I have a form
<form method='post' action='action.php' name='myForm'>
<input type='' name='id' value='id'>
<script>document.myForm.submit();</script>
</form>
Can I submit this form without using JavaScript - only PHP without clicking on the submit button, automatically?
This form must be auto submitted on page load, but not using JavaScript (without onload)
The act of form submission is done on the client side (browser) and has very little to do with PHP (server side).
You could add a submit button like <input type='submit' value='click here to complete step' />
A form must be submit, by the client side. On client-side, there's only two way: by Javascript or by human (clicking on the submit button).
Why not just use the <input type="submit" /> like the following:
<form method='post' action='action.php' name='myForm'>
<input type='text' name='id' value='id' />
<input type='submit' name='submission' value='Submit id'>
</form>
add a submit button.
<input type="submit" value="Submit" />
Unfortunately, what you are trying to do is not possible. The best you can do is probably this:
<form method='post' action='action.php' name='myForm'>
<input type='' name='id' value='id'>
<input type='submit' id='submit-button' />
<script>domument.getElementByID('submit-button').style.display="none";document.myForm.submit();</script>
</form>
A submit button is displayed when client side scripting is disabled. When it's enabled, the submit button is immediately hidden and the form is automatically submitted.
EDIT
Or you could simply include the PHP file. <?php include action.php; ?>. You won't have access to the _POST array, but considering, the client hasn't had chance to enter any data, that won't really matter.
Related
I am having trouble submitting parameters to a website via an html code simulating an XSRF attack. I have the html below in which I have set the parameters for the action including an account #, routing #, action, and a value that need to reverse engineer through source code that represents the users session.
When ran, the site either returns "Changes Saved" indicating a successful XSRF attack or returns "XRSF Blocked" indicating I did not derive the fourth value correctly.
However, when I log in to the site and execute the script, nothing is returned and even the page forms are unchanged. I think something in my syntax is probably slightly off. Can someone assist?
<!DOCTYPE html>
<html>
<meta charset="UTF-8"/>
<title>XSRF</title>
</head>
<body onload='document.forms[0].submit();'>
<form action='some_php_file.php' method='POST'>
<input type='hidden' name='action' value='save'/>
<input type='hidden' name='account' value='3192332'/>
</form>
</body>
</html>
Your inputs have no closing tags.
<input type='hidden' name='action' value='save'
<input type='hidden' name='account' value='3192332'
In order to post information, you need a submit input:
<form action='some_php_file.php' method='POST'>
<input type='hidden' name='action' value='save'/>
<input type='hidden' name='account' value='3192332'/>
<input type="submit" name="name" placeholder="placeholder"/>
</form>
Hope this helps :-)
<input type='submit' name='submit' value='Register' class='register' />
how do I make this link to a website on click?
Here's one way of doing it with your present code (submit-type button) using PHP's header() function.
(handler.php)
<?php
if(isset($_POST['submit'])){
header("Location: http://www.example.com/page.php");
exit;
}
And I'm assuming with the code you have in your question, resembling something to the affect of:
<form action="handler.php" method="post">
Username:
<input type='text' name='username' />
<input type='submit' name='submit' value='Register' class='register' />
</form>
Of course I didn't include the possible $username=$_POST['username']; that could be in your PHP, depending on how you will be using it.
EDIT
Upon reading mplungjan's comment have made a slight name change. I've yet to know why using the name submit is considered unsafe, after trying to find the (or a) reason why on Google. I'm hoping to get or find an answer to this affect.
(Edit-findings) See further information below that I found to date.
(handler.php)
<?php
if(isset($_POST['reg_button'])){
header("Location: http://www.example.com/page.php");
exit;
}
And I'm assuming with the code you have in your question, resembling something to the affect of:
<form action="handler.php" method="post">
Username:
<input type='text' name='username' />
<input type='submit' name='reg_button' value='Register' class='register' />
</form>
Findings:
Article(s) I've come across on the subject that mplungjan mentioned in comments:
Why is the NAME attribute considered unsafe?
Cross site scripting
On php-security.org
If you're going to use a PHP (server-side) method, consider using the following, as borrowed from this website's article on Cross site scripting.
<input name="foo" value="<?php print htmlspecialchars($foo); ?>">
and in your case:
<input type='submit' name='reg_button' value='<?php print htmlspecialchars($reg_button); ?>' class='register' />
Borrowed from mplungjan's comment:
1) never call a submit button name="submit"
2) use a link or a button <input type="button" onclick="location='somepage.html'" />
3) Just use name="Submit" or submitted and problems will be avoided.
(Thanks for the extra input mplungjan).
