Noskiw Posted November 5, 2014 Share Posted November 5, 2014 Currently what I'm trying to do is to create a blogging software through PHP (for myself) and when trying to change the amount of posts viewable on the edit/delete page, the form, which auto-submits if JavaScript is enabled, should deliver the following result: "/?page=EditPost&limit=6" This is obviously depending on what value is chosen, it can be anywhere from 5 to 10. But what it is actually returning is "?limit=6". This is the PHP script for the function: public function EchoLimitSelector() { $limit = isset($_GET['limit']) ? $_GET['limit'] : NULL; echo "<div class='tright'>"; echo "<form action='?page=EditPost&limit=".$limit."' method='GET'>"; echo "<span>Posts per page: </span>"; echo "<select name='limit' style='font-size: 16px; width: 50px;' onchange='this.form.submit();'>"; for($x = 5; $x <= 10; $x++) { echo "<option value=".$x. " "; //Setting default selected value if($limit) { if($limit == $x) { echo "selected"; } } else { if($x == 5) { echo "selected"; } } echo ">".$x."</option>"; } echo "</select>"; echo "<noscript><input type='submit' value='Go' style='height: 26px; padding: 0; margin-top: -7px;'/></noscript>"; echo "</form>"; echo "</div>"; } I'm hoping that it's just a simple fix. Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/292301-submiting-form-creating-issues-in-url/ Share on other sites More sharing options...
Solution requinix Posted November 5, 2014 Solution Share Posted November 5, 2014 Your form has method=get. That means anything you specify for the query string in the action will be lost in favor of whatever you put in the form. Leave the action empty and use a hidden input for the page name. <form action="" method="GET"> <input type="hidden" name="page" value="EditPost"> 1 Quote Link to comment https://forums.phpfreaks.com/topic/292301-submiting-form-creating-issues-in-url/#findComment-1495864 Share on other sites More sharing options...
Jacques1 Posted November 5, 2014 Share Posted November 5, 2014 For some reason you've hard-coded the limit parameter in the action URL. Remove it. But what's much worse is that your small code snippet already contains tons of security vulnerabilities, spaghetti code and bad practices. You need to start thinking about proper code, especially when you write web applications. Values need to be escaped before you can put them into your HTML markup. Never heard of cross-site scripting attacks? Stuffing all code and markup into one big PHPHTMLCSSJavaScript blob also isn't a good idea. This will bite you once your project becomes more complex. JavaScript code belongs into external JavaScript files, CSS rules belong into external CSS files, and HTML markup belongs into external templates. Keep things clean. Quote Link to comment https://forums.phpfreaks.com/topic/292301-submiting-form-creating-issues-in-url/#findComment-1495867 Share on other sites More sharing options...
Noskiw Posted November 5, 2014 Author Share Posted November 5, 2014 Your form has method=get. That means anything you specify for the query string in the action will be lost in favor of whatever you put in the form. Leave the action empty and use a hidden input for the page name. <form action="" method="GET"> <input type="hidden" name="page" value="EditPost"> Thank you, that worked a charm. Quote Link to comment https://forums.phpfreaks.com/topic/292301-submiting-form-creating-issues-in-url/#findComment-1495868 Share on other sites More sharing options...
Noskiw Posted November 5, 2014 Author Share Posted November 5, 2014 For some reason you've hard-coded the limit parameter in the action URL. Remove it. But what's much worse is that your small code snippet already contains tons of security vulnerabilities, spaghetti code and bad practices. You need to start thinking about proper code, especially when you write web applications. Values need to be escaped before you can put them into your HTML markup. Never heard of cross-site scripting attacks? Stuffing all code and markup into one big PHPHTMLCSSJavaScript blob also isn't a good idea. This will bite you once your project becomes more complex. JavaScript code belongs into external JavaScript files, CSS rules belong into external CSS files, and HTML markup belongs into external templates. Keep things clean. Thank you for that, currently, I'm still just a student (19) and still learning how to program websites properly. I've been on and off as I've had to learn other languages for my A-Level and now University courses (Computer Science). Right now, this is just for a small portfolio which I thought would look more impressive if I had programmed it all myself as opposed to what other students on my course do and use WordPress templates to do it all for them. I will definitely take on board what you've said and start thinking about this security vulnerabilities and more seriously on future websites. The website also does have a template, but I wouldn't know how to add the markup in the function into a template where I can manipulate it. Quote Link to comment https://forums.phpfreaks.com/topic/292301-submiting-form-creating-issues-in-url/#findComment-1495869 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.