Menu
Community /Pin to ProfileBookmark
@NogDogOct 31.2020 — #Put them into hidden form fields instead of the form tag's action, and then you don't have to worry about what does or does not need to be url-encoded. However, since the form method is "get", _everything_ is going to end up in the target page's URL, because that's what GET does. If there's a reason you do not want them in the displayed URL, then use the POST method, instead.
Generally you want to use GET for read-only requests (which makes the link something that can be saved or bookmarked), while you should use POST for form submissions that will have a side effect (update/insert/delete in the DB, for instance).@NogDogNov 02.2020 — #As far as URL-encoding, it's not that it's post or get, but simply that it's a form field, and the browser software handles all of it for you. The difference between post/get is that get will transmit the form fields as part of the URL, while a post request puts all of them into a separate part of the HTTP request data that is not displayed in the URL.
How To Fix So Chars “on” And “search=+” Not Appear On Url ?
Why Chars “On” And “search=+” Appears On My Url After Submitting GET Method Form ?
This my form:
<html>
<head>
<meta name=”viewport” content=”width=device-width, initial-scale=1.0″>
</head>
<body>
<div align=’center’>
<form method=”GET” action=”<?php echo $_SERVER[‘PHP_SELF’];?>?col=<?php echo “$col&search=$search&limit=$limit&page=1″;?>”>
<label for=”search”>Search</label>
<input type=”text” name=”search” id=”search” required>
<br>
<label for=”col”>Search Type</label>
<input type=”radio” name=”col” id=”keywords” required>Keywords
<input type=”radio” name=”col” id=”keyphrase” required>Keyphrase
<br>
<label for=”limit”>Limit</label>
<select name=”limit” id=”limit”>
<option value=””></option>
<option value=”1″>1</option>
<option value=”10″>10</option>
<option value=”50″>50</option>
<option value=”100″>100</option>
<option value=”500″>500</option>
<option value=”1000″>1000</option>
</select>
<br>
<button type=”submit” name=”search_links” id=”search_links” value=” “>Search Links</button>
<br>
<button type=”reset”>Reset</button><br>
<br>
<br>
</form>
After submission I need form to send user to:
eg:
search= keywords go here
col= the mysql tbl column to query
limit= search result per page
Problem is, I get sent to:
Note the “col=on”. There is no mysql tbl column called “on”, hence getting error:
>
Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘on = ?’ at line 1 in C:xampphtdocstestpagination_2.php:90 Stack trace: #0 C:xampphtdocstestpagination_2.php(90): mysqli_stmt_prepare(Object(mysqli_stmt), ‘SELECT COUNT(su…’) #1 {main} thrown in C:xampphtdocstestpagination_2.php on line 90
Q1. Why browser shows “col=on” and not “col=$col” (in this case “col=keywords”) ?
Q2. Also, why in url gets added: “search=+” ? How to rid it ?
My code:
““
<?php
if(ISSET($_SESSION[‘user_id’]))
{
$user_id = $_SESSION[‘user_id’];
$user_type = ‘member’;
}
elseif(ISSET($_COOKIE[‘guest’]))
{
$user_id = $_COOKIE[‘guest’];
$user_type = ‘guest’;
}
else
{
die(“Error 1: Invalid User!”);
}
if(ISSET($_GET[‘search’]) && is_string($_GET[‘search’]))
{
$search = $_GET[‘search’];
}
else
{
die(“Type your single Keyword or single Keyphrase!”);
}
if(ISSET($_GET[‘col’]) && is_string($_GET[‘col’]))//’col=search_type’. ‘search_type’ options: 1). Mysql Column:keywords; 2. Mysql Column:keyphrase.
{
$col = $_GET[‘col’];
}
else
{
echo “Select Checkbox!”;
die(“Select your search type to indicate whether you are searching for a single Keyword or a single Keyphrase!”);
}
On the form, I selected “keywords” as the “col” to be queried:
<input type=”radio” name=”col” id=”keywords” required>Keywords
<input type=”radio” name=”col” id=”keyphrase” required>Keyphrase
Q3. How to fix this following line to solve the issue ?
<form method=”GET” action=”<?php echo $_SERVER[‘PHP_SELF’];?>?col=<?php echo “$col&search=$search&limit=$limit&page=1″;?>”>
Q4. Need to add security in the url so no hacker can injection in url. Do I need to add urlencode in the above-mentioned code ?
NOTE:
This is part of pagination code where you keyword search in the database. Hence, need to use $_GET method to have params in the url.
Sign in
to post a comment17 Comments(s) ↴
0
@NogDogOct 31.2020 — #Put them into hidden form fields instead of the form tag's action, and then you don't have to worry about what does or does not need to be url-encoded. However, since the form method is "get", _everything_ is going to end up in the target page's URL, because that's what GET does. If there's a reason you do not want them in the displayed URL, then use the POST method, instead.Generally you want to use GET for read-only requests (which makes the link something that can be saved or bookmarked), while you should use POST for form submissions that will have a side effect (update/insert/delete in the DB, for instance).
0
@NogDogNov 02.2020 — #