About html form submit in server

Question

What I want to ask is may be dumb question, but it is hard to find what is wrong because it is too simple. What I want to do is to get a string value and post to value in another page. The source of two pages are as below. The problem is, no matter what I type in the textbox, when I push the OK button, the result is like this "; ?> This is my first time using actual server so..could you guys help me?

<html>
<body>
    <form method="get" action="id.php">
        <input type='text' name='id'>
        <input type='submit' value='OK'>
        <input type='reset' value='Cancel'>
    </form>
</body>
</html>

id.php

<? php

 echo " $id welcome <p>";

 ?>

Answer 1

You're actually pretty close

Since you're using method="get" we're going to get the id with the superglobal $_GET

id.php:

<?php
 echo "<p>".htmlspecialchars($_GET['id'], ENT_QUOTES, 'UTF-8'). "welcome </p>";
?>

Notice the function htmlspecialchars we use this to prevent a XSS attack, in order to protect the output data, you should escape the data when showing it to the user. This prevents the browser from applying any unintended meaning to any special sequence of characters that may be found (e.g. unauthorised JavaScript injected by the user).

Answer 2

Change your id.php to this,

<?php

if(isset($_GET['submit'])) // checks if submit button is clicked. Prevents accident submit
{

  $get_id = $_GET['id'];
  echo "Id is : " . $get_id;
}

?>

Change

    <input type='submit' value='OK'>

to

    <input type='submit' value='OK' name="submit">

Answer 3

<html>
<body>
    <form method="get" action="id.php">
        <input type='text' name='id'>
        <input type='submit' value='OK' name="submit">
        <input type='reset' value='Cancel'>
    </form>
</body>
</html>

in id.php use like this

<?php

 echo $_GET['id']."welcome <p>";

 ?>