I have a basic PHP form page that contains quite a large amount of data that will be saved into about 4-5 different tables in MySql once it is all done. Since constructing this save routine will take a bit of PHP I'm looking to have the POST action to not point at PHP_SELF and instead a separate PHP file for processing.
Where all general data such as phone numbers, email, zip codes, etc. will be validated prior to the submit is passed to the processor script, if an error is returned by the processor...
What is the best practice way to point back to the original form page (HTTP_REFERER) while maintaining data input?
Form page:
<form action="processor.php" action="post">
<!-- lots of fields -->
<input type="submit" id="submitButton" name="Save" value="Save" />
</form>
Processor page:
<?php
if ( isset($_POST['date']) && ($_SERVER['HTTP_REFERER'] == "form.php") )
{
$errors = false;
//attempt to put data in database
if ( $errors )
{
//Pass back to the form.php page with error message and all data intact
}
}
?>
I have come across this problem before, how we solved this was to put all the fields into a session, then redirect back to form.php using header("Location: form.php");
When the data was posted to the form, we stored the $_REQUEST into a $_SESSION['post']; if the validation failed, we sent it back to the form, populated the fields and unset the session.
So for example
$_SESSION['post']['field_a'] = $_REQUEST['field_a'];
$_SESSION['post']['field_b'] = $_REQUEST['field_b'];
With some fancy naming conventions you can just loop this to make it easy.
Then on the Form page, we just checked to see if there was some data, or just echo the data regardless.
$str_field_a = #$_SESSION['post']['field_a'];
...
<input name="field_a" value="<?php echo $str_field_a; ?>" />
...
unset($_SESSION['post']);
This is probably a messy way of doing this, but it has proven effective for our purposes. Just thought I'd share.
I would send a post back to form.php containing errors and values. I use the same method in my personal project.
if ( $errors ) {
?><form action="form.php" method="post" name="error">
<input type="hidden" name="errcode" value="<?php echo $errorcodes; /*or whatever message*/ ?>" />
<input type="hidden" name="anotherdata" value="anothervalue" />
<?php /*you can add all post datas here as hidden field*/ ?>
</form>
<script type="text/javascript">document.error.submit();</script><?php
}
And this is similar to my form.php
//first I set default blank variables for form
$formvalue="";
$formnumericvalue="";
//i set them, yay!
//if I get values from post.php, I update the values
if (isset($_POST['iserror'])) { //you can either echo a error message or update current data here, I'm showing this for both
$formvalue=$_POST['formvalue'];//don't forget to validate these!
$formnumericvalue=$_POST['formnumericvalue']; //don't forget to validate these!
}
//I also do this method for edit forms
//and finally I show the form
?>
<form name="form" method="post" action="post.php">
<input type="text" name="formvalue" value="<?php echo $formvalue; ?>" />
</form>
I think you can do that using an array of error.
Set error flag false (if error occurs then set it true and so not store in database).
Check element 1, if error then store it in array $error['name'] = 'value'
Similarly check all elements, and store using same procedure.
In the end if error flag is set to false do not store in database and (if on the same page, you will be able to access the array on form where you want to display error message. )
if(isset($error['elementname'])) echo $error['elementname'];
below the page.
However, the best approach is to use an Object Oriented approach.
[UPDATE]
storing php objects on html form element and passing php objects through GET method?
how to send redirect page pass variables as post variables from a php script
Also I guess, storing the whole object in SESSION would not be a bad approach
Related
It seems pretty simple but I can't find a good way to do it.
Say in the first page I create a variable
$myVariable = "Some text";
And the form's action for that page is "Page2.php". So in Page2.php, how can I have access to that variable? I know I can do it with sessions but I think it's too much for a simple string, and I do only need to pass a simple string (a file name).
How can I achieve this?
Thanks!
HTML / HTTP is stateless, in other words, what you did / saw on the previous page, is completely unconnected with the current page. Except if you use something like sessions, cookies or GET / POST variables. Sessions and cookies are quite easy to use, with session being by far more secure than cookies. More secure, but not completely secure.
Session:
//On page 1
$_SESSION['varname'] = $var_value;
//On page 2
$var_value = $_SESSION['varname'];
Remember to run the session_start(); statement on both these pages before you try to access the $_SESSION array, and also before any output is sent to the browser.
Cookie:
//One page 1
$_COOKIE['varname'] = $var_value;
//On page 2
$var_value = $_COOKIE['varname'];
The big difference between sessions and cookies is that the value of the variable will be stored on the server if you're using sessions, and on the client if you're using cookies. I can't think of any good reason to use cookies instead of sessions, except if you want data to persist between sessions, but even then it's perhaps better to store it in a DB, and retrieve it based on a username or id.
