tags:

views:

869

answers:

4
Q: 

passing parameters to php in a form?

I have the basic html form echoed through php:

<html>
<body>
<?php 
if (isset($_GET["pk"]))
 { $pk = $_GET["pk"];}
echo '<form action="up.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>';
?>
</body>
</html>

I would like to pass the value of pk to up.php

Modifying action="up.php?pk=$pk" did not work.

+6  A: 

Use a hidden field:

<input type="hidden" name="pk" value="<?php echo $pk; ?>">

By the way, printing large amounts of HTML like you have there is ugly. Consider stepping out of PHP to do so, using HEREDOC, a template engine, or a framework.

EDIT:

As noted below, you should not print GET and POST data back to the page without sanitizing it first. Assuming pk is a primary key, you should wrap $pk above with the intval function, at the very least.

Paolo Bergantino  2009-04-29 19:03:13
Upvoted this, but see my note attached to the question about printing values from GET/POST data.
Rob  2009-04-29 19:13:28
Sigh. Yeah, yeah, I know. I can only say it so many times in answers here until I stop caring. Edited to reflect this.
Paolo Bergantino  2009-04-29 19:47:06
+1  A: 

You can't use a variable inside a single-quoted string:

$pk = 123;
echo 'Hello $pk'; // echos Hello $pk
echo "Hello $pk"; // echos Hello 123
echo 'Hello ' . $pk; // echos Hello 123

The best way to pass it through would be as a hidden field inside the form

Greg  2009-04-29 19:04:23
A: 

Try sth like this:

<html>
<body>
<?php 
$params = "";
if (isset($_GET["pk"]))
  { $params = "?pk=" . $_GET["pk"];}
echo '<form action="up.php' . $params . '" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>';
?>
</body>
</html>

Of course you should be aware that $_GET["pk"] may contain pretty much anything, so think about some kind of input sanitization.

empi  2009-04-29 19:07:43
+1  A: 

I agree with all the comments regarding some kind of input control of the $_GET['pk'] variable. I would recommend the filter module in php, which is pretty much a default installed module I believe.

<html>
<body>
<?php 
 $param = filter_input(INPUT_GET, 'pk', FILTER_SANITIZE_ENCODED);
?>
<form action="up.php<?php echo (isset($param) && $param != false) ? '?pk=' . $params : ''); ?>" method="post"enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>

You can find more information about the filter module here: link text

I also agree with Paolo Bergantino, this is not the prettiest way to do it, and a template engine, heredocs or regexp could be a better way of increasing the readability and maintainability of the system.

Kristian Lunde  2009-04-29 19:41:08

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases