//have to provide the 'stand-alone' comment page with the id you expect it
//to be using
$new_id = 7
<form method='post' action='/news/<?php echo $new_id ?>/comment/'>
<input type='hidden' name='new_id' value='<?php echo $new_id ?>'>
<input tyle='text' name='Name'>
...
</form>
With that form you can either parse the URI to determine what the foreign key should be, or use the hidden field.
Update: Showing how to use both $_GET and $_POST (so you don't have to parse the URI):
<form method='post' action='/comments/?new_id=<?php echo $new_id ?>'>
As always, check all user input, regardless of where it comes from (the URI, a POST a GET).
you could add an hidden input field to your comments form like this:
<input type="hidden" name="new_id" value="7"/>
Then in your php code you get the value via $_POST['new_id'] or $_GET['new_id'] depending on what method you're using.
The you can use the following code to generate the SQL:
$new_id = mysql_real_escape_string($_POST['new_id']);
$comment = mysql_real_escape_string($_POST['comment']);
$sql = "INSERT INTO comments (comment,new_id) VALUES ('$comment','$new_id')"
If shortened it, you still have to add the other values. But I hope now it's clear how you can do this.
If you don't want to use the hidden field you can add a get parameter to the action url like this:
<form action="your_script.php?new_id=<?= $new_id ?>">
Then you get it as $_GET['new_id'].
Update:
If you're concerned for security and want to make sure nobody ist trying to forge a request, you should take a look at http://www.codewalkers.com/c/a/Miscellaneous/Stopping-CSRF-Attacks-in-Your-PHP-Applications/1/
You asked about the SQL INSERT statement, so I assume you are concerned simply with the SQL...
Using AUTO_INCREMENT, LAST_INSERT_ID(), and TRANSACTION...
Set [news].[id] to be an AUTO_INCREMENT value type. Then using a transaction, you should be able to do something like this:
START TRANSACTION;
INSERT INTO news VALUES('2010-08-21','','','','','')
INSERT INTO comments VALUES(,'2010-08-21','','','','','',1,LAST_INSERT_ID())
COMMIT;