GET and POST
You can add the variable in the link to the next page:
Page2
This will create a GET variable.
Another way is to include a hidden field in a form that submits to page two:
<form method="get" action="page2.php">
<input type="hidden" name="varname" value="var_value">
<input type="submit">
</form>
And then on page two:
//Using GET
$var_value = $_GET['varname'];
//Using POST
$var_value = $_POST['varname'];
//Using GET, POST or COOKIE.
$var_value = $_REQUEST['varname'];
Just change the method for the form to post if you want to do it via post. Both are equally insecure, although GET is easier to hack.
The fact that each new request is, except for session data, a totally new instance of the script caught me when I first started coding in PHP. Once you get used to it, it's quite simple though.
Thanks for the answers above. Here's how I did it, I hope it helps those who follow. I'm looking to pass a registration number from one page to another, hence regName and regValue:
Create your first page, call it set_reg.php:
<?php
session_start();
$_SESSION['regName'] = $regValue;
?>
<form method="get" action="get_reg.php">
<input type="text" name="regName" value="">
<input type="submit">
</form>
Create your second page, call it get_reg.php:
<?php
session_start();
$regValue = $_GET['regName'];
echo "Your registration is: ".$regValue.".";
?>
<p>Back to set_reg.php
Although not as comprehensive as the answer above, for my purposes this illustrates in simple fashion the relationship between the various elements.
Passing data in the request
You could either embed it as a hidden field in your form, or add it your forms action URL
echo '<input type="hidden" name="myVariable" value="'.
htmlentities($myVariable).'">';
or
echo '<form method="POST" action="Page2.php?myVariable='.
urlencode($myVariable).'">";
Note this also illustrates the use of htmlentities and urlencode when passing data around.
Passing data in the session
If the data doesn't need to be passed to the client side, then sessions may be more appropriate. Simply call session_start() at the start of each page, and you can get and set data into the $_SESSION array.
Security
Since you state your value is actually a filename, you need to be aware of the security ramifications. If the filename has arrived from the client side, assume the user has tampered with the value. Check it for validity! What happens when the user passes the path to an important system file, or a file under their control? Can your script be used to "probe" the server for files that do or do not exist?
As you are clearly just getting started here, its worth reminding that this goes for any data which arrives in $_GET, $_POST or $_COOKIE - assume your worst enemy crafted the contents of those arrays, and code accordingly!
There are three method to pass value in php.
By post
By get
By making session variable
These three method are used for different purpose.For example if we want to receive our value on next page then we can use 'post' ($_POST) method as:-
$a=$_POST['field-name'];
If we require the value of variable on more than one page than we can use session variable as:-
$a=$_SESSION['field-name];
Before using this Syntax for creating SESSION variable we first have to add this tag at the very beginning of our php page
session_start();
GET method are generally used to print data on same page which used to take input from user. Its syntax is as:
$a=$_GET['field-name'];
POST method are generally consume more secure than GET because when we use Get method than it can display the data in URL bar.If the data is more sensitive data like password then it can be inggeris.
try this code
using hidden field we can pass php varibale to another page
page1.php
<?php $myVariable = "Some text";?>
<form method="post" action="page2.php">
<input type="hidden" name="text" value="<?php echo $myVariable; ?>">
<button type="submit">Submit</button>
</form>
pass php variable to hidden field value so you can access this variable into another page
page2.php
<?php
$text=$_POST['text'];
echo $text;
?>
Sessions would be the only good way, you could also use GET/POST but that would be potentially insecure.
**page 1**
<form action="exapmple.php?variable_name=$value" method="POST">
<button>
<input type="hidden" name="x">
</button>
</form>`
page 2
if(isset($_POST['x'])) {
$new_value=$_GET['variable_name'];
}
It works.
Send data throw URL, without form.
$upit = "SELECT * FROM usluga";
$data = $mysql->query($upit);
while ($row = mysqli_fetch_object($data))
{
echo "<a href='"."index.php?tretmanId=$row->tretman_id"."'>$row->naziv</a>";
echo "<br><br>";
}
and you can get this value on the target page with "$_GET['name from URL']", like this
$TrermanIdFromUrl = $_GET['tretmanId'];
You can for example call the page you want by including variables in the url:
header("Location: ../signup.php?newpwd=passwordupdated");
And on your signup.php page, you would have
if (isset($_GET['newpwd']) && $_GET['newpwd'] == "passwordupdated") {
//code here
}
It seems pretty simple but I can't find a good way to do it.
Say in the first page I create a variable
$myVariable = "Some text";
And the form's action for that page is "Page2.php". So in Page2.php, how can I have access to that variable? I know I can do it with sessions but I think it's too much for a simple string, and I do only need to pass a simple string (a file name).
