Losing value between form field and destination

Question

showman13 49 Junior Poster

11 Years Ago

As many forms as I've used over the years and sending data from one script to another, I'm totally baffled with what is going wrong with this situation...

I have a form in a script that basically just displays a book face as a link to go read the book.
in the script, here is the code...

<form name="product <?php print $product[$prow][$pcol][0]; ?>" action="<?php print $title; ?>" method="POST" target="_blank">
    <input type="hidden" name="prod_id" value="<?php print $product[$prow][$pcol][0]; ?>">
    <input type="image" name="<?php print $product[$prow][$pcol][0]; ?>" src="images/full_pics/<?php print $product[$prow][$pcol][4]; ?>" width="400" height="400" border="0" alt="<?php print $product[$prow][$pcol][1]; ?>">
</form>

Looking at it from the page source after being rendered it looks like this

<form name="product 32008" action="eDelivery/BusinessDevelopment/HowtoWriteProfitableEmails" method="POST" target="_blank">
    <input type="hidden" name="prod_id" value="32008">
    <input type="image" name="32008" src="images/full_pics/profitable_emails.png" width="400" height="400" border="0" alt="How to Write Profitable Emails">
</form>

Which should send the $prod_id to the action url

BUT, when it arrives there, $prod_id has no value. the reason I know this is that for whatever reason the book wasn't being displayed, so I tested it by simply printing the value of the variable, and there was no value.

Just to be thorough, here is the print command on the action url

 print"<br>prod_id is ".$prod_id;

and what I get is " prod_id is 'blank'" (I stuck in the blank)

So, what is it that I am not seeing that must be obvious?

php

6 Contributors
15 Replies
203 Views
5 Days Discussion Span
Latest Post 11 Years Ago Latest Post by showman13

pritaeas 2,194 ¯\_(ツ)_/¯

11 Years Ago

Have you tried echo $_POST['prod_id'];

IIM 163 Master Poster

11 Years Ago

print"<br>prod_id is ".$prod_id; // Error with $prod_id

The line marked bold must be replaced with $_POST['prod_id'] as the variable is passed from previous form and the method used is POST so it will be $_POST['prod_id'] .

If method used is GET so it will be $_GET['prod_id'] .

Refer this

Edited 11 Years Ago by IIM

EvolutionFallen 107 Junior Poster

11 Years Ago

I think you may have register_globals turned on. I've never worked on an environment that's had this setting on, which is why I didn't think of it right away. It's generally recommended to have this setting turned off for security reasons, and indeed newer versions of PHP have gotten rid of Register Globals altogether: http://www.php.net/manual/en/security.globals.php

diafol

11 Years Ago

diafol, not sure where you see shortened code being used. I always try to use <?php and in looking over the code I posted, it is used like that in all cases I believe. Hopefully I didn't miss any. I do find every once in awhile when in a hurry that I do forget though.

here (line 27):

action="<? echo $_SERVER['PHP_SELF']; ?>"

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

showman13 49 Junior Poster · Answer 1 · 2013-02-22T15:06:28+00:00

Yes, actually I have.

no difference between echo and print
and
no difference between $prod_id and $_POST['prod_id']

I quit using the $_POST a long time ago... found it was unnecessary and just more confusing to look at.

showman13 49 Junior Poster · Answer 2 · 2013-02-22T15:36:35+00:00

$_POST is unnecessary.

I have hundreds of pages out there that use only the variable name like $prod_id when the value is sent from a form... has been working fine like that for a long time.

showman13 49 Junior Poster · Answer 3 · 2013-02-22T16:28:53+00:00

Well, I haven't solved this issue, and honestly just absolutely do not understand it...

But I have determined an alternate way to accomplish what I need to accomplish, so won't waste any more time thinking about this.

Not a great way to resolve it, but time is important.

thanks for your feedback.

Douglas

migcosta 13 Junior Poster · Answer 4 · 2013-02-22T17:46:48+00:00

hey showman13
could you please tell me were did you find that you could use just $prod_id instead of $_POST['prod_id']?
I have tried and it doesn't work and I didn't find any documentation that says it works :/ .

My guess is that you have one of this problems:
1 - you a submit form problem.
2 - you are using a framework or any sort of server side script/language that pre processes your $_REQUEST's in order to list it in to variables and then cleans the $_REQUEST or $_POST variables.

cheers

EvolutionFallen 107 Junior Poster · Answer 5 · 2013-02-22T18:06:59+00:00

I quit using the $_POST a long time ago... found it was unnecessary and just more confusing to look at.

