'passing' variables to the same page 2

[svar]

A web page has a list of choices, e.g.
....

<input type="text" name="mychoice" value="" />
....

At the end of the page there is a buton to run an sql query and return the results ON THE SAME PAGE:

...
<th>
<FORM method="post">
<input type="submit" name="runquery" value="Run Query"> 
</FORM></th>    


<?php if (  isset($_POST['runquery'])){
 $mychoice=htmlspecialchars($_POST["mychoice"]); [b]//!!!! undefined [/b]
 

if($mychoice ){$sqlw .=" AND CHOICE_1 LIKE '".$mychoice ."%' ";}

....
?>

The problem is that php warns that mychoice is undefined.
Am I missing something here?

 

[svar]

In addition, for modularity, it would be better if the response to run query would appear on the same page, as required, but its code would be a different php file. Essentially I would like the run query to have an action "page2.php", but that output from page2.php should be on the same page as the original code.

 

[jpadie]

Only inputs (etc) within the form tags are submitted. So you either need to put them all there, and on a multi page form hide all the previous page results in hidden text inputs, or store each page in session variables. Accessing the session store when runquery is finally submitted.


How you render results is up to you. Same page or sifferent page or whatever is largely irrelevant. It is all done the same way and you choose what to output and when.

 

[vacunita]

In your code your form does not seem to contain your mychoice textbox, so when the form is submitted your textbox is not.

As jpadie points out, if you want to send a value from a form control like a textbox it must be inside the form element.

ie.

<FORM method="post">
[b][COLOR=#A40000]<input type="text" name="mychoice" value="" />[/color][/b]
<input type="submit" name="runquery" value="Run Query"> 
</FORM></th>

Displaying is really up to you. You could include your secondary script and have it run on the spot.


ie.

<?php if (  isset($_POST['runquery'])){
 $mychoice=htmlspecialchars($_POST["mychoice"]); //!!!! undefined 
 

if($mychoice ){
include("page2.php");
....
?>

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[svar]

Thanks to both. And can I also do it with an href?, i.e. click on a link and add the result to the same instead of a different page, e.g:

...
$linked='newpage.php?myvar='.$row['myvar'] .'>'.$row['myvar'];
 $fullentry='<A class=lightblue HREF='. $linked .'</A>';
....

$toprint='<tr>   <td> '.$fullentry .'</td></tr>';
....
echo $toprint;

This is the normal way of clicking and getting a new page. I'm liiking for a way to make that new page appear on the current page as in the include above.

 

[jpadie]

yes.

but why would you? the normal way would be to store server side so that there is integrity at each stage. if you store in the url you risk things being changed directly in the url, the url being refreshed or deep linked (so you would need to build captures for these, partly you need to do this anyway, of course) and not to mention that you'd have ugly urls.

as has been said, what you display on each page refresh is entirely up to you. if you want 'new' pages to mimic previous pages then that's up to you. just output them as you would normally.

FWIW - the more you limit the entry points to your code, the easier is to secure. That's why I prefer using a single entry point and a despatch method. the php security guide discusses this as a recommendation.

 

[svar]

So, if I read you right, passing with ..?myvar=... is frowned upon for security, tidyness and other reasons
Instead I could store these in $_SESSION variable, which is a sort of global/common memory. If I understand correctly, you would recommend use of $_SESSION variables over ugly urls. Not sure if there is a third solution.

I assume you do not recommend having a link that basically repeats the (dynamically generated) page.
So I'm still not sure how you would do this:

The original dynamically generated page shows a table and one wants to click on an entry and get some entry-related information ON THE SAME page. How would you do that?

 

[vacunita]

The original dynamically generated page shows a table and one wants to click on an entry and get some entry-related information ON THE SAME page. How would you do that?

I'd probably implement a ajax call to a server side script to deliver the requested content in the same page. No submissions, and no page changes.

That or pre-load all the info for each entry on the page into a JSON array and then use Javascript to show and hide the relevant content. But depending on how many entries you have and how much info each entry holds, however it may slow down the page at the moment of loading, and in the end you would be delivering lots of data that may not get used.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[svar]

Point taken on not passing variables with ? in actions, but what about storing relevant info in $_SESSION variables?
These are not passed, so security and ugliness are non-issues. If anything, it might be an issue of memory(if one needs to pass a huge number of variables), but I would guess this would normally be 'lighter' performancewise than using Ajax or Javascript, which also hmay have its own security issues. So I'm trying to understand what's wrong with using $_SESSION variables i.e. a 'global' instead of passing variables with ?

 

[jpadie]

we're asking and answering two different questions.

1. multi-page forms.
EITHER: have everything as one page and one form and make it appear to the user as if it is multipage (lots of javascript classes can do this)
OR store each page in a session variable and assemble at the end. you might want to add security to this by uniquely identifying a submission etc.

2. results on the same page as the form
EITHER do this server side - so that there is a page refresh but the re-served page looks like the one that the user was on PLUS the results
OR as vacunita says, send the form data by ajax, handle the request at the server and return the results in json to the client script. parse the json and display the results however you like. I recommend jQuery or some other framework to intermediate this for you.