tags:

views:

43

answers:

2
Q: 

Help passing _POST Form Data PHP

I apologize in advance, I am a PHP noob!

I have form with some hidden fields. I need the values to POST to "submit_rma.php" so that they're not missing from the db--I need $qty, $estmate_id and $rma_type.

The rest of the fields are just displaying data for the user and are readonly. Currently I only get value from the qty text field.

Is there any easier way to pass these values? URL is out of the question due to security issues.

<form method="post" action="submit_rma.php";> 
<table>
   <tr>
      <td>
         Quantity
      </td>
      <td>
         <input type="text" name="qty" value="<?php echo $qty ?>" size="1"/><br/>
      </td>
   </tr>
   <tr>
      <td>
          Part #
      </td>
      <td>
         <input type="text" name="" value="<?php echo $model ?>" size="8" READONLY/><br/>
      </td>
   </tr>
   <tr>
      <td>
         Description
      </td>
      <td>
         <input type="text" name="" value="<?php echo $name_EN ?>" size="50" READONLY/><br/>
      </td>
   </tr>
   <tr>
      <td>
         Paid Date
      </td>
      <td>
         <input type="text" name="" value="<?php echo $sold_date ?>" size="6" READONLY/><br/>
      </td>
   </tr>
   <tr>
      <td>
         Amount Each
      </td>
      <td>
         <input type="text" name="" value="<?php echo $dealer_price ?>" size="8" READONLY/>
      </td>
   </tr>
</table>
         <input type="hidden" name="estmate_id" value="<?php echo $estmate_id ?>">
         <input type="hidden" name="rma_type" value="Short Shipped">
         <input type="submit" name="submit";">
</form>
+1  A: 

Maybe use a hidden <INPUT>:

<input type="hidden" name="qty" value="<?= $qty ?>">

This won't show anything to the user. If you're unfamiliar, <?= x ?> is effectively equivalent to: <?php echo x; ?>.

However, this is a security problem, as an attacker could craft a fake request and put a different value into the field (sidestepping your page and doing the request directly). You should try and get the value some other way, such as through running the INSERT on page generation, then using an UPDATE on the POST, or something like that.

Lucas Jones  2010-03-24 19:15:09
That's what I thought and tried...It's an internal site so it security is okay--no one here is smart enough to poison the POST. The value for qty POST correctly and I need user input there but rma_type and estmate_id however don't. When I echo them on the next page they're blank.
Mikey1980  2010-03-24 19:32:43
@Mikey1980 What do you echo? The same $qty thing? Ever heard of $_POST array?
Col. Shrapnel  2010-03-24 19:53:42
LMAO, it appears I misspelled estimate--now both values POST--point to Lucas for the PHP tip!
Mikey1980  2010-03-24 19:54:37
A: 

Am I pointing out the obvious to say that you forgot NAME attributes for all of the text boxes after "qty"? The values won't persist beyond this page if the names aren't there :-)

LesterDove  2010-03-24 19:39:52
They're just for show--readonly.
Mikey1980  2010-03-24 19:49:58
Ok. I haven't mocked up a test yet, but I'm wondering whether the POST is getting tripped up by an array of blank-named inputs. The clue being that the qty comes through fine. Oh well...
LesterDove  2010-03-24 20:09:27

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?