How to change the get method url in php. Here is my code
<form method="get" action="offers.php">
Name :<input type="text" name="name"><br>
Subject : <input type="text" name="sub"><br>
<input type="submit" value="Submit">
</form>
and in offers.php file code
<?php
$name = $_REQUEST['name'];
$subject = $_REQUEST['sub'];
?>
After giving the input values shows url "http://localhost/htaccess/offers.php?name=raj&sub=kumar" but i want to show the url is http://localhost/htaccess/raj/kumar. How to solve this issue. how to convert this url. Here raj and kumar are input given values not for default.
Hmm, you have a couple of things going on. First, to get rid of the ?name=raj&sub=kumar string on your URL
Use POST not GET
<form method="POST" action="offers.php">
Name :<input type="text" name="name"><br>
Subject : <input type="text" name="sub"><br>
<input type="submit" value="Submit">
</form>
Next, you have a whole other world of questions in using rewrite rules to make offers.php change to raj/kumar. Try a few of these links to get you there:
Reference: mod_rewrite, URL rewriting and "pretty links" explained
Pretty URLs with .htaccess
How to write htaccess rewrite rule for seo friendly url
The basic premise is this:
offers.php will still be requested until you change your form to look like this:
<form method="POST" action="raj/kumar">
Name :<input type="text" name="name"><br>
Subject : <input type="text" name="sub"><br>
<input type="submit" value="Submit">
</form>
but that won't work until you htaccess and mod_rewrite working for you to "rewrite" that raj/kumar url to be "handled" by offers.php
Change get to post.
Change $_REQUEST to $_POST
Also, put the $_POST data within a conditional, like:
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$name = $_POST['name'];
$subject = $_POST['sub'];
} else {
// form was not posted
}
Related
I am getting the result of signgen() as a value of input field with id="sign" onload. Is there any easy way to get this value as md5?
I think I've seen all of the stackoverflow answers but they all seem to be too complicated for this easy task.
Is there a way to us php md5() function?
Thanks a lot for any help on that.
<html>
<body onload="signgen()">
<form action="url" method="post" class="form">
<input type="text" name="session_id" id="session_id" value="<?php
echo uniqid();?>" /> <br>
<input type="text" name="sign" id="sign"/> <br>
<input name="submit" value="wyĆlij" type="submit" /> <br>
</form>
<script>
function signgen(){
var sessionid = document.getElementById('session_id');
var mix = sessionid.value + "|abcde";
document.getElementById('sign').value = mix;
}
</script>
</body>
</html>
Thanks for the answers. They put me on the right tracks.
What I finally did is after posting a form with action to another php file I used the data from the form via $_POST added salt (ie. "|abcde") then used the md5 function to create the hash.
I am using simple HTML/AJAX/PHP script.
<form id="new_user" action="" method="post">
<div class="col-md-3 form-group">
<label for="username">Username</label>
<input type="text" class="form-control" name="username" id="username" required>
</div>
<div class="col-md-3 form-group">
<label for="city">City</label>
<input type="text" class="form-control" name="city" id="city" required>
</div>
<input type="button" name="button1" value="Done" class="btn btn-success" onClick="aa();"></button>
</form>
<div id="d1"></div>
When the button is clicked:
<script type="text/javascript">
function aa()
{
var xmlhttp=new XMLHttpRequest();
xmlhttp.open("POST","ins.php?username="+document.getElementById("username").value+"&city="+document.getElementById("city").value,false);
xmlhttp.send(null);
document.getElementById("d1").innerHTML=xmlhttp.responseText;;
}
</script>
My ins.php file:
<?php
$username_safe = htmlspecialchars($_GET['username']);
$city_safe = htmlspecialchars($_GET['city']);
echo $username_safe . " " . $city_safe;
?>
How to secure the ins.php file (or even the entire form) so that the client wouldn't be able to post variables from URL field, like: http://www.example.com/ins.php?username=aaa&city=bbb
Directly referencing your question:
How to secure the ins.php file (or even the entire form) so that the client wouldn't be able to post variables from URL field, like: http://www.example.com/ins.php?username=aaa&city=bbb
This is already being done as passing parameters in the URL is a GET request, you've set your form up to be a POST submitted form in the line:
<form id="new_user" action="" method="post">
So just don't look at the $_GET super global array. Look at $_POST instead. Better yet use the filter_input() function correctly e.g.: $username_safe = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
Generate an id which is only valid for a certain amount of time (say 15 minutes). Build your form with php, and include this ID inside a <input type="hidden" value="<?=$id?>">
Send this ID back to the server, and check in PHP if this ID is allowed to submit this form.
It appears as though you are sending your vars by POST vice GET, so this really shouldn't be an issue. Barring using either of these methods, you could also send the vars as session data but this becomes cumbersome to set/unset the session vars.
This question already exists:
How to send data from Domain 1 input type='text' to Domain 2 input type='text' [closed]
Closed 8 years ago.
How can i insert a value to another domain (not have access to this domain) textbox, from filling a form from my domain?
