I'm attempting to create a link for users to click that will remove them from a list. I'm trying to figure out how to do this without using a submit button and without using $_GET(if possible).
Anyway, I'm afraid to do it with $_GET (the way I have it now), because the user can type this in the URL (even though 99% wouldn't know how or think to do this) and they would be removed from the list.
How can I name the link so I can use $_POST?
$attendingUsers = mysql_query("Select acceptedInvites from events where eventID = ".mysql_real_escape_string($_GET['eventID'])." ");
$users= mysql_fetch_array($attendingUsers);
$user = $users['acceptedInvites'];
if(preg_match("/$userid/", $user)){
echo "You are attending this event</br>";
echo 'Click here to remove yourself from the list';
if($_GET['delete']=1){
$sql=...
}
}
Is it possible to do this without using $_GET? Thanks!
Never delete via a link. Read The Spider of Doom
Best way is to link to a "delete" page with an "are you sure" form. Submitting the form (via POST) performs the delete and redirects back to a suitable results page.
For example
Click here
to remove yourself from the list
Then, in remove.php
<?php
// get Event details via $_GET['eventID']
if (isset($_POST['confirm'])) {
// delete via SQL
// redirect
header('Location: http://example.com/events.php');
exit;
}
// display event details
?>
<form method="post" action="remove.php?eventID=<?php echo $eventId ?>">
<p>Are you sure?</p>
<input type="submit" name="confirm" value="Remove me from this event">
</form>
You should probably also look into CSRF protection but that's really outside the scope of this question.
Your are required to use either $_GET or $_POST
<form action="delete.php" method="post">
<input type="hidden" name="eventId" value="yourEventId" />
<a href="#" onclick="this.form.submit();" > Delete</a>
</form>
If I have my JavaScript right, this should do the trick:
Delete
<form id="delete" action="delete.php" method="post">
...
</form>
The link will then submit the form.
You could use some kind of encoding to make the get var unreadable, like an md5 or even an encrypted string.
Related
I have an input type text box as follows
<input type="text" name="deleteprofileconfirmation" id="deleteprofileconfirmation" class="editprofileinput">
Delete Account
I need to pass the value entered in the input type text to deleteaccount.php
I can do with help of jquery, no problem, i need a pure php solution...
I tried using sessions, but problem is how to read the value in input type when link is clicked.. $_POST is also not working...
i cannot use form because this is a form in another form so html5 is not allowing nested forms, sorry should have mentioned that earlier
the following is not working on deleteaccount.php
if (isset($_POST['deleteprofilebutton']))
{
$delete_profile = strtolower($_POST['deleteprofileconfirmation']);
}
Make your link as
href="../controllers/deleteaccount.php?id=$ID_VALUE"
and update the POST to GET
if (isset($_GET['id']))
{
$delete_profile = strtolower($_GET['id']);
}
That would be GET now.
Make sure users with no privileges can hit this url and delete the profiles. Do check the user rights before processing the delete operation.
You can do this using form
<form action="../controllers/deleteaccount.php" method="post">
<input type="text" name="deleteprofileconfirmation" id="deleteprofileconfirmation" class="editprofileinput">
<input type="submit" class="deleteprofilebutton" name="deleteprofilebutton" id="deleteprofilebutton" value="Delete Account">
</form>
You could also give each one a unique name and just check the $_POST for the existence of that input.
<input type="submit" name="deleteprofileconfirmation" value="Delete" />
<input type="submit" name="submit" value="Submit" />
And in the code:
if (isset($_POST['deleteprofileconfirmation'])) {
//delete action
} else if (isset($_POST['submit'])) {
//submit action
} else {
//no button pressed
}
I have a value coming from another form in the same page called $_POST['serial']. And i want to use this value to run a query in another form but after I submit the second form nothing happened and the query not running.
<?php
if (isset($_POST['serial'])) {
$serial = $_POST['serial'];
?>
<form action="" method="post">
<button type="submit" name="submit">Click to use</button>
</form>
<?php
if (isset($_POST['submit'])) {
$query = mysql_query("UPDATE table_name SET status = 'inactive' WHERE serial = '$serial'");
}
}
?>
To pass the variable along you would create a hidden input on your second form to contain the value:
<?php
// check and clean up the passed variable
$serial = isset($_POST['serial']) ? htmlspecialchars($_POST['serial']) : '';
?>
<form action="" method="post">
<input type="hidden" name="serial" value="<?php echo $serial; ?>" />
<button type="submit" name="submit">Click to use</button>
</form>
For Safety's Sake
Your script is at risk for SQL Injection Attacks.
If you can, you should stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really not hard.
Additional Thoughts
If you're planning to do a two-step form you'll likely want to place all of the data processing outside of the form page, in a separate PHP file. With the limited code that you have shown I fear that we will miss something in our answers which will lead you to additional questions because your code still isn't working as you would expect.
A button needs a name and a value to be successful. Your button doesn't have a value so $_POST['submit'] will be undefined.
Add a value attribute to your <button> element.
After you do that, $serial will be undefined because your form doesn't submit that.
You need to include it in your form too:
<input type="hidden" name="serial" value="<?php echo htmlspecialchars($serial); ?>">
I am currently trying to make a hyperlink that calls the same page that I am on, but a different PHP function. This seems like a simple enough solution however I don't want any information displayed in the URL. A "post" seems to be the best solution but I cannot find any results as to how to make this work.
<?php
function myFirst(){
echo 'The First ran successfully.';
}
function mySecond(){
echo 'The Second ran successfully.';
}
?>
<html><body>
<?php
if (isset($_GET['run'])){
$linkchoice=$_GET['run'];
}else{
$linkchoice='';
}
switch($linkchoice){
case 'first' :
myFirst();
break;
case 'second' :
mySecond();
break;
default :
echo 'no run';
}
?>
<hr>
Link to First
<br/>
Link to Second
<br/>
Refresh No run
</body></html>
If u want to use POST by pressing something in the page, u can either use JS to turn that into a POST request, or simply submit a form.
Assuming u use jQuery
go somewhere
<form id="koko" style="display:none" target="baba/was/here/this/is/the/url" method="post">
<input type="hidden" name="run" value="boo" />
</form>
...
...
function manda_mi(){
$('#koko').submit();
}
If you want to avoid Javascript you could wrap the links in a form, and style the buttons to look like normal links.
Basically:
<button type="submit" value="first" name="action">Link to First</button>
<br/>
<button type="submit" value="second" name="action">Link to Second</button>
<br/>
<button type="submit" value="0" name="run">Refresh no Run</button>
And then just check what button was pressed.
Although the simplest option is probably Javascript.
I've finally got the first page of my registration page working. The user has to select one of three options before continuing to the next page. The problem I am having now is that the first page is not sending the data to the next page. Here is the code for
Registration_1.php:
$reg_type = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!empty($_POST["Reg_type"])) {
//$reg_type=$_POST["Reg_type"];
//header('Location: Registration_2.php?rtype='.$reg_type);
$reg_type=$_POST["Reg_type"];
header('Location: Registration_2.php');
}
}
?>
<form name="frmtype" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post" >
<input type="radio" name="Reg_type" value="1"/> Registering myself with credit card or bank account <br/>
<input type="radio" name="Reg_type" value="2"/> Registering multiple people using credit card or bank account <br/>
<input type="radio" name="Reg_type" value="3"/> Registering multiple people using a purchase order <br/>
<input type="submit" name="Submit" value="Submit" />
<?php
if(isset($_POST["Submit"]) && !isset($_POST["Reg_type"]))
echo "Please select an option";
?>
</form>
Registration_2.php
<?php
$regtype=$_POST["Reg_type"];
echo "regtype value is:" . $regtype;
if($regtype==1) {
?>
However regtype is blank, meaning i'm not getting any data from the previous page. Can anyone tell me what the problem is?
session_start();
$reg_type=$_POST["Reg_type"];
$_SESSION['cust_type'] = $reg_type;
and in any page,
session_start();
echo $_SESSION['cust_type'];
for more informations,
http://matthom.com/archive/2005/02/19/php-passing-variables-across-pages
http://www.plus2net.com/php_tutorial/variables.php
PHP Pass variable to next page
http://mrarrowhead.com/index.php?page=php_passing_variables.php
http://php.net/manual/en/reserved.variables.session.php
This is because you are doing a redirect, so the post data no longer exists.
You have a few options.
Instead of doing a redirect, you could do an include.
