sithsta4 Posted May 7, 2014 Share Posted May 7, 2014 (edited) Hi, I need to pass a URL varriable onto the next page ideally using a hidden form. I have so far In the form - echo '<input type="hidden" name="shoppingid" value="<?php echo $_POST["shop"]; ?>'; The "shop" is the part that changes depending on what section the user is on so it may be shop=12 or shop=10 etc and I have declared it in some code above this code On the other page- $shopid = $_POST['shoppingid']; Any ideas as it doesnt seem to be working? Edited May 7, 2014 by sithsta4 Quote Link to comment Share on other sites More sharing options...
adam_bray Posted May 7, 2014 Share Posted May 7, 2014 Is the user submitting a form between every page? Wouldn't it be easier to use $_GET? Quote Link to comment Share on other sites More sharing options...
sithsta4 Posted May 7, 2014 Author Share Posted May 7, 2014 How would i do that? Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted May 7, 2014 Share Posted May 7, 2014 It might help if you provide more information on what you're trying to do. If you're looking to maintain a variable throughout many pages of a website, you could look into SESSION variables: http://www.php.net/manual/en/session.examples.basic.php Quote Link to comment Share on other sites More sharing options...
adam_bray Posted May 7, 2014 Share Posted May 7, 2014 Do something like this - <?php echo 'Shop ID: ' . $_GET['shop']; ?> <a href="page2.php?shop=<?=$_GET['shop'];?>"></a> The reason your first code isn't working is because you're using the wrong type of quotes. Single quotes don't execute PHP, double quotes do, but they try to execute everything. echo '<input type="hidden" name="shoppingid" value="<?php echo $_POST["shop"]; ?>'; Should be this - echo '<input type="hidden" name="shoppingid" value="'.$_POST["shop"].'" />'; Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted May 7, 2014 Share Posted May 7, 2014 Guys, please escape your variables before inserting them into the HTML markup. We've had enough cross-site scripting vulnerabilities. I also see absolutely no reason why you should use a URL parameter. Since you're dealing with a form, a hidden parameter is the correct solution. The reason why your code doesn't work is because you're trying to have a PHP code block within a PHP code block. This is not possible. So a corrected and sanitized version would look like this: <?php // Do not forget the escaping! echo '<input type="hidden" name="shoppingid" value="' . html_escape($_POST['shop'], 'UTF-8') . '">'; function html_escape($raw_string, $encoding) { return htmlspecialchars($raw_string, ENT_QUOTES, $encoding); } Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted May 7, 2014 Share Posted May 7, 2014 Perhaps you're already aware of this, but $_GET and $_POST variables can be tampered with by the user. So keep in mind that you'll need to validate/sanitize the value. If your "shop" variable is supposed to be a number, for example, you can use ctype_digit() to make sure it is. At a minimum, you should use something like htmlentities() before the value is used in things like hidden form fields and anchor tags. Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted May 7, 2014 Share Posted May 7, 2014 I also see absolutely no reason why you should use a URL parameter. Since you're dealing with a form, a hidden parameter is the correct solution. That depends on what the OP (sithsta4) is trying to do. The "shop" variable being in a hidden form field won't work if the OP wants a visitor to click on a link that's not connected to the form, for example. In that case, a GET (or SESSION) variable may be a better choice. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.