Passing Data with Submit Button

[doubledee]

I need some help figuring out how to pass data to another script when a User clicks a Submit Button.

 

For example, let's say a User is on the following page viewing his/her Private Message (msgID=1)...

http://local.debbie/account/view_pm.php?msgview=incoming&msg=1

 

Above the message is a command bar with a "Reply" Form Button.

 

If the User clicks on the "Reply" button, I want them to end up here...

http://local.debbie/account/reply_pm.php?msg=1

 

 

The problem is when the User is viewing his/her Private Message on "view_pm.php" and clicks the button, my original $msgID variable loses scope and is Null, so this code at the top of my "view_pm.php" script is not working...

 

// *************************************************************
// HANDLE FORM.								 *
// *************************************************************
if ($_SERVER['REQUEST_METHOD']=='POST'){
	// Form was Submitted (Post).

	if ($_POST['submit']=="Reply"){
		// Redirect to Reply PM page.
		header("Location: " . BASE_URL . "/account/reply_pm.php");

		// End script.
		exit();

 

Hope I am making some sense in what I am trying to do?!

 

Thanks,

 

 

Debbie

 

[Kristoff1875]

What page are you ending up on when you click reply?

[doubledee]

What page are you ending up on when you click reply?

 

Oh, my Reply button is taking me to the correct page, which is here...

http://local.debbie/account/reply_pm.php

 

 

But the problem is that my "reply_pm.php" script needs to know the "Message ID" so it can grab that from the database and auto-populate the "Reply Form" with the message the User is replying to.

 

If I was using a hyperlink, I could just create a link like this down in my *un-submitted* Form...

 

http://local.debbie/account/reply_pm.php?msg=1

 

 

But since I am being stubborn and want a silver, metallic Form Button for my "Reply", I need a way to get here...

 

http://local.debbie/account/reply_pm.php?msg=1

 

...when the User submits the Form by clicking the "Reply" button.

 

Follow me?

 

 

Debbie

 

[Kristoff1875]

Others will know more than me, but can't you grab the message ID from the url, and then pass it as an variable in to your url, for example:

 

	

// *************************************************************



// HANDLE FORM.

















*



// *************************************************************



if ($_SERVER['REQUEST_METHOD']=='POST'){





// Form was Submitted (Post).





if ($_POST['submit']=="Reply"){







// Redirect to Reply PM page.







header("Location: " . BASE_URL . "/account/reply_pm.php?msg=".$msg."");







// End script.







exit();

 

As i've said, i'm no expert, and others will know better, but in my mind that is what you're looking to do?

[doubledee]

My script is set up like this...

 

if ($_SERVER['REQUEST_METHOD']=='POST'){
	// Form was Submitted (Post).

	// Process Form


}else{
	// Form was not Submitted (Get).

	// Display Form which wraps around my Private Message output

	// Top Menu Bar.
	echo "<div id='msgBarTop'>"
			. (($showReply===TRUE)? "<input type='submit' name='submit' value='Reply'/>" : "") .
		</div>";

	// Private Message.
	echo "<dl>
			<dt>FROM:</dt>
			<dd>$fromData</dd>
			<dt>TO:</dt>
			<dd>$toData</dd>
			<dt>DATE:</dt>
			<dd>" . htmlentities($msgDate, ENT_QUOTES)
			. "</dd>
			<dt>SUBJECT:</dt>
			<dd><b>" . htmlentities($subject, ENT_QUOTES) . "</b></dd>\n\n
			<dt></dt>
			<dd id='msgBody'>"	. nl2p($messageEnt, TRUE) . "</dd>
			</dl>\n\n";

			// Bottom Menu Bar.
			echo "<div id='msgBarBottom'>"
					. (($showReply===TRUE)? "<input type='submit' name='submit' value='Reply'/>" : "") .
				</div>";

 

 

Debbie

 

[Kristoff1875]

I've never done anything like that to be honest, as I said before, i'm not an expert!

 

How is it handling the form? Assuming that to have a submit button, you've got a form action?

[mrMarcus]

Grabbing values from a URL means you are using GET method, and in turn, stores all of the parameter values within the $_GET superglobal.

 

You are checking that if the REQUEST_METHOD is POST, do something.  Well, the REQUEST_METHOD will never be POST in your case.  It will be GET.

[doubledee]

Grabbing values from a URL means you are using GET method, and in turn, stores all of the parameter values within the $_GET superglobal.

 

You are checking that if the REQUEST_METHOD is POST, do something.  Well, the REQUEST_METHOD will never be POST in your case.  It will be GET.

 

Huh??????

 

(Did you read my Original Post?)

 

 

Debbie

 

[Drummin]

Hi Debbie,

You'll probably want to add a hidden input to your form to pass the message ID (msg) that you pick up from GET when you open the message.  That would also mean you need to modifying your original coding where you establish the GET ID to also except POST.  Not knowing how you are currently getting the ID I will offer this.

if (isset($_GET['msg'])){
$msg = $_GET['msg'];
}
if (isset($_POST['msg'])){
$msg = $_POST['msg'];
}

//You then run query with variable $msg.

 

So in your form

<input type="hidden" name="msg" value="<?php if (isset($msg)){ echo $msg;} ?>" />

[doubledee]

Hi Debbie,

You'll probably want to add a hidden input to your form to pass the message ID (msg) that you pick up from GET when you open the message.  That would also mean you need to modifying your original coding where you establish the GET ID to also except POST.  Not knowing how you are currently getting the ID I will offer this.

if (isset($_GET['msg'])){
$msg = $_GET['msg'];
}
if (isset($_POST['msg'])){
$msg = $_POST['msg'];
}

//You then run query with variable $msg.

