Add form action

Question

I am trying to make when i submit to go again to index.php?page=servers but when i submit the form redirect is index.php? but in action is index.php?page=servers how can i fix this ?

<form class="form-horizontal" action="index.php?page=servers">
<fieldset>
<legend>Add server</legend>
<div class="form-group">
<label for="inputEmail" class="col-lg-2 control-label">IP</label>
<div class="col-lg-10">
<input type="text" class="form-control" id="ipserver" placeholder="IP Adress">
</div>
</div>
<div class="form-group">
<label for="inputPassword" class="col-lg-2 control-label">Port</label>
<div class="col-lg-10">
<input type="text" class="form-control" id="portserver" placeholder="Port">
</div>
</div>
<div class="form-group">
<label for="select" class="col-lg-2 control-label">Type</label>
<div class="col-lg-10">
<select class="form-control" id="select">
<option>Half-Life (Counter-Stricke)</option>
<option>Minecraft</option>
</select>
</div>
</div>
<div class="form-group">
<div class="col-lg-10 col-lg-offset-2">
<button class="btn btn-default">Cancel</button>
<button type="submit" id="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</fieldset>
</form>

And php

if(!empty($_POST['submit'])){
$ip_server = $_POST['ipserver'];
$port_server = $_POST['portserver'];
if ($ip_server == NULL || $port_server == NULL){
echo 'Моля попълнете всички полета.';
}else{
$type = "halflife";
$zone = 0;
$disabled = 0;
$status = 1;
$sql = ("INSERT INTO `lgsl` (type, ip, c_port, q_port, zone, disabled, status) VALUES ('$type', '$ip_server', '$port_server', '$port_server', '$zone', '$disabled', '$status')");
$result = mysql_query($sql);
echo 'Сървъра е успешно добавен!';
}
}

**warning** your code is extremely vulnerable to sql injection attacks! — Daniel A. White, Dec 02 '14 at 17:51
I know that i will fix it but first I want the code o works :). — Даниел Димитров, Dec 02 '14 at 17:53
You have no code here that should be bringing you to index.php?. Can you provide the contents of your .htaccess file? — Mikel Bitson, Dec 02 '14 at 17:53

score 1 · Accepted Answer · edited May 23 '17 at 10:33

1

What is the default form HTTP method?

You need to add an attribute to the form tag to turn it into POST based on your code.

<form method="POST">

$_POST vs. $_SERVER['REQUEST_METHOD'] == 'POST'

To validate the request, use:

if( $_SERVER["REQUEST_METHOD"] == "POST" ) // or GET, if appropriate

If you had intended to use GET, you could add a hidden element with the name "page" and the value "servers".

 <input type="hidden" name="page" value="servers" />

edited May 23 '17 at 10:33

Community

1
1

answered Dec 02 '14 at 17:54

phpmeh

1,752
2
22
41

My bad i forget about it but when i submit i don`t see my echo if the input is null? – Даниел Димитров Dec 02 '14 at 17:57
Use the server request method to validate it. I edited the answer. – phpmeh Dec 02 '14 at 17:58

score 0 · Answer 2 · answered Dec 02 '14 at 18:04

if(isset($_POST['submit'])){
  $ip_server = mysql_real_escape_string($_POST['ipserver']);
  $port_server = mysql_real_escape_string($_POST['portserver']);
  if ($ip_server == NULL || $port_server == NULL){
    echo 'Моля попълнете всички полета.';
  } else {
    $type = "halflife";
    $zone = 0;
    $disabled = 0;
    $status = 1;
    $sql = "INSERT INTO `lgsl` (type, ip, c_port, q_port, zone, disabled, status) VALUES ('$type', '$ip_server', '$port_server', '$port_server', '$zone', '$disabled', '$status')";
    $result = mysql_query($sql);
    echo 'Сървъра е успешно добавен!';
  }
}

I added the mysql_real_escape_string to prevent code injections.

Also use method="post" in your form tag like this <form method="post">

slevy1 · Answer 3 · 2014-12-02T19:29:23.047

You may have the action value that you'd like, as the following HTML indicates:

<form name="myform" action="testform.php?query=string" method="POST">
<input name="data" type="text">
<input type="submit">
</form>

The way your form is currently set up, by default, it results in a GET request. However, your PHP tests for a form submitted as a POST request! If you really intend to submit the form as a POST request then you must specify that in the action attribute as action="POST". Then, change your test of the submitted form to check whether the POST has a value or not, as follows:

<?php
if (isset($_POST) && $_POST != null){
   echo ( htmlentities( $_SERVER['QUERY_STRING'] ) );  // adding more security
}
?>

Note: when the method is POST, the portion ?query=string does not reflect a GET variable but rather a QUERY_STRING. When this form is submitted it redirects to testform.php?query=string.

Incidentally, a handy function for parsing the resulting query string is parse_str and you can use it to create a variable or an associative array that contains the "string" value, as follows:

<?php
$qs = htmlentities( $_SERVER['QUERY_STRING'] );
$str = substr( $qs, 1 ); // remove the '?'

// array option
parse_str( $str ,$arr);
echo $arr['query'],"\n";  

// variable option
parse_str( $str );
echo $query;

See http://3v4l.org/DC27Y

Add form action

3 Answers3

Linked

Related