You could store the data (session, database, etc)
You could append the data to the redirect
header('Location: Registration_2.php?Reg_type=' . $_POST['Reg_type');
then use $_GET on the Registration_2 instead of post.
You're posting your form to page1 and then redirecting to page2. Page2 doesn't have access to the posted data due to the redirect (the post is not carried along).
What you should do is process the data in page1 and store it before redirecting (eg, in a session, or use a query string like you've commented out).
Another note, when you call for a redirect using header, make sure you also exit or die immediately afterwards like the php documentation mentions (since you cannot guarantee the page will stop processing there).
First of all, when you use header to redirect, the POST variables are lost. You need to pass the variables with GET in order to retrieve them on Registration_2.php.
Registration_1.php
//...
header('Location: Registration_2.php?Reg_type=' . $_POST["Reg_type"]);
//...
and Registration_2.php:
$regtype=$_GET["Reg_type"];
echo "regtype value is:" . $regtype; if($regtype==1) {
I'm trying to get a website working. What I have are basically two images displayed (random, taken out of a mySQL database). What I need to do is (when the user clicks one of the images) the following:
Update the page, passing the info about the selected image (submit form);
Add one piece of data to the database (upvote the image)
I need to use $_POST to pass an array of values to the next page. So I thought:
<form name="input" action="the_page.php" method="POST">
<input type="image"
name="img"
src="image.png"
value ="dat1[\"data1\",\"data2\",\"data3\"]">
<!-- If value must be a single string, I'll use hidden inputs-->
</form>
<form name="input" action="the_page.php" method="POST">
<input type="image"
name="img"
src="image2.png"
value ="dat2[\"data1\",\"data2\",\"data3\"]">
</form>
Then I can upvote the selected image on the mySQL database with a little php upvote() function that updates the record. The upvoting process is done when the new page is loaded. From this, I have a couple questions:
I'm guessing the images will act as buttons, right? (They are supposed to submit the form, hence refreshing the page). If not, how can I achieve this? I'm unable to do it with a link (since I can't add the values to it). Maybe a javascript function? But I don't know how to submit the form that way either...
Once the page is reloaded, does it mean that only the data from one form has been submited, so I can retrieve the data by simply calling the PHP variable $_POST['img'] and get an array back?
EDIT: I now managed to get everything working, slightly similar to what I proposed initially. Thanks for the AJAX suggestion though, since it was what helped me solve it (looked up AJAX tutorials, found solution).
Here's my solution:
<?php
echo "<form name=\"input\" action=\"F2F.php\" method=\"POST\">";
echo "<input type=\"hidden\" name =\"table\" value=\"".$table1."\">";
echo "<input type=\"image\" name=\"nom\" src=\"".$IMG_Route1."\" value =\"".$Nom_base1."\" border=\"0\">";
echo "</form>";
?>
(where the image goes)
and then, on the header:
<?php
if ($_POST['nom']||$_POST['nom_x']){
if (!$_POST['nom']){
echo 'Could not retrieve name. $_POST[\'nom_x\'] = '.$_POST['nom_x']. mysql_error();
exit;
}
if (!$_POST['table']){
echo 'Could not retrieve table. $_POST[\'table\'] = '.$_POST['table']. mysql_error();
exit;
}
upvote($_POST['table'],$_POST['nom']);
}
?>
You can use one form and a set of radio buttons to simplify things a bit. Clicking on the label will toggle the radio button. You can use commas to separate multiple values for each checkbox, which you can then abstract later on (see below)
<form name="input" action="the_page.php" method="POST">
<ul>
<li>
<label>
<img src="whatever.jpg" />
<input type="radio" name="selectedImage" id="img1" value="12,16,19" />
</label>
</li>
<li>
<label>
<img src="whatever2.jpg" />
<input type="radio" name="selectedImage" id="img2" value="12,16,19" />
</label>
</li>
</ul>
</form>
You can detect when the radio button is selected by adding a listener for the change event, then submit the form.
$('input[name="selectedImage"]').change(function() {
$('form[name="input"]').submit();
});
To abstract the multiple values, you can then explode the form result with PHP, which will return an array of the values.
$selectedImageValues = array();
$selectedImageValues = explode(",", $_POST['selectedImage']);
From there you can pull the different values out and save the data to the database.