How can I achieve this?
Thanks!
HTML / HTTP is stateless, in other words, what you did / saw on the previous page, is completely unconnected with the current page. Except if you use something like sessions, cookies or GET / POST variables. Sessions and cookies are quite easy to use, with session being by far more secure than cookies. More secure, but not completely secure.
Session:
//On page 1
$_SESSION['varname'] = $var_value;
//On page 2
$var_value = $_SESSION['varname'];
Remember to run the session_start(); statement on both these pages before you try to access the $_SESSION array, and also before any output is sent to the browser.
Cookie:
//One page 1
$_COOKIE['varname'] = $var_value;
//On page 2
$var_value = $_COOKIE['varname'];
The big difference between sessions and cookies is that the value of the variable will be stored on the server if you're using sessions, and on the client if you're using cookies. I can't think of any good reason to use cookies instead of sessions, except if you want data to persist between sessions, but even then it's perhaps better to store it in a DB, and retrieve it based on a username or id.
GET and POST
You can add the variable in the link to the next page:
Page2
This will create a GET variable.
Another way is to include a hidden field in a form that submits to page two:
<form method="get" action="page2.php">
<input type="hidden" name="varname" value="var_value">
<input type="submit">
</form>
And then on page two:
//Using GET
$var_value = $_GET['varname'];
//Using POST
$var_value = $_POST['varname'];
//Using GET, POST or COOKIE.
$var_value = $_REQUEST['varname'];
Just change the method for the form to post if you want to do it via post. Both are equally insecure, although GET is easier to hack.
The fact that each new request is, except for session data, a totally new instance of the script caught me when I first started coding in PHP. Once you get used to it, it's quite simple though.
Thanks for the answers above. Here's how I did it, I hope it helps those who follow. I'm looking to pass a registration number from one page to another, hence regName and regValue:
Create your first page, call it set_reg.php:
<?php
session_start();
$_SESSION['regName'] = $regValue;
?>
<form method="get" action="get_reg.php">
<input type="text" name="regName" value="">
<input type="submit">
</form>
Create your second page, call it get_reg.php:
<?php
session_start();
$regValue = $_GET['regName'];
echo "Your registration is: ".$regValue.".";
?>
<p>Back to set_reg.php
Although not as comprehensive as the answer above, for my purposes this illustrates in simple fashion the relationship between the various elements.
Passing data in the request
You could either embed it as a hidden field in your form, or add it your forms action URL
echo '<input type="hidden" name="myVariable" value="'.
htmlentities($myVariable).'">';
or
echo '<form method="POST" action="Page2.php?myVariable='.
urlencode($myVariable).'">";
Note this also illustrates the use of htmlentities and urlencode when passing data around.
Passing data in the session
If the data doesn't need to be passed to the client side, then sessions may be more appropriate. Simply call session_start() at the start of each page, and you can get and set data into the $_SESSION array.
Security
Since you state your value is actually a filename, you need to be aware of the security ramifications. If the filename has arrived from the client side, assume the user has tampered with the value. Check it for validity! What happens when the user passes the path to an important system file, or a file under their control? Can your script be used to "probe" the server for files that do or do not exist?
As you are clearly just getting started here, its worth reminding that this goes for any data which arrives in $_GET, $_POST or $_COOKIE - assume your worst enemy crafted the contents of those arrays, and code accordingly!
There are three method to pass value in php.
By post
By get
By making session variable
These three method are used for different purpose.For example if we want to receive our value on next page then we can use 'post' ($_POST) method as:-
$a=$_POST['field-name'];
If we require the value of variable on more than one page than we can use session variable as:-
$a=$_SESSION['field-name];
Before using this Syntax for creating SESSION variable we first have to add this tag at the very beginning of our php page
session_start();
GET method are generally used to print data on same page which used to take input from user. Its syntax is as:
$a=$_GET['field-name'];
POST method are generally consume more secure than GET because when we use Get method than it can display the data in URL bar.If the data is more sensitive data like password then it can be inggeris.
try this code
using hidden field we can pass php varibale to another page
page1.php
<?php $myVariable = "Some text";?>
<form method="post" action="page2.php">
<input type="hidden" name="text" value="<?php echo $myVariable; ?>">
<button type="submit">Submit</button>
</form>
pass php variable to hidden field value so you can access this variable into another page
page2.php
<?php
$text=$_POST['text'];
echo $text;
?>
Sessions would be the only good way, you could also use GET/POST but that would be potentially insecure.
**page 1**
<form action="exapmple.php?variable_name=$value" method="POST">
<button>
<input type="hidden" name="x">
</button>
</form>`
page 2
if(isset($_POST['x'])) {
$new_value=$_GET['variable_name'];
}
It works.
