-1

I am trying to input submit value and want to pass the value to another page through GET but for that I have to use two Clicks button.

I want the same in a single click. Help required.

Code:-

<form method="post">
<input name="inwardid" type="text" id="inwardid" />
<?php $inwardid = $_POST['inwardid']; ?>
<input type="submit" value="Next" />
</form>
<a href="addbook.php?up=<?php echo $inwardid; ?>"><button>Proceed</button>
Ronit
  • 57
  • 9
  • Why don't you just use a form with the action of the 2nd page and method GET? – Devon Bessemer Jul 15 '18 at 16:06
  • how to use `GET` with action? – Ronit Jul 15 '18 at 16:08
  • `
    ` Might want to look up the HTML tags you are using so you understand them
     – Devon Bessemer Jul 15 '18 at 16:14
  • I posted an answer and then I reread your code, and it does not make sense... As coded, when you click on submit, it will return to the same page and pass it $_POST['inwardid'] = value the user typed. Do you expect $_POST to contain the value the instant the user types something? $_POST['inwardid'] will only contain a value after it is submitted once. Then you can use it in the href. But the "real" way to do this is to modify your form like @Devon said above. Or read a good tutorial on
    and it's uses.
     – Nic3500 Jul 15 '18 at 16:16
  • @Devon I tried but not successful. Can you please rewrite the code in your way so that I can try? – Ronit Jul 15 '18 at 16:17

2 Answers2

1

You want to send the value the user typed in to the other page. So use this for your <form>:

<form method="POST" action="addbook.php">
    <input name="up" type="text" id="up">
    <input type="submit" value="Proceed">
</form>

To access the value in addbook.php, use $_POST['up'].

This will send the value the user typed in the input label (type="text") to the addbook.php page, using a $_POST. No need for a $_GET, $_POST will do just fine.

Nic3500
  • 8,144
  • 10
  • 29
  • 40
1

As you deliberately asked for method GET, my solution shows you GET!

You must know there is no security issue when using GET. It depends what you want to do. GET is useful if you want to use a dynamic code in multiple ways depending on some some variables that you do not want to hard-code in your script, or simply do not want to send files or other huge data.

Lets admit a newspaper has a site called breaking_news.php and you want to access the breaking news of November 8, 2016you could use this as :

breaking_news.php?y=2018&m=11&d=08

The fact that one can see your GET vars means nothing. Even by using POST one can see your variables by looking at your code. And one way or the other you must protect against code injection and brute force.
But if your not in the mood to show this vars to your visitor you can use URL rewriting to rewrite the url above in the browser as

RewriteRule ^breaking/(.*)/(.*)/(.*)/news\.html$  breaking_news.php?y=$1&m=$2&d=$3 [NC,L]

so you send your visitor to see the (rewritten)URL 

breaking/2018/11/08/news.html

but what the web-server is showing him is: 

breaking_news.php?y=2018&m=11&d=08

A reason to use this if for example when you want your dynamic site to be taken into consideration by some searching engine as a static site, and get indexed. But this is again another battle field.

Second, you want to send the variable to "addbook.php", and not to itself.
Your question sounded like you want to send to "another page" not to the same page.

Third, I can see in your code snippet you want to submit the variable "up" and not "inwardid", as you did in your code.

And also I can see you want the "submit" button to be called "Proceed". Your code would look like this:

<form method="GET" enctype="application/x-www-form-urlencoded" action="addbook.php" target="_blank">
<input name="up" type="text" id="inwardid" />
<input type="submit" value="Proceed" />
</form>

As I said you must protect against injection, and this means for example, that in the "addbook.php",to whom you are sending the variables you must write some code that protects you against this issues. As your question is not in this direction I will not enter this subject.

To avoid problems with special chars you must "url-encode" your variable specially when sending them per POST method. In this case you must use this enctype if your handling text. Because this enc-type is transforming special chars into the corresponding ASCII HEX-Values.

Using GET your safe, because GET cant send in another enc-type. So your variable will automatically be url-encoded and you receive a string that is compliant to RFC 3986 similar by using: 

rawurlencode($str)

Lets admit someone smart guy fills in a your input box the following code, in the desire to break your site. (This here is not exactly a dangerous code but it looks like those who are.)

<?php echo "\"?> sample code in c# and c++"; ?>

using enctype="application/x-www-form-urlencoded" this will become something like this:

%3C%3Fphp%20echo%20%22%5C%22%3F%3E%20sample%20code%20in%20c%23%20and%20c%2B%2B%22%3B%20%3F%3E

what makes it safe to be transported in a URL, and after receiving and cleaning it using 

strip_tags(rawurldecode($_GET['str']))

it would output something like this, what is a harmless string.

sample code in c# and c++
  • This doesn't seem correct to me, I'm perceiving this to just be a copy paste that you aren't certain solves the problem. – Ryan Kozak Jul 15 '18 at 16:23
  • 1
    As I can read in the question he is deliberately asking for GET, read the question again: "I am trying to input submit value and want to pass the value to another page through GET". and NO its no bad advice to use GET, as there is no known vulnerability. Even using POST you may be exposed to injection or brute-force. –  Jul 15 '18 at 16:40
  • @Nic3500 you are right that there are two times `method=get, and target="_blank"` which is not required but anyway it solves my issue. Thanks everyone. – Ronit Jul 15 '18 at 16:48