Home > OS >  GET parameter won't pass with html button formaction
GET parameter won't pass with html button formaction

Time:09-18

I am trying to pass a GET parameter through a button but I can't figure out what I am doing wrong. The parameter is set, as it shows up fine in the header, but it isn't being added to the edit.php url. The button is directing me to edit.php, just without the GET parameter added. I am pretty new to this stuff and this is my first time using links that aren't through anchor tags, so I am clearly missing something here. Any advice is greatly appreciated.

<h1 >Claim #<?echo($_GET['claim_id'])?>
    <form>
        <button type="submit" formaction="index.php" >Back</button>
        <?echo('<button type="submit" formaction="edit.php?claim_id='.$_GET['claim_id'].'" >Edit</button>');?>
    </form>
</h1>

CodePudding user response:

<form method="get" action="edit.php">
        <?echo('<button type="submit" formaction="edit.php?claim_id='.$_GET['claim_id'].'" >Edit</button>');?>
    </form>

instead of using the form you can just use a straightforward link k with the anchor tag

<a href="edit.php?claim_id="<?=$_GET['claim_id']?>">edit</a>

or you can specify the methos of get on the form with a hidden for input to place the link get parameter

CodePudding user response:

If you have to use formaction, you must specify name and value of element:

<h1 >Claim #<? echo($_GET['claim_id'])?>
<form>
    <button type="submit" formaction="index.php" >Back</button>
    <?php echo('<button type="submit" formaction="/edit.php" name="claim_id" value="'.$_GET['claim_id'].'" >Edit</button>');?>
</form>

CodePudding user response:

here it is better to place buttons in different blocks. But personally, in this case, I use a hyperlink

  1. <form method="get" action=""></form>

  2. <?echo('<a href="edit.php?claim_id='.$_GET['claim_id'].'" >Edit</a>

CodePudding user response:

When you submit a form using the GET method, any existing query string in the action will be replaced by a new one generated by the name and value of the successful controls associated with that form.

In your case, the only successful control is the submit button, which doesn't have a name or a value.

You could get the effect you desire by moving the data to those attributes:

<h1 >Claim #<?php echo htmlspecialchars($_GET['claim_id']); ?>
    <form>
        <button formaction="index.php" >Back</button>
        <button formaction="edit.php" name="claim_id" value="<?php echo htmlspecialchars($_GET['claim_id']); ?>" >Edit</button>
    </form>
</h1>

Important security note: inserting data from the URL directly into a page makes you highly vulnerable to XSS attacks. You need to take precautions against that. The most basic of those is using htmlspecialchars.


Note, however, that it isn't really appropriate to use a form here. Your form buttons are not submitting any data the user has entered, nor performing any kind of action. The affordances offered by buttons are misleading here.

You can, and should, use regular links instead.

  • Related