$_GET['page'] doesnt go through

Question

I've got a little issue with my forms, and I was just hoping you could have an answer to my problem. Basically, there is an index.php which contains the pages header, footer, and between those, I've put a require $_GET['page'].'.php'; All my pages have links going to index.php?page=pagename, and it's been working almost perfectly. My only issue is that the page variable doesn't go through forms which send other variable through $_GET, although if the form is empty or has variables going to the next page through $_POST, it will work great. whenever I try to pass $_GET['page'] through to an other page using the url right into the action quotes, it just wont work, the form variables will show in the var_dump() but page will not. Here is the code, which is in my opinion really not that important.

index.php :

if (!isset($_GET['page'])) //This returns TRUE
{
echo redirect_tempo(500, 'index.php?page=home');    
}
    elseif ($_GET['page']=="index") 
    {
    echo redirect_tempo(500, 'index.php?page=home');        
    }
        elseif (file_exists($_GET['page'].".php"))
        {
        require $_GET['page'].'.php';
        }
            else 
            {
            echo redirect_tempo(500, 'index.php?page=404');
            }

test.php

<form action="index.php?page=test" method="GET">
Obtenir les disponibilités des hôtels pour la date suivante : 
<input type="text" name="date" size="12" id="inputField" /><br /><br />
<input type="submit" value="Rechercher" />
</form>

In that case var_dump will only show $_GET['date']

I'm pretty sure it's a well known bug and pretty stupid mistake, but I really couldnt find anything on the internet (not easy to look for...)

Thank you so much for your help :)

Bastien

Just a note: `require $_GET['page'].'.php';` can lead to some serious security vulnerabilities - I would recommend finding another way to include files. Simply, you can make a list of _valid_ `$_GET['page']` results and check against that list and ignore otherwise. — RageD, Jan 07 '13 at 00:30
Well if(file_exists()) would return false if somebody was tryin to access some other file. And to be honest with you, I'm not skilled enough to find an other way to do this. Thanks anyway for the heads up :) — user1711820, Jan 07 '13 at 00:37
See http://stackoverflow.com/questions/3548795/html-form-why-action-cant-have-get-value-in-it — Gabriele Petrioli, Jan 07 '13 at 00:37

score 2 · Accepted Answer · answered Jan 07 '13 at 00:31

2

If you using GET method, then only form elements will be appended to link. GET parameters from form action will be ignored. Try this:

<form action="index.php" method="GET">
    <input type="hidden" name="page" value="test" />
    Obtenir les disponibilités des hôtels pour la date suivante : 
    <input type="text" name="date" size="12" id="inputField" /><br /><br />
    <input type="submit" value="Rechercher" />
</form>

answered Jan 07 '13 at 00:31

Glavić

42,781
13
77
107

@user1711820 please select this answer as correct if it is the correct answer to your question – Justin White Jan 07 '13 at 00:43

score 0 · Answer 2 · answered Jan 07 '13 at 00:30

0

Try adding a hidden input field.

<input type="hidden" name="page" value="test" />

answered Jan 07 '13 at 00:30

Boundless

2,444
2
25
40

score 0 · Answer 3 · answered Jan 07 '13 at 00:41

Try leaving the action field empty and sending the GET variable through a hidden input field, that might solve your problem.

<form action="" method="GET">
Obtenir les disponibilités des hôtels pour la date suivante : 
<input type="text" name="date" size="12" id="inputField" /><br /><br />
<input type="hidden" name="page" value="test"/>
<input type="submit" value="Rechercher" />
</form>

$_GET['page'] doesnt go through

3 Answers3