0

I need to detect and display my inputs when the value is detected. like for example, I select id 1 and its value is 1000 then 1000 should be in the statement.

Here is my href which submits, and show the value.

<a href="generatecode.php?value=<?php echo htmlentities($row['value']); ?>"><i class="icon-pencil"></i></a>

Here is my code which needs to detect the value .

<?php
           $hiddenVal = $_POST['id']; //GET THE TEXT INPUT

          if ($hiddenVal == '1000'){

          ?>
          <input type="text" value="<?php echo $_GET['value']; ?>" name="id"> 
          <img src="images/topupcard3.jpg" width="400px" height="200px">

          <?php   }  ?>

If statement is not working.

Prafull Ladha
  • 12,341
  • 2
  • 37
  • 58
  • I'm a bit confused, could you explain what are you trying to achieve? what should be inside the condition? – MyLibary Jan 16 '19 at 05:28
  • How is `$_POST['id']` sent? This `value=""` is open to XSS injections. – user3783243 Jan 16 '19 at 05:34
  • @MyLibary i need to display what is inside the condition but theres an error, `undefined index:id` –  Jan 16 '19 at 05:34
  • @MyLibary i just need to validate if the textbox is 1000 then if it is 1000 like in the database then it will display the condition –  Jan 16 '19 at 05:34
  • @user3783243 that is okay sir im just trying something it is not serious. tho i need to solve this problem thank you –  Jan 16 '19 at 05:37
  • @user3783243, the post id is the textbox name `id` –  Jan 16 '19 at 05:38
  • 3
    `$hiddenVal` should be the `$_GET['value']` shouldn't it? ... or that form is submitted to itself and the provided link is unrelated? – user3783243 Jan 16 '19 at 05:42
  • @user3783243 idk why it did worked. but thanks sir. now, can you tell me how can I make it secure so it will not be vulnerbale to sql injections? –  Jan 16 '19 at 05:45
  • `sql injections` or `xss injections`? They are different injections and require different methods to handle correctly. Nothing in the question appears to be related to SQL. For XSS see https://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php and https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet – user3783243 Jan 16 '19 at 05:47
  • Possible duplicate of ["Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP](https://stackoverflow.com/questions/4261133/notice-undefined-variable-notice-undefined-index-and-notice-undefined) – user3783243 Jan 16 '19 at 05:48

2 Answers2

2

You are trying to access the $_POST['id'] param of a $_GET request, I guess the param $_POST['id'] is not available since you call the page generatecode.php via an hyperlink.

please pass the value ID through the URL ($_GET) method

Try below in your hyperlink,

<a href="generatecode.php?value=<?php echo htmlentities($row['value']); ?>"><i class="icon-pencil"></i></a>

<?php
           $hiddenVal = $_GET['value']; //GET THE TEXT INPUT

          if ($hiddenVal == '1000'){

          ?>
          <input type="text" value="<?php echo $_GET['value']; ?>" name="id"> 
          <img src="images/topupcard3.jpg" width="400px" height="200px">

          <?php   }  ?>
  1. Click on the hyperlink with the $_GET param value
  2. Check if the param value is equals to 1000 and show the image

In first step the only param available at generatecode.php is the $_GET['value'], so you have to write the validate to that GET parameter.

I assume that's your requirement.

Praneeth Nidarshan
  • 1,704
  • 15
  • 21
0
                <?php if(isset($_POST['id']) && $_POST['id'] == '1000'):?>
                <input type="text" value="<?php echo (isset($_GET['value'])) ? $_GET['value'] : ""; ?>" name="id">
                <img src="images/topupcard3.jpg" width="400px" height="200px">
                <?php endif;?>

First You need to check the existence of id text field otherwise you will get Undefined index: id. You can Try this.

Taki Elias
  • 127
  • 1
  • 7