 

So in your form

<input type="hidden" name="msg" value="<?php if (isset($msg)){ echo $msg;} ?>" />

 

I was thinking of using a Hidden Input, but have read a lot of places that they can be insecure...

 

I ended up storing the "Message ID" in the $_SESSION in the "Form Not Submitted" branch of my "view_pm.php" script like this...

	// ******************
	// Check MessageID.	*
	// ******************
	if (isset($_GET['msg']) && $_GET['msg']){
		// MessageID found in URL.

		if (is_numeric($_GET['msg'])){
			// Valid MessageID Format.

			// Set MessageID.
			$msgID = (int)$_GET['msg'];

//NEW
			// Set Session.
			$_SESSION['msgID'] = $msgID;

 

 

And then at the top of my script, in the "Form Submitted" branch, I did this...

// *************************************************************
// HANDLE FORM.									 *
// *************************************************************
if ($_SERVER['REQUEST_METHOD']=='POST'){
	// Form was Submitted (Post).

	// Get current Message ID.
	$msgID = (isset($_SESSION['msgID']) ? $_SESSION['msgID'] : '');


	if ($_POST['submit']=="Reply"){
		// Redirect to Reply PM page.
		header("Location: " . BASE_URL . "/account/reply_pm.php?msg=$msgID");

		// End script.
		exit();

 

This seems to be working, and maybe it is slightly more secure than using a Hidden Form element, but I don't know?!

 

 

Debbie

 

[Drummin]

Cool Debbie.  Whatever works for you.  As long you can keep moving forward to finish your project then that's great.  As you are qualifying the user by their ID as being the person allowed to respond via their session ID, I don't think having a message ID as a hidden field is any big deal, especially as you're already using a public GET value to pass this ID in the first place.

[doubledee]

Cool Debbie.  Whatever works for you.  As long you can keep moving forward to finish your project then that's great.

 

I'm getting there slowly but surely...

 

 

As you are qualifying the user by their ID as being the person allowed to respond via their session ID, I don't think having a message ID as a hidden field is any big deal, especially as you're already using a public GET value to pass this ID in the first place.

 

You are probably right, but I am just super cautious when it comes to security.

 

Thanks for the reply.

 

 

Debbie

 

[Barand]

reply button

<button onclick="location.href='http://local.debbie/account/reply_pm.php?msg=$msgID'">Reply</button>

[doubledee]

reply button

<button onclick="location.href='http://local.debbie/account/reply_pm.php?msg=$msgID'">Reply</button>

 

Is that HTML5 ??

 

If so, what would I need to use it in my HTML 4 code-base?

 

 

Debbie

 

 

[KevinM1]

No, it's not HTML 5.  It's a generic HTML button with inline (yuck) JavaScript attached to its (the button's) click event that would bring the user to the URL provided.

 

You don't need anything special to use it.  It's very basic/vanilla/old HTML and JavaScript.

[doubledee]

No, it's not HTML 5.  It's a generic HTML button with inline (yuck) JavaScript attached to its (the button's) click event that would bring the user to the URL provided.

 

You don't need anything special to use it.  It's very basic/vanilla/old HTML and JavaScript.

 

Are you sure <button> is HTML4?!

 

Oh, and I didn't see the "onclick".  (I don't do JavaScript, so that wouldn't work.)

 

BTW, the way I chose seems to be working just fine.

 

Thanks,

 

 

Debbie

 

 

 

 

[Barand]

KevinM1,

 

How should the yucky bit be done?

 

[KevinM1]

KevinM1,

 

How should the yucky bit be done?

 

 

Unobtrusively?

 

<!doctype html>
<html>
   <!-- all markup until the button -->
   <button id="reply">Reply</button>
   <!-- all markup until just before the ending html tag -->
   <script type="text/javascript">
      var button = document.getElementById('reply');
      button.onclick = function() {
         location.href='http://local.debbie/account/reply_pm.php?msg=$msgID';
      }
   </script>

</html>

 

Inline JavaScript is bad because it mixes markup with behavior.  Yeah, unobtrusive JS requires more lines (at least, for something trivial like this), but it makes maintenance/editing/debugging a heck of a lot easier.  Especially in Debbie's case, where she's using PHP to generate HTML and (potentially) JS.  For the same reasons why we separate CSS and HTML, we should separate JS and HTML.

 

Unobtrusive JS also allows one to write progressively enhanced code.  Since you're writing an actual script instead of just bolting a line of code onto an element's event, you can feature detect (libraries like Modernizr help greatly with that), and subsequently write code that will present the user a more interactive experience if they're using a modern browser.

 

@doubledee JavaScript isn't hard, and is absolutely something you should learn.  It's the one common scripting language that is truly available everywhere, and with Flash support dwindling and HTML 5's improvements (canvas, SVG, web sockets, etc.), it's vital to at least have some understanding of it.

 

And yes, <button> is HTML 4: http://www.w3.org/TR/html4/interact/forms.html#h-17.5

[spiderwell]

alternatively you could store the message id into the session object on message viewing, and then retrieve it when on the reply page.

[KevinM1]

alternatively you could store the message id into the session object on message viewing, and then retrieve it when on the reply page.

 

Or, better yet, combine the ability to reply with viewing a message.  Most PM systems I've seen have a text editor right below the message to allow for replies without having to go to another page.