i am trying to create a donate page. the hole page is php,
there is a textbox that hold the amount value which should be send via hidden input with the url to the the payment gateway. i have tryed many time but it is not working. i am still a beginner in this could any one please help me in fixing my code here
<div class="donate">
<?php
$amount = $_REQUEST['amount'];
$txtCurrency = 840;
$txtAmount = number_format($amount, 2, '.', '');
echo $amount;
$key = "TEST";
$txthttp = "http://test.com/you.php";
?>
<form action="payment.php" name="form1">
<input type="text" id="amount">
<input type="submit">
<input type="hidden" name="txtAmount" value="<?= $txtAmount; ?>">
<input type="hidden" name="txthttp" value="<?= $txthttp; ?>">
<input type="hidden" name="signature" value="<?= $key; ?>">
</form>
</div>
In general, you should avoid using $_REQUEST when you can use $_GET or $_POST. $_REQUEST allows variables to be set by either an HTTP GET or POST, which can pose a security risk, since your site will presumably use one or the other. With that said, here's what I would do:
Add method="post" to your form tag.
Access the input elements by looking at $_POST['txtAmount'], $_POST['txthttp'], etc.
In general, you can view all variables set in the POST by doing this:
var_dump($_POST);
You can access these values from payment.php with $_POST['txtAmount'], $_POST['txthttp'], $_POST['signature']. How you handle them will be up to your code. I see that you used the $_REQUEST array, which will work, however I believe it's better form to be specific and use the $_POST array.
Related
I have a set of input boxes and you can add more and more sets of these forms if you click the add more button. In my form I can submit data and I have got it to show up when you reload the page, when the page shows it it also adds a value into a hidden form in case the user updates this information.
However, how can I see all the sets of data which do not have a hidden form value? And all the sets with do have a hidden value so I can do different things to them.
Here is my code:
HTML:
<form>
<div class = "fieldset-1">
<input type="text" id="Name1" name="name[]">
<input type="hidden" id="id1" name="id[]">
</div>
<div class = "fieldset-2">
<input type="text" id="Name2" name="name[]">
<input type="hidden" id="id2" name="id[]">
</div>
</form>
PHP:
$data = $_POST;
extract($data, EXTR_PREFIX_SAME,"br");
//Prints The Variables To Make Sure They Are Correct
print_r($id);
$name = preg_replace("/[^a-zA-Z- ]/", "", $name);
print_r($name);
You have all the post data in a $_POST. It doesn't depend on field's type. The only thing matters — field's name.
The reason why you can't see it with your code is that you do
$name = preg_replace("/[^a-zA-Z- ]/", "", $name);
For what, btw? preg_replace is for string, $name here is an array (cause your form field has a name name[]), so function fails, and you lost your data.
And don't ever use extract, it's considered harmful.
I have a value coming from another form in the same page called $_POST['serial']. And i want to use this value to run a query in another form but after I submit the second form nothing happened and the query not running.
<?php
if (isset($_POST['serial'])) {
$serial = $_POST['serial'];
?>
<form action="" method="post">
<button type="submit" name="submit">Click to use</button>
</form>
<?php
if (isset($_POST['submit'])) {
$query = mysql_query("UPDATE table_name SET status = 'inactive' WHERE serial = '$serial'");
}
}
?>
To pass the variable along you would create a hidden input on your second form to contain the value:
<?php
// check and clean up the passed variable
$serial = isset($_POST['serial']) ? htmlspecialchars($_POST['serial']) : '';
?>
<form action="" method="post">
<input type="hidden" name="serial" value="<?php echo $serial; ?>" />
<button type="submit" name="submit">Click to use</button>
</form>
For Safety's Sake
Your script is at risk for SQL Injection Attacks.
If you can, you should stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really not hard.
Additional Thoughts
If you're planning to do a two-step form you'll likely want to place all of the data processing outside of the form page, in a separate PHP file. With the limited code that you have shown I fear that we will miss something in our answers which will lead you to additional questions because your code still isn't working as you would expect.
A button needs a name and a value to be successful. Your button doesn't have a value so $_POST['submit'] will be undefined.
Add a value attribute to your <button> element.
After you do that, $serial will be undefined because your form doesn't submit that.
You need to include it in your form too:
<input type="hidden" name="serial" value="<?php echo htmlspecialchars($serial); ?>">
I know there are a few ways to pass a variable to another page for a form. But is there any secure way to pass the variable to another page?
