I would like to hard-code the form below. In other words, I would like to post $submission and $fullurl to index.php as "tweet" without giving the user the option to edit them.
How can I do this?
EDIT: I want the user to still click a button that says "Tweet" to post the variables.
Thanks in advance,
John
<form method='post' action='index.php'>
<br />
<textarea name="tweet" cols="50" rows="5" id="tweet" ><?php echo $submission ?> <?php echo $fullurl ?></textarea>
<br />
<input type='submit' value='Tweet' name='submit' id='submit' />
</form>
<form method='post' action='index.php'>
<p><?php echo $submission ?> <?php echo $fullurl ?></p>
<input type="hidden" name="tweet" value="<?php echo $submission ?> <?php echo $fullurl ?>">
<input type='submit' value='Tweet' name='submit' id='submit' />
</form>
That still doesn't mean the user won't be able to doctor the value through, everything's editable client-side one way or another. Save the to-be-submitted tweet server-side in a session if you need absolutely immutable values.
I'm not entirely sure what you are asking, but it sounds like you just want to have some variables kept serverside without a user being able to edit them, between page loads.
In that case you may wish to learn about Sessions and session variables. These allow you to store stuff in between page loads without a user being able to edit them (but you can still read from them so you can display your variables on the page!)
If you could perhaps rephrase your question some if this isn't the answer you are looking for, we would be better able to assist you.
You could set the disabled
attribute of the <textarea>. But then
it would not be submitted with the
form. So you'd have to make a hidden
input with the value or use sessions to persist the data if it could not be recreated therwise.
You could also use JavaScript to blur the text area on focus. But there are ways around this, i.e. disable JavaScript.
In the end, I think you should reconsider the user interface and user experience. A textarea that isn't editable, probably should be a form element. Just display the data you plan to tweet and allow them to Appove it.
You could just make it completely invisible (style="visibility:hidden"), or disable it (`disabled="true"').
You can also just use document.getElementById('formID').submit(); to submit the form automatically.
Better yet, just make them all hidden inputs, and submit on page load with the above code.
Related
I have a simple HTML post with a php variable included as the value, I wish to use this in my codeigniter project what is the best way to do this.
Here is my correct code (I do have the form helper)
<form action="https://www.mysite.co.uk/1/" method="POST">
<input id="start-test" type="hidden" name="userid" value="<?php echo htmlspecialchars($userID); ?>;
<input class="btn btn-primary" type="submit" role="button" id=""></input>
</form>
I may have misunderstood your question with my first answer.
If all you want is a post button, then you can write this
<input type="submit" class="btn btn-primary" role="button" value="Send" />
Or use the form helper
<?php echo form_submit('BtnName', 'Send'); ?>
// Would produce:<input type="submit" name="BtnName" value="Send" />
http://www.codeigniter.com/user_guide/helpers/form_helper.html#form_submit
You can do what you are doing:
<input id="start-test" type="hidden" name="userid" value="<?php echo htmlspecialchars($userID); ?>">
Or use set_value like this:
<input id="start-test" type="hidden" name="userid" value="<?php echo set_value('userid', $userID); ?>">
This will repopulate the field value on form error. I have missed off the HTML special chars but you can include that still if you feel like you need to, but I presume this is an id from a database, that is set with auto increment and as it is not user generated data the use of html special chars here might be a bit unnecessary.
In your controller you can access the post variables like this:
$posted_id = $this->input->post('userid');
However, you should be using form validation on posted data. This is quite a big topic but you can read about the above in the docs. Also referring to your User ID directly is not always a great solution since this form can be easily manipulated. You can help to alleviate that somewhat with CI CSRF protection and using form_open but it is often best to use sessions and get the ID from there. You should not ever have to include a user id in a hidden form variable.
Set Value
http://www.codeigniter.com/user_guide/libraries/form_validation.html#re-populating-the-form
Reading post variables
http://www.codeigniter.com/user_guide/libraries/input.html#accessing-form-data
Form Validation in general
http://www.codeigniter.com/user_guide/libraries/form_validation.html#form-validation
Form open and CSRF
http://www.codeigniter.com/user_guide/helpers/form_helper.html#form_open
CI Sessions
http://www.codeigniter.com/user_guide/libraries/sessions.html#session-library
If you are not familiar with security practices it is sometimes best to get to know and use a mature and developed authorization and authentication library. There are many so I will not recommend one here. Just do a search for one and find one that suits your needs.
I have got an issue to ask related with GET/POST.
I am trying to make a simple blog with posts and comments of them.
From each post I have got on main page, I would like to add a comment form in a new page that enables to save the post´s index to have a control of the commentaries.
I get this index value through GET in the new page but when I submit the form via POST I lose the reference to the index.
