Max Bogatec
Reputation: 5
PHP Post in URL without using GET
I'm currently working on some code. Where you should be able to upload a file and select witch type of file it is.
I'm using urls to make an database entry on the upload page , so my link should look like
www.mydomain.domain?id=1&type=type
But php only gets the id because it uses get from the previous page.
So it looks like this
www.mydomain.domain?id=1&type=
So my question is how can I get the selection in the url?
I tried it with jQuery but I suck at it ;D.
My form code:
<?php
$datetype = $_POST['dateiart'];
echo $datetype;
$ek = $_GET['id'];
?>
<form action="upload.php?id=<?php echo $ek; ?>&type=<?php echo $datetype;?>" target="_blank" method="post" enctype="multipart/form-data" id="dateiauswahl">
Datei zum hochladen auswählen
<input type="file" name="fileToUpload" id="fileToUpload"> <br>
<input onclick="myFunction()" type="submit" value="Datei hochladen" name="submit"><br><br>
<input type="hidden" value="<?php echo $ek?>" id="id" name="submit"><br><br>
<label>Dateiart:
<select name="dateiart" form="dateiauswahl" size="5">
<option value="EK-Rechnung">EK-Rechnung</option>
<option value="Kaufvertrag">Kaufvertrag</option>
<option value="VK-Rechnung">VK-Rechnung</option>
<option value="Datenblatt">Datenblatt</option>
<option value="Sonstige">Sonstige</option>
</select>
</label>
</div>
</form>
upload.php
<?php
$pdo = new PDO('mysql:host=localhost;dbname=', '', '');
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
$ek = $_GET['id'];
$dateiart = $_GET['type'];
echo $dateiart;
// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 50000000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "pdf"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
$statement = $pdo->prepare("INSERT INTO Dateien (Link, EKNR, Datei_Bezeichnung) VALUES (:Link, :EKNR, :Datei_Bezeichnung)");
$result = $statement->execute(array('Link' => $target_file, 'EKNR' => $ek, 'Datei_Bezeichnung' => $dateiart));
}
?>
Upvotes: 0
Views: 409
Answers (1)
Claudio King
Reputation: 1616
Pass parameters as hidden inputs instead of printing them in the query string of action URL of the form. Use htmlspecialchars function to prevent security issues.
<?php
if (!isset($_GET['id']) || !isset($_GET['type'])){
die('Missing parameters');
}
?>
<form action="upload.php" target="_blank" method="post" enctype="multipart/form-data" id="dateiauswahl">
Datei zum hochladen auswählen
<input type="hidden" name="id" value="<?php echo htmlspecialchars($_GET['id']) ?>">
<input type="hidden" name="type" value="<?php echo htmlspecialchars($_GET['type']) ?>">
....... other inputs
</form>
The in the upload.php script get them from $_POST superglobal.
$ek = $_POST['id'];
$dateiart = $_POST['type'];
Upvotes: 1
Related Questions
- POST data to a URL in PHP
- Post data to URL without form
- Can we POST values coming from url
- posting data to php via url
- POST data in URL
- PHP post to url and then generate page from url
- PHP Post in url
- Use the $_POST method with PHP
- Posting to a URL with PHP and no form
- Using URL contents to send data(post or get) to a PHP page