How can I keep the URL id on submit?

Question

When I click submit, the data is submitted to the database but the URL id of the book disappears to ----book.php

I want the URL to go back to the id of the page e.g. ----book.php?id=3

Is it possible to keep the first line as action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" and add the value="<?php echo $book_id ?>"?

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
    <input type="hidden" value="<?php echo $book_id ?>" name="book_id" />
    <p>Author: <input type="text" value="<?php echo $_SESSION['author']; ?>" name="author" id="author" readonly /></p>
    <p>Summary: <input type="text" name="summary" value="<?php echo $summary;?>" /></p>
    <p><input type="submit" name="submit" value="Submit" /></p>
    <input type="hidden" name="submitted" value="TRUE" />    
</form>

PHP code:

if (isset($_GET['id'])) {
    $book_id = $_GET['id'];
}

you send your form with POST and try to read GET. you simply have to access $_POST. By the way, its better to use filter_input method than directly access to super globals. — mtizziani, Mar 28 '17 at 12:06

score 0 · Answer 1 · answered Mar 28 '17 at 12:05

0

Please try this code:

// save values in DB

header('Location: book.php?id=' . $book_id);
exit;

answered Mar 28 '17 at 12:05

Michail M.

735
5
11

syck · Answer 2 · 2017-03-28T12:14:38.510

0

You send a POST form but are trying to retrieve a GET value. Additinally, the parameter is named book_id, not id.

Use $book_id = $_POST['book_id'];

if (isset($_GET['id'])) { also won't work, for the same reasons.

edited Mar 28 '17 at 12:14

answered Mar 28 '17 at 12:09

syck

2,984
1
13
23

Thamilhan · Answer 3 · 2017-03-28T12:19:52.937

You can use anyone of these:

PHP_SELF returns just URL. Use REQUEST_URI that returns URL with query string:

<form method="post" action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]);?>">

^{[you can also omit action values - that will have same behavior]}

or if you want just id, then use:

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]) . "?id=" . $_GET['id'];?>">

Note: Use validation wherever necessary. I just gave you an idea.

Jordi Vicens · Answer 4 · 2017-03-28T12:18:28.347

There is no name with "id"

If you want to get the book id:

if (isset($_POST['book_id'])) {
    $book_id = $_POST['book_id'];
}

OR modify the HTML like this:

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
   <input type="hidden" value="<?php echo $book_id ?>" name="id" />

   <p>Author: <input type="text" value="<?php echo $_SESSION['author']; ?>" name="author" id="author" readonly />
   </p>

   <p>Summary: <input type="text" name="summary" value="<?php echo $summary;?>" /></p>

   <p><input type="submit" name="submit" value="Submit" /></p>
   <input type="hidden" name="submitted" value="TRUE" />    
</form>

On the other hand, if you have problems with POST, just modify the first line of HTML for this one:

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]) . "?id=" . echo $book_id; ?>">

The error i get when i add in post: ( ! ) Notice: Undefined variable: book_id Call Stack #TimeMemoryFunctionLocation 10.0019258008{main}( )...\book.php:0 " name="book_id" /> for the line — Lily, Mar 28 '17 at 12:14

score 0 · Answer 5 · answered Mar 28 '17 at 12:11

0

It is because $_SERVER["PHP_SELF"] contains only URL . It does not contain get queries . To solve the problem leave your action empty

e.g

<form method="post" action="">.....

answered Mar 28 '17 at 12:11

Maaz Rehman

674
1
7
20

What do you mean by wrong parameter problem ? @syck – Maaz Rehman Mar 28 '17 at 12:21
theres no parameter problem when i use this – Lily Mar 28 '17 at 12:22
It relies on having the browser send the old URI, if it does not see any action parameter content. That may be the case, or it may be truncated to the script name, or anything else. (We will see whether you still understand this problen half a year later. It is simply bad practice.) If `id` is communicated over the "old" URI, you can probably skip the `book_id` hidden tag. – syck Mar 28 '17 at 12:31
Please refer to this question @syck http://stackoverflow.com/questions/1131781/is-it-a-good-practice-to-use-an-empty-url-for-a-html-forms-action-attribute-a – Maaz Rehman Mar 28 '17 at 12:38
1

If I maay cite: _Note: This step is a willful violation of RFC 3986, which would require base URL processing here. This violation is motivated by a desire for compatibility with legacy content._ – syck Mar 28 '17 at 12:45
Yes. Leaving action empty will also make the form vulnerable to click jacking attack. – Maaz Rehman Mar 29 '17 at 07:45

How can I keep the URL id on submit?

5 Answers5