I have been using SESSION Variables to enter data with loginName as way to retrieve only records that contain that Users loginName. How do I create a form that can search using this parameter and bring up all the records that the user created.
This is what I use to input the SESSION variable into the record.
<input type="hidden" name="loginName" id="loginName" value= "<?php echo $_SESSION['MM_loginName']; ?>" />
Here is the form that I was trying to use:
<form action="memberresults.php" method="post" name="form5" target="_self" id="form5">
<input type="hidden" name="loginName" id="loginName" value= "<?php echo $_SESSION['MM_loginName']; ?>" />
<input type="submit" name="form5" id="form5" value="Submit" />
</form>
Any Ideas?
Michael
Presumably you have control over the page memberresults.php? Then you don't need to post any hidden fields, since the session variable will be available right on that page.
$query = 'SELECT * FROM table WHERE user_id = ' . $_SESSION['MM_loginName'];
Of course with the usual validation and SQL injection prevention and so on...
Related
I'm currently working on at the displaying of information from a database. I was making a summary site where you can only see the important things of a table. After that i made the first element as an <input type="submit"> in a <form>, so u can click it and come to the detail site. My problem is now: The value of this input type has to be my ID, so i can query correctly on me detail site. I was wondering if it is possible to use something like a placeholder, so that the ID is the value, but on the input type is written other text.
My input:
<form method="post" action="Details.php">
<input type="submit" placeholder = "test" name="Overview" onclick="parent.location='Details.php'" value="<?php echo $data[$i1]; ?>">
</form>
How it currently looks
I want it that the input type still has the same value, but is displaying on the website something else like "test".
Greetings!
No, but buttons can have different values and labels.
<button name="foo" value="bar">baz</button>
Since you are using a form-tag per row, you can add a hidden input-field in the form and set the value of the submit-button to whatever you like.
<form method="post" action="Details.php">
<input type="hidden" name="id" value="<?php echo $data[$i1]; ?>" />
<input type="submit" name="Overview" value="test" />
</form>
So I have a html table containing data retrieved from the database. In each row, there is an "edit" button. It looks like this:
<td><form action="controller/edit" method="post">
<input type="hidden" name="id" value="<?php echo $id ?>">
<input type="submit" value="edit">
</form></td>
Then in the controller/edit page I will access the database again:
select * from table where id=$_POST['id']
This is all fine. However I am thinnking of avoiding the second access to the database to improve performance. I am trying to do something like this:
<td><form action="controller/edit" method="post">
<input type="hidden" name="id" value="<?php echo $id ?>">
<input type="hidden" name="name" value="<?php echo $name ?>">
<input type="hidden" name="amount" value="<?php echo $amount ?>">
<input type="submit" value="edit">
</form></td>
This way all the data from the row is in the form, so when the form submits to controller/edit I don't need to access the database again. Is this approach fine? Or Is this bad practice?
The second one you've mentioned does seem like a shortcut, but it can be vulnerable.
Hidden fields can easily be tampered. For example, a user can manipulate the value of the hidden field and change the value to a random number like 975646456456456.
In that case, your database will have an incorrect insertion since there probably wouldn't be a matching record corresponding to id 975646456456456.
So, I think you should go with the first one and check your database if the id exists, and fetch its records.
Try to submit using jquery.button. For example submit form:
submitform(){
jQuery('form id').attr('action','url'+'?id= "id from db");
jQuery('form id').submit();
}
I just want to call the id value of one page in another page, but it has not been working for me for a long time. I have given the id value to the form as "addedcart" and called in php code but it is not displaying any cart value. Is it correct to call an id like this? Because I don't know perfectly about php. The form which I want to be called is given below:
<?php
$addedcart = $_POST['addedcart'];
$formcontent="Items in cart: $addedcart";
mail($recipient,$subject,$formcantent,$headers) or die("Error!");
?>
<form action="" method="post" class="last" id="addedcart">
<fieldset>
<input type="hidden" name="business" value="info#domain.com" />
<input type="hidden" name="cmd" value="_cart" />
<input type="hidden" name="display" value="1" />
<input type="image" name="submit" src="images/cart.png" class="button"/>
</fieldset>
</form>
From the limited information we have, I can see two possible solutions:
Solution 1: $_SESSION variable
Start your PHP code with session_start(); and make $_SESSION['addedcart'] equal to what you want. This will carry over to any page that uses session_start(); and can't be changed by the end-user.
Solution 2: Hidden Form Input
Add the following to the form:
<input type="hidden" name="addedcart" value="<?php echo $addedcart ?>" />
The downside of this method is that a user can change these values in the Developer tools in Chrome/Firefox.
Maybe I don't understand English as well as I thought. I need some help. I read the other posts but I am still not able to send variables to another page using POST instead of GET. Please help me with this example:
I have two pages. The first one has a query (Users). Then I make a table with the results and using the following code I can send user id to another page where I can edit some information.
First page:
<td><div align="center">
<a href="Users_modify.php?id=<?php echo $row_Users['id'];?>">
<img src="Icons/info-icon.png" width="20" height="20"></a></div></td>
Second page:
$colname_recordset1 = "-1";
if (isset($_GET['id'])) {
$colname_recordset1 = $_GET['id'];}
and after this I can use the variable to make a query.
With respect I ask you for a sample of the first page statement in order to be able to use POST on the second page. Thank you for your time!
You can only use $_POST on a form.
If it is associated in a link, you can use $_GET or you can use $_REQUEST to get the query string.
You'll fill $_POST by using a form:
<form action="…" method="post">
<input type="hidden" value="$id">
…
<input type="submit" value="Save">
</form>
posting it by form
<form action="second page url" method="post">
<input type="hidden" name="id" value="$id">
…
<input type="submit" value="Post">
</form>
First Page
<form method="post" action="page2.php">
<input type="hidden" name="idField" value="<?php echo $id; ?>" />
<input type="submit"/>
</form>
Second Page
<p>
<?php
echo $_POST["idField"];
?>
</p>
I have a text box which picks up a value from my database and is a read only text box. it contains some information which i want to send to my datbase but nothing is being recorded. Once the textbox isnt a read only, the data is successfully stored. Is there any way i can keep my textbox disabled and still send the data to my database?
<form action="refnoadded.php?public=<?php echo $id; ?>" method="post">
<span id="sprytextfield1">
<input type="text" name="ref" value="<?php echo $newpass ?>" disabled />
<input type="button" onClick="history.go(0)" value = "Generate Reference">
<br />
<span class="textfieldRequiredMsg">Reference Number Required</span>
</span>
<br />
<input type="submit" value="Add Reference" />
</form>
any ideas?
disabled doesn't send data to server
use
<input readonly value="my value" name="myname">
HTH!
have the data in a second hidden input:
<input type="hidden" name="ref_hidden" value="<?php echo $newpass ?>" />
the user won't see the difference and you will get your value send when submitting the form.
Disabled textfields don't submit their information to $_POST or $_GET. You can simply use the form element
<input type="hidden" name="rev_hidden" value="<?php print $password; ?>" />
This is the standard (correct) way to pass hidden information in the form.
Another use for this element is if you want to pass a "formsubmitted" variable.
However, if you want to create a value and have it uneditable by the user, do it on the server side. Create the value when you create the database, since users can relatively-simply send other data in the place of what you've generated.