POST
First form in the page
$firstName= 'Sarah';
$lastName = 'Lim';
$name = $firstName.' '.$lastName;
<form id="Staff" name="Staff" method="post" action="nextpage.php" enctype="multipart/form-data">
<input name="name" type="text" id="name" value="<?php echo $name?>"/>
<input type="submit" name="submit" value="Submit">
</form>
Passing variable to nextpage.php
$StudName = $_POST['name'];
$split = preg_split('/[ \.]/', $StudName);
echo $split[0].$split[1];
In this case, I must use session to pass the variable to nextpage.php. Is there any other more secured way or neater way? As if I have alot of fields in a form, there would be alot of "$_POST['...']" in my second page.
The only secure way I can think of is to use https, if you're looking for neater code you could do something like $p = $_POST; which will let you do echo $p['blah']; for example.
i have a kohana application, and i have a form with several checkboxes, and the user is supposed to check his preferences there in the form. so i have a relation 1:n between the user table and the preferences table. my problem is that i want to save those preferences, selected in the form, and i don;t know how.
i have the form:
<form id="address" method="POST" action="<?= Route::url('Save user preferences' , array('user_id' => $user));?>">
<? foreach ($prefered_products as $pp): ?>
<input type="checkbox" name="user_preferences_preference[]" value="<?= $pp ?>" /><?= $pp->product; ?><br />
<? endforeach; ?>
<button type="submit">Salveaza preferintele tale</button>
</form>
and i save the data:
foreach ($_POST['user_preferences_preference'] as $up) {
$user_preferences->prefered = $up;
$user_preferences->user = $this->user;
$user_preferences->save();
}
$this->view->message = __('Thank you for your feedback!');
but seems like the way i parse the preferences is not correct, i am getting: ErrorException [ Warning ]: Invalid argument supplied for foreach()
any idea about how am i supposed to get the multiple $_post preferences?
thank you!
I have a slightly different way of doing this.
When I create a checkbox I also create an identical hidden field set to zero
<input type="hidden" name="my_check" value="0" />
<input type="checkbox" name="my_check" value="$value" />
The checkbox, if ticked, will override the hidden value. This way when you send the form you end up with $_POST['checkbox]=1 or 0, but it always exists in the $_POST.
The nice thing about this method is you can extend the Form::checkbox helper so that it's always present and you don't have to worry about it for every form / controller.
p.s. in you above example you would probably want to do it like this:
<input type="hidden" name="user_preferences_preference[$pp->id]" value="0" />
<input type="checkbox" name="user_preferences_preference[$pp->id]" value="<?= $pp ?>" />
<?= $pp->product; ?><br />
Or use a $key value instead of $pp->id.
The problem is that a checkbox will only post data when set. You should reverse check the values. Ie;
Fetch all preference (id's) from the database
Check if a value is found in the $_POST var
If not, update to false (or 0 or whatever) in db, if set, read out the value.
hey there,
i have three pages:
(1) bookingfacilities.php
(2) booking_now.php
(3) successfulbooking.php
and they are link together.
i want to pass data from bookingfacilities.php to successfulbooking.php by using hidden field/value. however, my data doesn't get print out in successfulbooking.php.
here are my codes:
from 'booking_now.php':
$date="$day-$month-$year";
from 'successfulbooking.php';
<input type="hidden" name="date" id="hiddenField" value="<?php print "$date" ?>"/>
i would greatly appreciate your help as my project is due tomorrow :(
You should never assume register_global_variables is turned on. Even if it is, it's deprecated and you should never use it that way.
Refer directly to the $_POST or $_GET variables. Most likely your form is POSTing, so you'd want your code to look something along the lines of this:
<input type="hidden" name="date" id="hiddenField" value="<?php echo $_POST['date'] ?>" />
If this doesn't work for you right away, print out the $_POST or $_GET variable on the page that would have the hidden form field and determine exactly what you want and refer to it.
echo "<pre>";
print_r($_POST);
echo "</pre>";
Maybe a little late to the party but why don't you use sessions to store your data?
bookingfacilities.php
session_start();
$_SESSION['form_date'] = $date;
successfulbooking.php
session_start();
$date = $_SESSION['form_date'];
Nobody will see this.
You have to use $_POST['date'] instead of $date if it's coming from a POST request ($_GET if it's a GET request).
I'm not sure what you just did there, but from what I can tell this is what you're asking for:
bookingfacilities.php
<form action="successfulbooking.php" method="post">
<input type="hidden" name="date" value="<?php echo $date; ?>">
<input type="submit" value="Submit Form">
</form>
successfulbooking.php
<?php
$date = $_POST['date'];
// add code here
?>
Not sure what you want to do with that third page(booking_now.php) too.