I read that is not possible to use both methods at the same time and I would like to know how can I keep a parameter from the main page and store it with the rest of the values in the new form.
Thanks a lot,
BR
http://localhost/simple_blog_new_comment.php?postIndex=xx
<form action='simple_blog_new_comment.php' method='POST'>
Commentary:<br>
<textarea onfocus='clearContent(this)' cols='30' rows='5' name="txt_comment">Enter the text here...</textarea><br>
Author: <input type='text' name='txt_comment_author'><br>
<input type='submit' name='btn_comment_submit'><br><br>
</form>
I found a solution for this problem I would like to share in case someone have the same trouble.
Finally I get working my "Posts" and "Comments" databases fixing the variable reference problem using $_SESSION superglobal variable.
It works like this:
session_start(); // This allows the use of $_SESSION superglobal var
$_SESSION['index'] = $_GET['postIndex']; // Save the variable into $_SESSION
With this superglobal variable you can keep the index variable as a cookie for using it as long as you keep the session opened.
More related info here: http://php.net/manual/es/reserved.variables.session.php
Thanks again! :D
I am not sure if I understood you question. I suppose you want to get the parameter by URL and send it through a form. I think you should do the next.
<?php
$index=$_REQUEST["Index"];
?>
<form action='simple_blog_new_comment.php' method='POST'>
Commentary:<br>
<textarea onfocus='clearContent(this)' cols='30' rows='5' name="txt_comment">Enter the text here...</textarea><br>
Author: <input type='text' name='txt_comment_author'><br>
<?php echo "<input type=hidden name=num_index value=" . $index . ">"; ?>
<input type='submit' name='btn_comment_submit'><br><br>
</form>
In the simple_blog_new_comment.php you will need this if you want to get the value of num_index.
<?php
$kk=$_REQUEST["num_index"];
echo $kk;
?>
I think you are looking for something similar. I hope it would be useful.
I can't figure out why my hidden input field is still showing in the source code of the page:
<form method="POST" ACTION="score.php">
<ul class="answer">
<li>
<input type="checkbox" name="answer_0" value="<?php echo $answer_0; ?>"><?php echo answer_0;?></br>
<input type="hidden" name="right" value="<?php echo $right;?>"/>
</li>
</ul>
<button type="submit" class="btn btn-warning">Submit</button>
</form>
What is wrong here ? I tried without the PHP variable and the hidden field was still showing.
There's nothing wrong here. Hidden inputs should not be used for data that the user must not be able to see. It's just used for data that they don't need to see, and would just clutter up the form.
If you want to hide something from the user securely, you should use session variables. These are kept on the server, not sent to the browser. If you do need to send something to the browser, and don't want the user to be able to get anything from it, you could encrypt it first. But remember, you can't trust that the user won't modify it before sending it back. Anything that comes from the browser can be tweaked by the user.
Have searched around but not found an answer to this. Might be an indicator that this is a silly question, but:
I'm trying to echo some information from the page URL into a form action so that information is carried to the next page. The form and PHP looks like this:
<form method="link" action="surveymaker.php?title=<?php echo $_GET['title'];?>">
The information that the user enters into the form gets added to the url on the next page, but not the "title" that I'm trying to add by echo. I'm fully prepared to accept that I'm going at this the totally wrong way if that's how it is. Can anyone point me in the right direction?
Thanks
You can use a hidden input field to do this. Just add this to your form:
<input type="hidden" name="title" value="<?php echo htmlspecialchars($_GET['title']);?>">
Note the use of htmlspecialchars to sanitize the value from the URL.
This is not a good idea of archiving what you want ,You should use hidden inputs instead.
example place this anywhere inside your <form>:
<input type="hidden" value="<?= $_GET['title']; ?>" name="title"/>
try this. worked for me..
<?php $title = $_GET['title'];?>
<form method="link" action="surveymaker.php?title=<?php echo $title;?>">
I have a picture upload inside a form...
The file is a php file btw...
Problem is whenever this form is filled in, and the user clicks to upload the first picture, the form is submitted to itself and all the fields which the user may have filled in will go blank...
I know of one way to do it, alot of 'isset' in my php code, but is there any simpler or maybe better way I don't know of?
Thanks
You echo back the POST variable on your fields.
<form method="POST">
<input type="text" name="name" value="<?php echo $_POST['name']?>" />
<input type="submit" name="submit" />
</form>
When the form is submitted to self, the same data will be filled.
Well i do not know of anything else. I always use this:
<input type="text" value="<?= isset($value) ? $value : ""; ?>">
I think it is not too much code in the Templates, but it does the Trick.
Alternatively you could use some Frameworks wich abstract everything for you, but i cannot recommend some...