This is either false or an incomplete statement in that you are not providing/aware of full information regarding what's going on. There are several ways that come to mind of how you could be using $prod_id as a replacement for $_POST['prod_id'], but saying $_POST is unnecessary is misleading. You could be using $_REQUEST instead, or as migcosta suggested, implementing a framework that handles assigning $prod_id = $_POST['prod_id'] behind the scenes for you, or *worse*, using extract($_POST);. If not any of these, I'd be very interested in knowing how $prod_id is being assigned the value from the form.

showman13 49 Junior Poster · Answer 6 · 2013-02-25T15:47:46+00:00

Well, maybe I stated it incorrectly, but I don't believe so...

I just created a little test script to show what I am referring to...

http://douglasdidit.com/post_test.php

It simply has a form to enter a name, and then passes that name using the POST method and the value is displayed by simply printing the variable without the $_POST['test']

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
  <title>post_test</title>
</head>

<body>

<?php
    if ($subbed!='display'){
?>
<table align="center" width="600" bgcolor="#B0E0E6">
  <tr>
    <td align="center" valign="middle" width="600" height="200">
      This is a simple test script with a form where you enter data<br />
      in a field named $test<br /><br />
      The action calls the same script and a variable set to 'display'<br />
      which displays what you entered by using the variable name only<br />
      without using the POST ....
    </td>
  </tr>
  <tr>
    <td align="center" valign="middle" width="600" height="100">
      <form name="show_subs" action="<? echo $_SERVER['PHP_SELF']; ?>" method="POST">
        Enter your first name to be displayed : <input name="test" size="12" tabindex="1" maxlength="12" />
        <input type="hidden" name="subbed" value="display">
        <input type="submit" name="submit" value="Show display" tabindex="2" />
      </form>
    </td>
  </tr>
</table>
<?php
    }else{
?>
<table align="center" width="600" bgcolor="#FFCC00">
  <tr>
    <td align="center" valign="middle" width="600" height="100"><br /><br />
      Thank you <b><u><?php print $test; ?></u></b> for checking this out.<br /><br />
      This is why I say that the  $_POST['test']   is not necessary <br />
      because I simply used the 'print $test;' to display what was entered<br />
      in the form on the previous page   <br /><br />
    </td>
  </tr>
</table>
<?php
}
?>

</body>

</html>

diafol · Answer 7 · 2013-02-25T22:34:18+00:00

Agreed. register_globals is evil. You're also using short code in the form action - make sure its <?php Just because something worked in the past doesn't mean that it will continue to work. Hosts update the php version from time to time and you may find that certain structures, functions etc. stop working. You usually have a few years from deprecation to removal, enough time to update your code.

If you're sending the form to the container page, you can probably do without the action attribute altogether.

showman13 49 Junior Poster · Answer 8 · 2013-02-26T23:29:58+00:00

diafol, not sure where you see shortened code being used. I always try to use <?php and in looking over the code I posted, it is used like that in all cases I believe. Hopefully I didn't miss any. I do find every once in awhile when in a hurry that I do forget though.

EvolutionFallen - I don't know if Register Globals is on or not. I never requested it to be. I've always known that it shouldn't be for security. I don't know how to tell, but submitted a ticket to the server admin to find out.

showman13 49 Junior Poster · Answer 9 · 2013-02-27T03:11:21+00:00

Yep, you are right.. I missed one. thank you.

EvolutionFallen 107 Junior Poster · Answer 10 · 2013-02-27T21:37:46+00:00

I don't know if Register Globals is on or not. I never requested it to be. I've always known that it shouldn't be for security. I don't know how to tell, but submitted a ticket to the server admin to find out.

Just for completeness, you can create a PHP file containing simply:

<?php echo 'register_globals = ' . (int) ini_get('register_globals'); ?>

Put it on your server, then open up the page in your browser. If it says 0, RG is off, if it says 1, RG is on. I'd suggest removing the file once you check, no reason to let others come across it.

showman13 49 Junior Poster · Answer 11 · 2013-02-27T23:32:10+00:00

Thank you for your feedback... I'll give that a shot.

Funny thing is that I never found the answer to my question, only found a different way to accomplish what I wanted. Guess I may need to visit that question again in the future if I ever run into it again.

thanks again