Jump to content

Submiting form creating issues in URL.

Noskiw

By Noskiw
in PHP Coding Help

 Share
Go to solution Solved by requinix,

Recommended Posts

Noskiw Regular Member

Noskiw

Posted
Posted

Currently what I'm trying to do is to create a blogging software through PHP (for myself) and when trying to change the amount of posts viewable on the edit/delete page, the form, which auto-submits if JavaScript is enabled, should deliver the following result:

 

"/?page=EditPost&limit=6"

 

This is obviously depending on what value is chosen, it can be anywhere from 5 to 10. But what it is actually returning is "?limit=6".

 

This is the PHP script for the function:

public function EchoLimitSelector()
    {
        $limit = isset($_GET['limit']) ? $_GET['limit'] : NULL;

        echo "<div class='tright'>";
        echo "<form action='?page=EditPost&limit=".$limit."' method='GET'>";
        echo "<span>Posts per page: </span>";
        echo "<select name='limit' style='font-size: 16px; width: 50px;' onchange='this.form.submit();'>";

        for($x = 5; $x <= 10; $x++)
        {
            echo "<option value=".$x. " ";

            //Setting default selected value
            if($limit)
            {
                if($limit == $x)
                {
                    echo "selected";
                }
            }
            else
            {
                if($x == 5)
                {
                    echo "selected";
                }
            }

            echo ">".$x."</option>";
        }

        echo "</select>";
        echo "<noscript><input type='submit' value='Go' style='height: 26px; padding: 0; margin-top: -7px;'/></noscript>";
        echo "</form>";
        echo "</div>";
    }

I'm hoping that it's just a simple fix.

 

Thanks.

Link to comment
Share on other sites
  • Solution
requinix Prolific Member

requinix

Posted
  • Solution
Posted

Your form has method=get. That means anything you specify for the query string in the action will be lost in favor of whatever you put in the form.

 

Leave the action empty and use a hidden input for the page name.

<form action="" method="GET">
<input type="hidden" name="page" value="EditPost">
  • Like 1
Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted

For some reason you've hard-coded the limit parameter in the action URL. Remove it.

 

But what's much worse is that your small code snippet already contains tons of security vulnerabilities, spaghetti code and bad practices. You need to start thinking about proper code, especially when you write web applications.

 

Values need to be escaped before you can put them into your HTML markup. Never heard of cross-site scripting attacks? Stuffing all code and markup into one big PHPHTMLCSSJavaScript blob also isn't a good idea. This will bite you once your project becomes more complex. JavaScript code belongs into external JavaScript files, CSS rules belong into external CSS files, and HTML markup belongs into external templates. Keep things clean.

Link to comment
Share on other sites
Noskiw Regular Member

Noskiw

Posted
  • Author
Posted

Your form has method=get. That means anything you specify for the query string in the action will be lost in favor of whatever you put in the form.

 

Leave the action empty and use a hidden input for the page name.

<form action="" method="GET">
<input type="hidden" name="page" value="EditPost">

 

Thank you, that worked a charm.

Link to comment
Share on other sites
Noskiw Regular Member

Noskiw

Posted
  • Author
Posted

For some reason you've hard-coded the limit parameter in the action URL. Remove it.

 

But what's much worse is that your small code snippet already contains tons of security vulnerabilities, spaghetti code and bad practices. You need to start thinking about proper code, especially when you write web applications.

 

Values need to be escaped before you can put them into your HTML markup. Never heard of cross-site scripting attacks? Stuffing all code and markup into one big PHPHTMLCSSJavaScript blob also isn't a good idea. This will bite you once your project becomes more complex. JavaScript code belongs into external JavaScript files, CSS rules belong into external CSS files, and HTML markup belongs into external templates. Keep things clean.

 

Thank you for that, currently, I'm still just a student (19) and still learning how to program websites properly. I've been on and off as I've had to learn other languages for my A-Level and now University courses (Computer Science).

 

Right now, this is just for a small portfolio which I thought would look more impressive if I had programmed it all myself as opposed to what other students on my course do and use WordPress templates to do it all for them.

 

I will definitely take on board what you've said and start thinking about this security vulnerabilities and more seriously on future websites.

 

The website also does have a template, but I wouldn't know how to add the markup in the function into a template where I can manipulate it.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.