Jump to content


Photo

Redirect to same page


  • Please log in to reply
4 replies to this topic

#1 greg

greg
  • Members
  • PipPipPip
  • Advanced Member
  • 49 posts

Posted 08 October 2006 - 02:30 PM

Hello,
In this form, how can I go to the same page number when the results are more than one page?
Thanks
Greg
<form name="eachrow" action="visitors.php?listing=id-desc&page=" method="POST">
          <input type="hidden" value="<?=$visitors['browser_id']?>" name="DeleteOneRow">
			<td class="VisitorTableContent" align="center" valign="top">
			 <input type="submit" value="delete">
	          </form>


#2 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 08 October 2006 - 02:32 PM

dont get it mate sorry.


Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#3 shiny_spoon

shiny_spoon
  • Members
  • PipPip
  • Member
  • 26 posts
  • LocationCanada

Posted 08 October 2006 - 04:20 PM

Couldn't you simply spit out the page number in the form's action?

Like so:


<?php $page = $_GET['page']; /* Or $_SESSION['page']? Whatever you are using... */ ?>

<form name="eachrow" action="visitors.php?listing=id-desc&page=<?php echo $page; ?>" method="POST">
  <input type="hidden" value="<?php echo $visitors['browser_id']; ?>" name="DeleteOneRow">
  <td class="VisitorTableContent" align="center" valign="top">
  <input type="submit" value="delete">
</form>



#4 daiwa

daiwa
  • Members
  • PipPip
  • Member
  • 21 posts

Posted 08 October 2006 - 06:50 PM

Not to be the security police but i think its important that when giving out advice we take the habbit to include the nessesary security precautions one must take while doing this: in this case we need to use htmlspecialchars() to make sure we protect ourselves against XSS attacks. (of course if your browser id comes from a user input you'd need to do the same)

<?php $page = $_GET['page']; /* Or $_SESSION['page']? Whatever you are using... */ ?>
[color=red]$page = htmlspecialchars($page);[/color]
<form name="eachrow" action="visitors.php?listing=id-desc&page=<?php echo $page; ?>" method="POST">
  <input type="hidden" value="<?php echo $visitors['browser_id']; ?>" name="DeleteOneRow">
  <td class="VisitorTableContent" align="center" valign="top">
  <input type="submit" value="delete">
</form>


#5 shiny_spoon

shiny_spoon
  • Members
  • PipPip
  • Member
  • 26 posts
  • LocationCanada

Posted 08 October 2006 - 08:23 PM

Not to be the security police but i think its important that when giving out advice we take the habbit to include the nessesary security precautions one must take while doing this: in this case we need to use htmlspecialchars() to make sure we protect ourselves against XSS attacks. (of course if your browser id comes from a user input you'd need to do the same)

<?php $page = $_GET['page']; /* Or $_SESSION['page']? Whatever you are using... */ ?>
[color=red]$page = htmlspecialchars($page);[/color]
<form name="eachrow" action="visitors.php?listing=id-desc&page=<?php echo $page; ?>" method="POST">
  <input type="hidden" value="<?php echo $visitors['browser_id']; ?>" name="DeleteOneRow">
  <td class="VisitorTableContent" align="center" valign="top">
  <input type="submit" value="delete">
</form>


You're absolutely right. :) My bad on that!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users