0

So I am using HTML and PHP to build out a form that will take in two parameters and then call an API and build out a form.

So here is the HTML:

<div class="login-page">
  <div class="form">
    <span>Enter the Customer Load Number and Pickup Zip Code, then click "Submit" to track your shipment.</span>
      <form action="#" method="GET" style="margin-top: 20px">
      <!-- <label for="reference">Customer Load Number:</label> -->
      <input type="text" id="reference" name="reference" placeholder="Customer Load Number" value="<?php echo !empty($_GET['reference']) ?htmlspecialchars($_GET['reference']) :''; ?>" required="" />
      <!-- <label for="zipcode">Pickup Zipcode:</label> -->
      <input type="text" id="zipcode" name="zipcode" placeholder="Pickup zipcode" value="<?php echo !empty($_GET['zipcode']) ?htmlspecialchars($_GET['zipcode']) :''; ?>" required="" />
      <input type="submit" name="submit" value="Submit" style="margin-top: 20px; justify-content: center" />
    </form>
  </div>
</div>

Then once the Customer Load Number and Zipcode are inputted and the user submits the form, it will load and execute some PHP w/ HTML output:

<?php if (isset($_GET['submit'])) {
    $reference = sanitize_text_field($_GET['reference']);
    $zipcode = intval($_GET['zipcode']);

    $curl = curl_init();
    $link = "https://example.net/customer-portal/tracking?reference=$reference&postalCode=$zipcode";
    curl_setopt_array($curl, [
    CURLOPT_URL => "$link",
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => "GET",
    CURLOPT_POSTFIELDS => "------WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"Reference\"\r\n\r\n2889615\r\n------WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"postalCode\"\r\n\r\n35956\r\n------WebKitFormBoundary7MA4YWxkTrZu0gW--",
    CURLOPT_HTTPHEADER => [
        "AccountId: si",
        "Authorization: Basic d2Vic-----",
        "Postman-Token: 0fdfa047-----",
        "cache-control: no-cache"
    ],
    ]);
    $response = curl_exec($curl);
    $err = curl_error($curl);
    curl_close($curl);
    $response = json_decode($response);

    if ($response->Data === null) {
        $message =
            '<p style="text-align: center; margin-top: -50px; margin-bottom: 60px;">The provided Customer Load Number and <br/>Pickup Zipcode combination could not be validated.</p>';
        echo $message;
    } else {
        $data = $response;
    }
}
?>

The Problem:

When the user submits the form, it will build the following params and submit the form: https://example.com.test/customers/?reference=P337574&zipcode=50219&submit=Submit#

How could I have the option to have the form submit, but exclude the submit param, so I would like the form to submit using the following params: https://example.com.test/customers/?reference=P337574&zipcode=50219

When I currently remove the submit, the form does not automatically submit.

I have tried inputting the submit param and also removing it.

Map
  • 3
  • 2

1 Answers1

0

Remove the "name" attribute from your Submit button. Elements with a name will be included when submitting a form. See here: https://www.w3schools.com/tags/att_input_name.asp

Adding additional information based on comments.

Typically, you would use POST if you need to check if a button has been clicked. POST will not append fields to the URL. A user posted a great explanation on this post and included an option for how to use GET if you need to (quoted below):

What about <form method="GET" ? The reason we can use $_SERVER['REQUEST_METHOD'] === 'POST' to detect a form POST is because POST is deliberate, while GET is not - GET is the default. So, using $_SERVER['REQUEST_METHOD'] === 'GET' would be unreliable, because someone may just be loading the page/url, and not actually submitting a form, as the browser will use GET in either scenario because it is the default request method.

There's a variety of different ways to reliably detect a GET form submission, but a simple and reliable method is to just add to the form, and then instead of using if ($_SERVER['REQUEST_METHOD'] === 'POST') do if (isset($_GET['submitted'])) to detect form submission. The code detecting which button was pressed stays the same as it was for POST.

How can I tell which button was clicked in a PHP form submit?

You can also parse the URL to remove the parameter, which is kind of a dirty hack, but will work. See post here: Strip off specific parameter from URL's querystring

Or you can update your form "action" to go to another PHP page when submitted. This will count as your "if" statement, and you can embed your PHP code in that page. https://www.w3schools.com/php/php_forms.asp

rphello101
  • 1,671
  • 5
  • 31
  • 59
  • Thanks @rphello101, I just tried that and it is not submitting, it has to be in relation to `if (isset($_GET['submit'])` - How can I create a if statement to check when a user submitted the form without having a _GET now? – Map Mar 04 '23 at 04:13
  • Well here's the long and short of it - in order to check your "submit" as a variable, it has to have a name. If you give it a name, it will appear in your URL. Your options are to 1) attempt to remove the parameter from the URL by parsing the URL string or 2) use a POST method, which doesn't use URL parameters by default. Option1 is possible, though not a very clean method. You're likely better off fixing your endpoint to ignore the Submit parameter. If you do want to go option 1: https://stackoverflow.com/questions/4937478/strip-off-specific-parameter-from-urls-querystring – rphello101 Mar 04 '23 at 04:25
  • Just another option perhaps, you can set your "
    is clicked, it will call your submit.php page. This essentially acts as your "if" statement, so you can then have the rest of your code in that PHP page. That would allow you to omit the name on your submit field.
     – rphello101 Mar 04 '23 at 04:30
  • This post gives a really good explanation of how to detect if a button is pressed and why you typically use POST. It also does have a suggested method for using GET if you need to: https://stackoverflow.com/questions/2680160/how-can-i-tell-which-button-was-clicked-in-a-php-form-submit – rphello101 Mar 04 '23 at 04:34
  • Thanks @rphello101, the reason I went with GET instead of POST is to retain the query parameters in the URL, as POST does not save them for me. – Map Mar 04 '23 at 04:59