Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 2 down vote favorite

Input form like

<form action="<?php echo (htmlspecialchars($_SERVER["PHP_SELF"] .'?page=1')) ?>" method="post">

<input type='text' name='date_month' value='<?php echo $_POST['date_month'].$_GET['date_month']?>'>

</form>

Then receive the input

$post_date_month = $_POST['date_month'].$_GET['date_month'];

Based on the input select/get filtered data from mysql

As there may be many rows of data, created pagination. Like this

for ($page_i = 1; $page_i <= $total_pages; $page_i++) {
echo "<a href='__filter_mysql_data.php?page=$page_i&date_month=$post_date_month&date_year=$post_date_year'>| $page_i |</a> ";
}

Note! If in url I do not use &date_month=$post_date_month then when user clicks on page number $page_i, script will display all data from mysql (not based on $post_date_month; not only month selected by user, but all months because after page reload $_POST['date_month'] "disappears").

Now this is the only working solution for me (have found several examples with pagination class, but these examples are very complicated for me so can not in reasonable time ammend for my needs). So decided to create something simple.

The script works as necessary, only this $post_date_month = $_POST['date_month'].$_GET['date_month']; looks a bit 'crazy'. So the question: is the code acceptable (can be used in scripts)? With the same query (click) user can set/pass either $_POST or $_GET and never the both.

Update

Based on Ø Hanky Panky Ø advice (that unfortunatelly is deleted) changed

$post_date_month = $_POST['date_month'].$_GET['date_month'];

to

$post_date_month = $_REQUEST['date_month'];

share|improve this question
1  
Please use htmlspecialchars to prevent XSS when outputting user data. – Marcel Korpel Jun 17 at 16:57
1  
Read the docs for $_REQUEST. php.net/manual/en/reserved.variables.request.php – Crontab Jun 17 at 16:57
@ Marcel Korpel htmlspecialchars is used in '<?php echo (htmlspecialchars'. I will check other places.... – user2466952 Jun 17 at 17:02
1  
Not in value='<?php echo $_POST['date_month'].$_GET['date_month']?>', not in date_month=$post_date_month (where you should urlencode the parameter) and don't put a space between the @ and my name to call me properly. – Marcel Korpel Jun 17 at 17:04
@Crontab But when $_GET['blah'] contains foo, $_POST['blah'] contains bar, what will $_REQUEST['blah'] contain? Is it foo, bar, foobar or barfoo? – Marcel Korpel Jun 17 at 17:07
show 3 more comments

2 Answers

up vote 1 down vote accepted

You can build the form like that, but when you submit it using POST, that specific variable will be stored completely in $_POST['date_month'].

In your case, when you submit the form, you will find only the page variable in GET (assuming there is no query string in $_SERVER["PHP_SELF"]).

So you just have to use:

$post_date_month = $_POST['date_month'];

However, if you want the user to only provide the month in one way (post or get), you'd better use something like (written out for clarity):

if (isset($_POST['date_month']))
{
  $post_date_month = $_POST['date_month'];
}
elseif (isset($_GET['date_month']))
{
  $post_date_month = $_GET['date_month'];
}
else
{
  // no month given, so for example:
  $post_date_month = '';
}
share|improve this answer
look at the for loop code – amigura Jun 17 at 17:09
In the unlikely event of <form method="POST" action="somepage.php?date_month=foo">, both $_POST['date_month'] and $_GET['date_month'] will contain (different?) values. – Marcel Korpel Jun 17 at 17:09
@MarcelKorpel Was just editing... – jeroen Jun 17 at 17:12
up vote 1 down vote

The code is a bit strange, but I think it's acceptable. Only be careful not to pass $_POST ang $_GET variables unescaped to the query, since it can be a vector for a Sql injection.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.