Accessing form input with HTML

Question

I have an HTML form that is queried with PHP to search for animals: animals.php

Everything works great however I was wondering if I can also access the form with an HTML anchor tag. So when you click:

<a href="">giraffe</a>

it will query the DB for a giraffe through animals.php.

 <form  method="post" action="s.php?go"  id="searchform">
   <input class="search" type="text" name="heyworld">
   <input class="button" type="submit" name="submit" value="Search">
 </form>

My PHP query works like this:

if(isset($_POST['submit']) && isset($_GET['go']) && preg_match("/^[  a-zA-Z0-9#@]+/", $_POST['msg'])){
//query the db
//echo the results

would you be able to access it by having the a href="animals.php?go=giraffe">giraffe ?? — uneducatedguy, Apr 27 '13 at 07:43
no unfortunately i believe it doesn't work like that in this case — user1775570, Apr 27 '13 at 07:44
it WOULD work, if you made the PHP script accept all data by GET instead of POST (which would make it simpler than the answer I posted below) — Dragos Bobolea, Apr 27 '13 at 07:49

score 3 · Accepted Answer · edited May 23 '17 at 12:12

(edit) FIRST OF ALL: Your PHP is unsafe: please take a couple minutes and read about SQL injection: How can I prevent SQL injection in PHP?

Since you need to POST your data to the script, a simple HREF won't do the job. However, you CAN:

Make another small, invisible form wrapper with an invisible text field with "giraffe" as default value, and make the submit as text

<form  method="post" action="s.php?go"  id="searchform">    
    <input class="search" type="hidden" name="heyworld" value="giraffee" />   
    <input class="button" type="submit" name="giraffee" value="Search" />  
</form>

Now, for the actual HREF you have 2 options: CSS the button to make it identical to a link, or make it a link, which will submit the (hidden) form with form.submit()

Here's a link explaining this: How to HTTP POST from a link without JS

(edit) If you want to do it with GET, you just switch the global you take your data from in the script(note that this is STILL UNSAFE CODE, but I haven't written PHP in a couple years so I better leave the tutoring to someone more qualified), and modify your HTML form to submit data by GET:

if(isset($_GET['submit']) && isset($_GET['go']) && preg_match("/^[  a-zA-Z0-9#@]+/", $_GET['msg']))

now your HREF can go to s.php?go&submit&msg=giraffee - note that for the way your script is made noe, you need to send submit (empty string is ok, since you only check isset() or something like that :)

edited answer, it was too important to be left in a comment :) — Dragos Bobolea, Apr 27 '13 at 08:05
(don't warry Dragos i did indeed sanitize the php on input and on output, just dummed down the question to make it more fun :D- thanks for the help ! ) — user1775570, Apr 27 '13 at 08:06

Accessing form input with HTML

1 Answers1