You have to understand the default behavior of the tag you're using. The submit input tag, sends the user to the form action. I'm not sure what you're trying to do, so I'm not sure if you're even using the right tag. Perhaps consider anchor tags?
My best guess, given the vague question is:
<form action="{URL}" method="post">
<input type='submit' name='submit' value='Register' class='register' />
</form>
or
Register
<input type="button" onclick="window.location='YourUrlHere'" class="register" value="Register"/>
You can use anchor tag for this problem, An anchor tag is used to redirect from one page to another page by just one click.
Here you can use this as follow:
<input type='submit' name='submit' value='Register' class='register' />
Note: href is the tag which contains the path of your desired destination.
That's it,
Keep coding... :)
You can go for a Register as just said or if you want you can also use the button tag <button onclick="myFunction()">Click me</button> where myFunction is your JavaScript code to an other page
I was originally using a $_GET method:
''
Using this works, but i've been told that using a $_POST method is better, less messier and just the preferred choice.
So i'm wondering how i would implement the very same thing as above, but using a $_POST method.
You can submit a form with method post or use an ajax request. In jquery this would look like:
$("#myLinkId#").on('click',function() {
$.ajax({url:'phpFile.php',type:'post',data:{...you data here...}});
});
You need to turn this into a form or use jQuery to trigger an Ajax call on click. Here's a form example:
<form action="editNews.php" method="post">
<input type="hidden" name="starts" value="<php echo $starts?>">
<input type="hidden" name="end" value="<php echo $end?>">
<input type="hidden" name="event" value="<php echo $event?>">
<input type="submit" name="submit" value="Your Link" data-icon="edit">
</form>
To send data via PHP to another page/form, you can do this:
Original form:
<form method='post' action='new-page.php'>
inputs here, etc.
submit button here
</form>
So this will, upon clicking submit, send you to new-page.php with all of the form data held in the PHP variable $_POST which is an array.
You can access the data by referencing the array with the name of the input, for example, say that you had:
<input type='text' name='NAME' />
You can reference this data on new-page.php with $_POST['NAME'].
I hope this helps you!
I am using a button to function in the same way as a hyperlink:
<form action="intro.html"><input type="submit" value="CLICK HERE TO ENTER" ></form>
This works for static links, but does not work with PHP $_GET arguments.
<form action="wrong_choice.php?stage=0"><input type="submit" value="Wrong Choice!" ></form>
Clicking that will proceed to "wrong_choice.php" but not "wrong_choice.php?stage=0"
How can I fix that?
Thank you
Better to use:
<input type="button" value="Wrong Choice!" onClick="document.location.href('wrong_choice.php?stage=0');" />
If you do not want javascript, add method to form, delete parameter from action and add input with type hidden, which stands for parameter.
Action does not accept query string!
If you want to append data into the form which isn't part of the inputs filled by the user, add inside the <form>
<input type="hidden" name="stage" value="0" />
Action is what you want to do with the information in the form: you want to send the form in a email or send the information to another script to manage or comeback to same script.
If you want pass arguments in the form you should put them in form's fields like that:
<form action="wrong_choice.php>
<input type='hidden' value='0' name="stage">
<input type="submit" value="Wrong Choice!" >
</form>
Thanks
I'm a noobie programmer and I wonder how to properly submit a form with javascript.
I made some test code to show you what I mean:
<?php
if (isset($_POST['message']))
{
echo $_POST['message'];
}
?>
<script>
function formsubmit()
{
document.getElementById('form').submit();
}
</script>
<form id="form" name="form" action="" method="post">
<input id="message" name="message" value="hello world">
<input id="submit" name="submit" type="submit">
</form>
Click me<br/>
<input type="submit" onClick="formsubmit()" value="Click me">
When you push the "submit" button inside the tags - the php code will echo "hello world".
When submitting the form with JS the values won't post to the page. What am I doing wrong?
Thanks in advance.
I've searched the whole afternoon for a solution, but cause of my lack of knowledge about programming I failed to find it.
Believe it or not, but the main problem lies here:
<input id="submit" name="submit" type="submit">
If a form contains an input element with name (or id) of submit it will mask the .submit() method of the form element, because .submit will point to the button instead of the method. Just change it to this:
<input name="go" type="submit">
See also: Notes for form.submit()
The smaller problem is here:
Click me<br/>
An empty anchor will just request the same page again before calling formsubmit(). Just add href="#".
The problem here is that the id and name of the input element on your form is called submit.
This will mask the submit function for the form. Change the name and id and you will be able to use javascript to submit the form.
try setting the href of the to '#'. I would guess what is happening is that by clicking on the link, it submits the form and immediately changes the url to the same page you are on cancelling the form submit before it has a chance to go.