How to Include link+id in javascript

Question

what iam trying to do basically and i didnt succeed is getting id from link

<input type="hidden" value="<?PHP echo $_GET['id']; ?>">

retrieve the id using javascript variable add it to api.php

    var id = $("#id").val();
    var firstname = $("#firstname").val();
    var name = $("#name").val();
    var state = $("#state").val();
    var dataString = 'firstname='+ firstname + '&name=' + name + '&state=' + state;

    if(firstname=='' || name=='' || state=='')
    {
        $('.success0').fadeOut(200).hide();
        $('.error').fadeOut(200).show();
    }else{
        $.ajax({
        type: "POST",
        url: "api.php+id",
        data: dataString,

After the api.php would pickup the id, but unfortunately it dosent work

exec('curl -b cookies -c cookies -X POST -d @file.json http://sand.api.xxx.com/item?id='. $_GET['id']);

Answer 1

few bugs I noticed in your code:

your html should look like:

<input id="el_id" type="hidden" value="<?PHP echo $_GET['id']; ?>">

your JS fixed below:

    var id = $("#el_id").val();
    var firstname = $("#firstname").val();
    var name = $("#name").val();
    var state = $("#state").val();
    var dataString = 'firstname='+ firstname + '&name=' + name + '&state=' + state;

    if(firstname=='' || name=='' || state=='')
    {
        $('.success0').fadeOut(200).hide();
        $('.error').fadeOut(200).show();
    }else{
        $.ajax({
        type: "POST",
        url: "api.php?id="+id,
        data: dataString,

Answer 2

 <input type="hidden" value="<?PHP echo $_GET['id']; ?>">

your code is vulnerable to xss attack

use this

 <input type="hidden" id="myid" value="<?PHP echo htmlentities($_GET['id']); ?>">


var id=$("#myid").attr("value");

or

var id=$("#myid").val();