I enabled URL rewriting on my PHP site with Apache (http://example.com/index.php?param=12 becomes http://example.com/index/param/12).
I have a few forms which are in GET instead of POST.
After subitting the form, the resulting URL is not rewritten.
Is it possibile to keep rewritten URLs after submitting a GET form?
UPDATE: I found this article on the topic http://matthewjamestaylor.com/blog/how-to-post-forms-to-clean-rewritten-urls but I really don't like the idea of redirecting to rewritten URL. Is there really no way to keep rewritten URLs without redirecting?
UPDATE 2: Here is an example of what I'm trying to do.
Let's say I have a simple form like this:
<form method="get" action="">
<fieldset>
<input type="text" name="q" />
<input type="submit" value="Search" />
</fieldset>
</form>
and let's say my url is http://example.com/index/param/12
After submitting the GET form, the url becomes http://example.com/index/param/12?q=my-input-text, while I would like to get a rewritten url like http://example.com/index/param/12/q/my-input-text
Seems like if you want your form to go directly to /q/my-input-text you should use JavaScript to make that happen on the form's onSubmit.
apache mod_rewrite only processes incoming (request) urls - it has no control of the urls you generate in your php scripts. This is something you should take care of yourself.
Related
I am trying to input submit value and want to pass the value to another page through GET but for that I have to use two Clicks button.
I want the same in a single click. Help required.
Code:-
<form method="post">
<input name="inwardid" type="text" id="inwardid" />
<?php $inwardid = $_POST['inwardid']; ?>
<input type="submit" value="Next" />
</form>
<a href="addbook.php?up=<?php echo $inwardid; ?>"><button>Proceed</button>
You want to send the value the user typed in to the other page. So use this for your <form>:
<form method="POST" action="addbook.php">
<input name="up" type="text" id="up">
<input type="submit" value="Proceed">
</form>
To access the value in addbook.php, use $_POST['up'].
This will send the value the user typed in the input label (type="text") to the addbook.php page, using a $_POST. No need for a $_GET, $_POST will do just fine.
As you deliberately asked for method GET, my solution shows you GET!
You must know there is no security issue when using GET. It depends what you want to do. GET is useful if you want to use a dynamic code in multiple ways depending on some some variables that you do not want to hard-code in your script, or simply do not want to send files or other huge data.
Lets admit a newspaper has a site called breaking_news.php and you want to access the breaking news of November 8, 2016you could use this as :
breaking_news.php?y=2018&m=11&d=08
The fact that one can see your GET vars means nothing. Even by using POST one can see your variables by looking at your code. And one way or the other you must protect against code injection and brute force.
But if your not in the mood to show this vars to your visitor you can use URL rewriting to rewrite the url above in the browser as
RewriteRule ^breaking/(.*)/(.*)/(.*)/news\.html$ breaking_news.php?y=$1&m=$2&d=$3 [NC,L]
so you send your visitor to see the (rewritten)URL
breaking/2018/11/08/news.html
but what the web-server is showing him is:
breaking_news.php?y=2018&m=11&d=08
A reason to use this if for example when you want your dynamic site to be taken into consideration by some searching engine as a static site, and get indexed. But this is again another battle field.
Second, you want to send the variable to "addbook.php", and not to itself.
Your question sounded like you want to send to "another page" not to the same page.
Third, I can see in your code snippet you want to submit the variable "up" and not "inwardid", as you did in your code.
And also I can see you want the "submit" button to be called "Proceed".
Your code would look like this:
<form method="GET" enctype="application/x-www-form-urlencoded" action="addbook.php" target="_blank">
<input name="up" type="text" id="inwardid" />
<input type="submit" value="Proceed" />
</form>
As I said you must protect against injection, and this means for example, that in the "addbook.php",to whom you are sending the variables you must write some code that protects you against this issues. As your question is not in this direction I will not enter this subject.
To avoid problems with special chars you must "url-encode" your variable specially when sending them per POST method. In this case you must use this enctype if your handling text. Because this enc-type is transforming special chars into the corresponding ASCII HEX-Values.
Using GET your safe, because GET cant send in another enc-type. So your variable will automatically be url-encoded and you receive a string that is compliant to RFC 3986 similar by using:
rawurlencode($str)
Lets admit someone smart guy fills in a your input box the following code, in the desire to break your site. (This here is not exactly a dangerous code but it looks like those who are.)
<?php echo "\"?> sample code in c# and c++"; ?>
using enctype="application/x-www-form-urlencoded" this will become something like this:
%3C%3Fphp%20echo%20%22%5C%22%3F%3E%20sample%20code%20in%20c%23%20and%20c%2B%2B%22%3B%20%3F%3E
what makes it safe to be transported in a URL, and after receiving and cleaning it using
strip_tags(rawurldecode($_GET['str']))
it would output something like this, what is a harmless string.
sample code in c# and c++
I'm a bit confused about this. I'm hoping it's something wildly obvious I've missed! I have a very simple form:
<form class="form-signin" role="form" name="login" method="POST" action="/page">
<input type="password" name="password" />
<input type="submit" value="Sign in" />
</form>
Note: this page lives at /page and is echoed after the following HTML:
On /page I have this at the very top of the file:
<?php
var_dump($_SERVER['REQUEST_METHOD']);
For some reason, it always shows up as GET when I submit this form. If I take the action="/page" part out then it shows up as POST. What am I missing here?
