0

I am trying to get the page to save what data to pull up once I refresh. How I figured I would do this is to just re-pull the $ID variable using PHP. But I can't seem to get it to work.

echo "<center><b><p style='color: green'>Order Status: " . $row['status'] . "</p></b></center><br><br>";
    echo "<center><p>Address: " . $row['address'] . "</p></center><br>";
    echo "<center><p>Telephone: " . $row['tel'] . "</p></center><br>";
    echo "<center><p>Email: " . $row['email'] . "</p></center><br>";
    echo "<center><b><p>Order ID: " . $row['ID'] . "</p></b></center><br>";
    echo "<center><p>Submitted on: " . $row['date'] . "</p></center>";
    echo "<br>\n";
    echo "<fieldset>
      <button onclick='window.location='http://qdeliver.ca/fetchorder.php?id='<?php echo $_GET['ID'];?>' name='refresh' type='submit' id='contact-submit' data-submit='...Refreshing'>Refresh Order</button>
    </fieldset>";

Any help would be appreciated. Thanks!

Alive to die - Anant
  • 70,531
  • 10
  • 51
  • 98
Kris Fallat
  • 1
  • What do you mean by "save the data to pull up"? What do you mean by "re-pull the $ID variable"? What specifically isn't working? – David Nov 08 '17 at 17:55
  • why don't you used form to save data? Also `name attribute` t send all data – Alive to die - Anant Nov 08 '17 at 17:56
  • So I'm trying to take the $row['ID'] info and have it input into the refresh button, so when I refresh it will refresh to .php?id=$ID – Kris Fallat Nov 08 '17 at 17:56
  • Anyone have any idea what can be done here? – Kris Fallat Nov 08 '17 at 18:11
  • So what exactly isn't working in your solution? What is the expected output, and what is the actual output? See [How to create a Minimal, Complete, and Verifiable example](https://stackoverflow.com/help/mcve). – tyteen4a03 Nov 08 '17 at 18:26
  • What isn't working is the variable wont place itself into .php?id=$ID once I hit the refresh button. – Kris Fallat Nov 08 '17 at 18:29

1 Answers1

1

If you check the syntax highlighter on your code, it's clear that your <?php echo $_GET['ID'];?> is part of the string in echo, and won't be run.

Use string concatenation:

echo "<fieldset>
  <button onclick=\"window.location='http://qdeliver.ca/fetchorder.php?id=" .  intval($_GET['ID']) . "\" name='refresh' type='submit' id='contact-submit' data-submit='...Refreshing'>Refresh Order</button>
</fieldset>";

NOTE: Your original code is insecure as not filtering user input will open your script to XSS attacks. I've added an intval() call to ensure the ID will always be an integer.

tyteen4a03
  • 1,812
  • 24
  • 45