Form in my domain:
<form action="" method="post" name="birthdaysend">
<input type="text" value="" name="birthday" >
<input type="submit" value="submit">
</form>
Where this value will be shown in the other domain textbox (where i do not have access)
<form action="" method="post" name="birthdayreceive">
<input type="text" value="" name="birthdaydate" >
<input type="submit" value="submit">
</form>
When i fill birthday date from my form, on submit the same date to be shown in this other textbox where i do not have access.
Imagine the other domain is your visitor's online banking and that the text box is where you put the account number to transfer money to.
Now, for obvious security reasons, what you want it entirely impossible.
After you received your own form from your server, you need to mimic a browser to request the page from other domain, and submit that form using your own code.
One example I think is cURL extension
PHP can post data to other domains by using the cURL extension
On form submit, you could get a $_GET or turn the $_POST into a $_GET,
Send the $_GET to another domain like
www.otherdomain.com/index.php?textbox=
then from the textbox on the other domain
<textarea><?php echo $_GET['textbox']; ?></textarea>
or
<input type="text" name="name" value="<?php echo $_GET['textbox']; ?>" />
Im not really for sure what your trying to accomplish, I hope this gives you and idea to what exactly im getting at here. Or my other result is to use cURL, so the other domain can get the information from the other server.
I am new to HTML. I have got an URL in the following format:
dosomething?param1=abc¶m2-xyz
This URL is guaranteed to be valid.
How I have got an HTML page with a button on that. What I want to do is to send a GET request to the URL by clicking the button.
I have tried this:
<form method="GET" action="dosomething?param1=abc¶m2-xyz">
<button>DO Something</button>
</form>
The problem is that the parameters are missing on the server side.
What is the proper way to do this? I cannot make an Ajax call on this as it will be a file downloading action and people told me that it won't work with Ajax.
Javascript solution is OK for me.
Please help.
You dont need Javascript for this as you can simply form your request like
<form method="GET" action="dosomething">
<input type="hidden" name="param1" value="abc">
<input type="hidden" name="param2-xyz" value="">
<input type="submit" value="DO Something">
</form>
see http://www.w3schools.com/html/html_forms.asp
Of course you could also use Javascript, you might want to look into using JQuery with http://api.jquery.com/jQuery.get/
see also HTTP GET request in JavaScript?
Furthermore, out of interest, what did "people" tell you about "Ajax won't work"?
The GET paramaters are passed by the input tag. This is a proper way :
<form method="GET" action="dosomething.php">
<input type="text" name="customparam" />
<input type="hidden" name="param1" value="value1" />
<input type="hidden" name="param2" value="value2" />
<input type="submit" />
</form>
When you will click on the submit button, you will be on dosomething.php?customparam=whatiwrote¶m1=value1¶m2=value2
On your page "dosomething.php", you can access these params with that :
<?php
$customparam = $_GET['customparam'];
$param1= $_GET['param1'];
$param2= $_GET['param2'];
echo "The value of param1 is : ".$param1;
?>
If the params don't move, you can also put them in a link directly with :
<a href="dosomething.php?param1=value1¶m2=value2" >My link </a>
Helo friends, my code:
<form>
<input type="text" placeholder="name">
<input type="text" placeholder="email">
<input type="password" placeholder="pw">
<button type="button" id="insert">Insert</button>
</form>
My JavaScript file:
$('#CadAdmin').click(function(){
$('input').each(function(){
$.post('/require/jp/insert.php',{
dataUser:$(this).val()
},function(res){
alert(res);
})
})
});
My insert.php file:
extract($_POST);
print dataUser;
Here, its show all data, ok but, I want to get separete data, for ex:
//print dataUser
print $name.' '.$email.' '.$pw;
The $_POST variable is an array (see $_POST on php.net). This means you can access the inner content like this $_POST['index'].
For you this would mean that you have to use the form input names with $_POST. This gives you $_POST['name'], $_POST['email'] and $_POST['pw']. These variables contain the input from the form.
Note that just printing/echoing these variables to your website you might have some problems with XSS, you can check this answer or this one (both from other questions) for on how to prevent something like that from happening.
EDIT (after comment):
I suggest you to change (or even remove) your javascript code. Because you are using $('input').each() you are currently sending 3 separate POST requests to /require/jp/insert.php, this means the data is handled separately. If you were to change that, your inputs do not have a name, that is why extract() doesn't work, the data within $_POSTisn't set to a specific 'variable' to use after extract().
I suggest you change your code to something like this:
(somehtmlpage.html?):
<form method="POST" action="/require/jp/insert.php">
<input type="text" name="name" placeholder="name">
<input type="text" name="email" placeholder="email">
<input type="password" name="pw" placeholder="pw">
<input type="submit" id="insert">Insert</input>
</form>
(insert.php):
extract($_POST);
print $name.' '.$email.' '.$pw;
What this does is exact the same, without javascript (and the 3 POSTs). Since your data is now within the 'same' $_POST you can use the names (from the input fields, 'name=....') after extraction.
You need to define the name (not the placeholder) of each input, then serialize the form data before posting it to your insert.php script.
First, add name attribute to your elements to catch their values after form submit:
<input type="text" placeholder="name" name="name">
then you can get those values like this:
$name = $_POST['name'];