Note: Even when I load the page, then put at exit after the above var_dump() call, it still shows GET.
In the inspector's timeline I see this for the request:
Thanks to the comments to my question I have found the answer to be in apache configuration. It appears that, because the index.php file is inside a folder called page, apache will automatically redirect to the page with a slash on it. This is the default setting as seen in the Apache directorySlash documentation.
As they warn against turning this off, I will just change the url to what I'm posting. Alternatively, of course, I could add a .htaccess file with proper rewrite rules setup.\
Thanks for everyone's help! As a side note, Safari's inspector left me a little wanting in this case. Chrome turned out to be a far better option for testing.
I have a search form on my site,
and I want to pass the text in the form to the URL,
like: mysite.com/search.php?q=apples (if search word was apples).
I figure that way people can bookmark their searches.
One solution I thought would be to catch the searchword in search.php and then reload into a new made URL. But it's not very elegant to reload like that. So how can I do it - I mean, how is it normally done? Do I need to use jQuery?
Clarification: I know how to get the vars from the URL in php. What I need is to control the URL that will be opened when the user presses SUBMIT, and the URL needs to contain the user's search word! Just like Google or DuckDuckGo, I put "apples" and the URL becomes ...?q=apples. But - how?! (Then I'll pick that up in the search.php, of course, but I know how to do that.) This is what I have now:
<div id="topnav">
<form action="search.php" method="post">
<input name="searchword" type="text">
<input type="submit">
</form>
Thank you so much.
Upon reading the clarification. What you need is a search form that submits to your search.php for example:
<form action="search.php" method="get">
<input type="text" value="search word" name="q" />
<input type="submit" value="submit" />
</form>
This will pass whatever value entered in the input named q to the search.php script.
If you post a HTML form which includes a text field with name 'q' and value 'apples' then the URL you want is automatically created by the browser. You definitely don't need JQuery for that.
how about using the POST-Redirect-GET pattern? [http://en.wikipedia.org/wiki/Post/Redirect/Get] also http://blog.andreloker.de/post/2008/06/Post-Redirect-Get.aspx
This would allow you to keep the url in the browser:
yoursite.com/search.php?q=apples
Alternatively, you can use javascript to set the location.hash of the url in the browser w/ the query information after the postback; I suspect this is actually what Google does.
eg,
yoursite.com/search.php#apples
So the form action would be search.php, the field would be called q and the method would be Get?
You should be able to handle all this from the html form if I'm understanding what it is you're trying to achieve.
if you have a form then must have declared form methoed POST/GET
in you search.php you can simply do this $_POST['name of the input field'] to get the word string,
and if you want to pass variable in url then you need to make a link through Link
I'm working on building a more user-friendly frontend access page in Wordpress for a content library built on ContentDM (http://www.oclc.org/support/questions/contentdm/default.htm). One of the things that was requested as part of the site was a search form that instead of searching Wordpress, goes to the ContentDM library and searches there.
It appears that the search syntax for ContentDM is as follows:
http://libraryID.contentdm.oclc.org/cdm/search/searchterm/INPUT_TERM/order/nosort
With "INPUT_TERM" being whatever the user searched for.
In other words, in order to create a search form that went directly there, I'd have to dynamically insert the contents of the input element into the middle of the "action" attribute of the form.
I'm guessing my best bet is to just send it to a PHP page that sticks $_POST['whatever'] into the URL and does a redirect. But is there in fact a way to do it dynamically from the form (ideally without Javascript) and save a step?
Thanks!
I guess something like this could work:
<form action="" method="get"
onSubmit="location.href='http://libraryID........./'+this.children[0].value+'/order/nosort; return false;">
Search: <input type="search" />
<input type="submit" value="Go" />
</form>
This will redirect the browser to the search page given in the search box, however it's not terribly reliable.
You might want to see if there's a query string "version" of the URL - maybe that search URL is affected by mod_rewrite to "look pretty", and you might be able to have http://libraryID.contentdm.oclc.org/cdm/search as the action, and have the input field named searchterm:
<form action="http://libraryID.contentdm.oclc.org/cdm/search" method="get">
Search: <input type="search" name="searchterm" />
<input type="submit" value="Go" />
</form>
In native PHP I can include a javascript code to change the action of a form sent in case I need to direct the user to which page he selects to go like this
<form action="change.php" method="post" name="form">
<input type="submit" value="Click to Page1" onclick="form.action='page1.php';return true;"/>
<input type="submit" value="Click to Page2" onclick="form.action='page2.php';return true;"/>
</form>
I would like to do the same in case I must use codeigniter or cakephp. Someone could help me with this problem ?
CodeIgniter is a backend technology. What you're writing is front end. You're pretty much all set; there isn't really much for you to change. You could, theoretically use CI's form helper, but it's unnecessary...personally, I never use it.
Unless you've removed the index.php file, change the form.action from page1.php and page2.php to index.php/mycontroller/myfunction.
The whole form idea though is sort of flawed; you don't really need it. Why not just use:
onclick="window.location.replace('index.php/mycontroller/myfunction');"
Then you can remove the form all together.