Reputation: 4087
PHP $_GET and $_POST variables are not working properly
I have an error in my code that may seem ridiculously simple to figure out, but I've looked at it for hours and haven't yet been able to determine the problem.
To edit a database record, I use the following link to pass the record id to the edit page:
<a href="edit_short.php?id=<?php echo $short->id; ?>">Edit</a>
...and here is the edit_short.php file:
$title = "";
$short_text = "";
$id = 0;
if (isset($_GET['id'])) {
$id=$_GET['id'];
$short = (object)Short::find_by_id($id);
$title = $short->title; // My problem is the scope of $title and $short_text
$short_text = $short->short_text; // Is limited within this if statement
}
if (isset($_POST['edit_short_btn'])) {
echo $title."<br/>";
echo $short_text."<br/>";
}
This is the form that is submitted:
<form method="POST" action="edit_short.php" id="post_form">
<table>
<tr>
<td><input type="text" name="title" value="<?php echo $title; ?>" class="textField" placeholder="Title of short"></td>
</tr>
<tr>
<td><textarea name="short_text" id="short_text" placeholder="Short text"><?php echo $short_text; ?></textarea></td>
</tr>
<tr>
<td><input type="submit" name="edit_short_btn" value="Update short"></td>
</tr>
</table>
</form>
I am able to verify that the submitted id is set using $_GET['id'] and I can pass its value to $id in edit_short.php, but when I get the record and set the $title and $short_text variables, I am unable to access them in the if (isset($_POST['edit_short_btn'])) statement.
How do I check that both the $_GET['id'] and the $_POST['edit_short_btn'] are set and still be able to display the $title and $short_text?
Upvotes: 2
Views: 1766
Answers (2)
Reputation: 23892
The GET is only sent with the link click. Your form is sending a POST so all the data points you want should be in the form. You can have hidden values in the form using the hidden input type. So you should be able to use:
<form method="POST" action="edit_short.php" id="post_form">
<input type="hidden" value="<?php echo intval($_GET['id']);?>" name="id" />
<table>
<tr>
<td><input type="text" name="title" value="<?php echo $title; ?>" class="textField" placeholder="Title of short"></td>
</tr>
<tr>
<td><textarea name="short_text" id="short_text" placeholder="Short text"><?php echo $short_text; ?></textarea></td>
</tr>
<tr>
<td>
</form>
Then use $_POST['id'] on your processing script to get the id. The intval is an XSS prevention method since id will only be an integer. For other approaches to prevent XSS injections see (this won't stop a SQL injection, parameterized queries should still be used on processing script):
How to prevent XSS with HTML/PHP?
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
Upvotes: 2
Reputation: 6381
Based on your code, you'll never have both the $_GET case and $_POST case at the same time. You'll hit the $_GET case after clicking the link (the page URL will include the ?id=... query string), and the $_POST case after submitting the form (no query string).
Upvotes: 3
Related Questions
- PHP $_POST not working but $_GET works fine
- PHP $_POST works but $_GET does not
- problem with GET / POST does not receive data with php
- $_POST method not working although $_Get work Fine
- PHP $_GET and $_POST code not working
- My GET statements work correctly but my POST statements don't
- $_GET, $_POST and $_REQUEST not being populated
- PHP $_GET and $_POST undefined problem
- $_GET and $_POST issue
- $_GET and $_POST not working