Add data to $_POST and submit to another page

Question

I'm trying to add a value to $_POST data while it gets submitted to the target page as follows:

post.php

<?php  $_POST['field1'] = "Value1";?>
<html>
<head>
</head>
<body>
    <form method="post" action="catch.php">
        <input name="field2" type="text"/>
        <input type="submit" value="Submit" />
    </form>
</body>
</html>

catch.php

<?php 
foreach ($_POST as $key => $value) {
    echo $key . " : ". $value;
    echo "<br/>";
}
?>

but I cannot catch 'field1' on the other end. I don't want to use a hidden input field. How can I achieve that? Thanks!

You can append it to the query string of the form's `action` attribute, but i'm not sure if that's considered to be a good practice. Why don't you want to use hidden input elements? — Alon Eitan, Feb 18 '16 at 13:03
@Piskvor, I know, but AFAIK you can pass a query string, even when it's a post request — Alon Eitan, Feb 18 '16 at 13:07

Edson Horacio Junior · Answer 1 · 2016-02-18T13:11:47.070

2

When you send the form, the $_POST data is reset and assumes only the inputs inside the form and a possible query string you may have appended to form action.

The best way to accomplish what you want is using hidden field but since you dont want it, you can append a query string to your form action:

<form method="post" action="catch.php?field1=Value1">

edited Feb 18 '16 at 13:11

answered Feb 18 '16 at 13:07

Edson Horacio Junior

3,033
2
29
50

1

OP says he doesnt want to use hidden fields. – Glubus Feb 18 '16 at 13:09

Piskvor left the building · Answer 2 · 2016-02-18T13:31:54.757

2

You're not submitting field1 anywhere. What happens is this:

post.php generates a HTML page (one that doesn't contain any reference to field1)
the user's browser renders the page
on submit, only the elements inside the form are submitted
catch.php receives the elements submitted above.

In other words, you need to get that value into your form:

<form method="post" action="catch.php">
    <input name="field2" type="text"/>
    <input name="field1" type="hidden" value="<?php echo htmlspecialchars($_POST['field1']) ?>"/>
    <input type="submit" value="Submit" />
</form>

There is no other way to get the value into your POST data, if it's not present in the form. What you could do as a workaround is store the data in GET (size limit), session (concurrency issues - what happens when the user has two tabs open, each with different session data?), or cookies (size limit AND concurrency issues).

edited Feb 18 '16 at 13:31

answered Feb 18 '16 at 13:07

Piskvor left the building

91,498
46
177
222

2

The OP wrote _I don't want to use a hidden input field._ (Although hidden input is the best solution) – Alon Eitan Feb 18 '16 at 13:08
I must have missed that :( However, that means the question cannot be answered, as **there's no other way** to get the data there. The state needs to go someplace else then, which gets tricky: GET has length limits, cookies and sessions might have concurrency issues ("multiple tabs open, now what?"). – Piskvor left the building Feb 18 '16 at 13:10

score 0 · Answer 3 · answered Feb 18 '16 at 13:08

You can't do it this way. If you want to send the data you're trying to add to the POST there only through the users form, you are forced to also store it somewhere client side (e.g. a hidden field or a cookie). What you're doing right now is setting some value into the POST variable, but it gets overridden by the users form post (or rather the $_POST variable you're using after the form post is another instance).

What you could do instead to keep it serverside is save the value in the variable to the session of the user, then in the form post action server side get the value again (given the fact that you're using sessions). Lastly you could just store it in some table in a database, though I wouldn't do this.

score 0 · Answer 4 · answered Feb 18 '16 at 13:11

Since $_POST are data sent by post method to script, you can not use it for another request directly. You need to compose and send another post request. The easiest way for you will be to use hidden input field/s.

Or you can choose another approach to make http post request, for example curl methods.

If you don't need data to be given by post method, you can save it in session, for example.

score 0 · Answer 5 · answered Feb 18 '16 at 13:12

0

try this: in post.php

 <?php  $_SESSION['field1'] = "Value1";?>
    <html>
    <head>
    </head>
    <body>
        <form method="post" action="catch.php">
            <input name="field2" type="text"/>
            <input type="submit" value="Submit" />
        </form>
    </body>
    </html>

in catch.php

    <?php 
if(isset($_SESSION['field1']))
{
$_POST['field1'] = $_SESSION['field1'];
unset($_SESSION['field1']);
}
    foreach ($_POST as $key => $value) {
        echo $key . " : ". $value;
        echo "<br/>";
    }
    ?>

Make sure you have started the session. Note: you must use hidden elements or query string as other user suggested.

answered Feb 18 '16 at 13:12

Faiyaz Alam

1,191
9
27

I'd like to pass a semi-sensitive data to the target page which I don't want it to appear on the first page source. If there seems no other way may be best is to encrypt it and then use a hidden input field. Using session will serve as such? What can you say about it? – Serhan BAKIR Feb 18 '16 at 13:26
1

as per my answer there is no way that the data will appear on first page. Is it correct? – Faiyaz Alam Feb 18 '16 at 13:35

Add data to $_POST and submit to another page

5 Answers5