Send data throw URL, without form.
$upit = "SELECT * FROM usluga";
$data = $mysql->query($upit);
while ($row = mysqli_fetch_object($data))
{
echo "<a href='"."index.php?tretmanId=$row->tretman_id"."'>$row->naziv</a>";
echo "<br><br>";
}
and you can get this value on the target page with "$_GET['name from URL']", like this
$TrermanIdFromUrl = $_GET['tretmanId'];
You can for example call the page you want by including variables in the url:
header("Location: ../signup.php?newpwd=passwordupdated");
And on your signup.php page, you would have
if (isset($_GET['newpwd']) && $_GET['newpwd'] == "passwordupdated") {
//code here
}
I am new to OO php so this may seem basic..
Basically I have a list of courses a user can book. I have got it so the user can remove the course from their list, but I want a message to be displayed to them after they delete. I have done something similar to what I want here:
<form name="removecourse" action="<?php bloginfo('url');?>/user/<?php echo $current_user->first_name ; ?>" method="post">
<input type="hidden" value="<?php the_id();?>" name="courseid" />
<input id="removebutton" type="submit" name="removecourse" value="Remove">
</form>
The form sends the required data to the same page, and at the top of that page is a check to see if the forms post name is present in $_POST[] like so:
if(isset($_POST['removecourse']) && !empty($_POST['removecourse'])){
$courseManager->delete_post($_POST['courseid'], $_POST['cancel-reason']);
echo $courseManager->delete_response;
};
This is where the Class and object part comes in...
public $delete_response;
function delete_post($postid, $reason){
//stuff to actually delete the post
$this->delete_response = 'Thanks, your course has been removed.';
}
So here I am adding a value to the delete_response variable and calling it above at the top of the page. This works, but when I refresh the page the message is still there as I am resubmitting the POST. I am just wondering if what I am doing is along the right track, and how to implement a Post/Redirect/Get type functionallity to stop the messaage from appearing on page refresh?
You have to check, either your course has been already deleted, is it simple as that :).
Yours displaying it again because:
if(isset($_POST['removecourse']) && !empty($_POST['removecourse'])){
//is always true when posted again.
}
You have to check the existiance
Near the top of my page, I have this:
<?php $id = $_GET['id']; ?>
Then I have some form check conditionals that read from POST:
if (isset($_POST['completeSubmit'])) {
//code
}
And finally, I have an HTML form which looks like this:
<form action="<?php echo $_SERVER['PHP_SELF']."?id=$id"; ?>" name="complete" method="post">
<input type="submit" id="textButton" name="completeSubmit" value="[mark as complete]">
</form>
The page is initially accessed by using GET with an id variable like this:
http://website.com/page.php?id=1
All subsequent form submissions (which get redirected to the same page) fail. I know you can't send both GET and POST in the same request, but seeing as my form is submitting to $_SERVER['PHP_SELF']."?id=$id" using POST shouldn't it work? This is my first time trying this so it is quite possible I've overlooked something trivial.
You can use get and post at the same time, but you shouldn't. If you want to continue to send the ID this is as simple as:
<form ...
<input type="submit" ...
<input type="hidden" name="id"
value="<?php echo htmlspecialchars($_GET['id'], ENT_QUOTES); ?>" />
</form>
Of course you can not use GET and POST methods simultaneously.
However you can use a query string while sending a form using POST method, which being used to populate $_GET array.
To find a certain error you have to provide more info. At least 2 things:
how does HTML form look
what do yo see in the query string after posting the form.
and errr...
do you use any header redirects in the form processing?
After filling the form when submit, accidentally due to some filling error ,the form is not submit and return to back,in this condition the value of all text box is blank. i want to stable value of all fields in this condition . I'm using php with smarty framework. Please reply with solution as soon as possible.
Thanks.
If the form is submitted to the page that contains it then you will have access to the submitted values, and can use them to populate your form. For example, if you are submitting the form via POST:
<input name="something" value="<?=$_POST['something']?>" />
If you are submitting the form to a different script, you could send the values back to the page with the form as URL parameters, or you could use temporary session variables, and unset them when the input passes whatever validation you are using:
$_SESSION["temp_something"] = $_POST["something"]; //In form processing script
Then in your form:
<input name="something" value="<?=$_SESSION['temp_something']?>" /> <!--In form-->
You can fill the form fields, on the second round, by filling the content inside the value attributes of html tags, like so:
<input type="text" value="<?php echo $_REQUEST['test']; ?>" name="test">
Pay attention: this is a fast and simple solution. It gives you an idea. In good web programming practice you should sanitize the form data received by client in order to avoid security issues.