Simultaneous transfer of variables and form values

Question

Hello! Faced the problem of passing variables and form values, all at the same time Here is the script:

<form method="post" action="InsDateTB.php"> <?php $Table=strip_tags($_GET["table"]); $selDB=strip_tags($_GET["selDB"]); $connect = mysql_connect('localhost','root','12345'); mysql_select_db($selDB); $sql="SELECT * FROM $Table"; $result=mysql_query($sql,$connect) or die("Query failed: " . mysql_error()); $i=1; print "<table>"; print "<tr>"; while ($i < mysql_num_fields($result)) { $field = mysql_fetch_field($result,$i); print "<td>"; print "Поле: $field->name<br>Тип: $field->type<br><input name='$field->name' type='text'>"; print "</td>"; $i++; } print "</tr>"; print "</table>"; ?> <input type="submit" value="Добавить"> </form> </body> </html>

On the page specified in action - InsDateTB.php - you need to transfer not only the values entered in the input fields, but also the values of the variables $ Table and $ selDB ... I know that variables can be transferred in this way:

 print "<a href='InsTB.php?table=$Table&selDB=$selDB'>Добавить данные</a>";

but how to combine it with pressing a single button? ...

Accepted Answer · 2011-04-14T13:38:00

Use hidden fields

 <input type="hidden" name="myHiddenField" value="la-la" />

UPD

In general, your code is a complete horror. There is not only porridge, but also very dangerous manipulations with the data from the parameters. Anyone can destroy the entire database as they wish;)

cy6erGn0m

18.8k 24 33

Oh, well ... for example, it would be print "<input type = 'hidden' name = 'table' value = '$ Table' />"; ? .. - Leshij_2005
You are a great critic cy6erGn0m;) ..)) Where exactly is porridge? And what is the danger?) I will be very grateful if you tell me ) - Leshij_2005
Kasha is because this code :) You read from the database, iteration, etc. mixed with the output of the document .. it looks monstrous .. here fetch, then print with HTML-it .. right there some i ++ .. vdurg single bracket .. not readable at all. <br/> The danger is that a user can substitute an entire line as a parameter for table ... for example, I would substitute something like table = myTable% 20UNION% 20TRUNCATE% 20% TABLE% 20users and then the whole table with users (for example) will be destroyed. This is called SQL Injection. - cy6erGn0m
object mysql_fetch_field (resource result [, int field_offset]) - Returns an object containing information about a column. $ i = 1; .. while ($ i <mysql_num_fields ($ result)) {$ field = mysql_fetch_field ($ result, $ i); ... we process information about a column by number i echo "$ field-> name"; $ i ++; } brackets are not lonely here - Leshij_2005
But it looks like this .. it is inconvenient to track these brackets when this is happening. Yes, and reading / modifying the HTML code inside the parentheses is inconvenient. In general, "sadness and grief in Russian settlements .." - cy6erGn0m

|

Sergey Sergey 2,771 3 22 56 · Answer 2 · 2011-04-14T19:21:36

If you are about combining the transfer via POST and GET at the same time, you can use action = smth.php? .... in the form tag, naturally you will have to parse the POST and GET arrays in the smth.php file. You can also use input type = hidden. in both cases, the values of variables the user can easily get

Simultaneous transfer of variables and form values

2 answers 2

More articles: