manalnor Posted September 20, 2010 Share Posted September 20, 2010 Hello friends i need to make the following idea <form method="post"> Enter ID : <input type="text" name="id" /> <input type="submit" value="Submit" /> </form> and the input id should goes to php code on same page as $id $ORGtext= file_get_contents('NewsID=$id'); how to write it correct thanks Quote Link to comment Share on other sites More sharing options...
vungee Posted September 20, 2010 Share Posted September 20, 2010 What about? $id = isset($_POST['id']) ? $_POST['id'] : 0; $ORGtext= file_get_contents('NewsID=$id'); Quote Link to comment Share on other sites More sharing options...
rwwd Posted September 20, 2010 Share Posted September 20, 2010 Not very secure? What about? //at least type cast it! $id = (isset($_POST['id']) ? (int)$_POST['id'] : 0); $ORGtext= file_get_contents('NewsID=$id'); Well when you submit a form there is a $_POST array generated, and if there is a value in the text box, that will be transmitted into the receiver script, so from there you can grab the ID number and use that to make the file_get_contents("path/to/file".$_POST['ID']."); dynamic from that sort of arrangement. BUT if you are going to do that, be aware that WHATEVER is sent through the $_POST array, php will interpret as a string, you would need to use either a preg_ function or ctype_digit() or even typecast the incoming var so that you can be certain that it is ONLY a numerical value that is being sent, personally though I would use a preg_ function as ctype_digit is a but lax IMO and your 'safer' using preg because you can be a lot more stricter with the conditional patterns. Hope your not too confused now! I can't write it for you as it would take too much time up, and I couldn't guarantee it being functional as it would be typed OTF, so I would rather advise, not create! Rw Quote Link to comment Share on other sites More sharing options...
manalnor Posted September 20, 2010 Author Share Posted September 20, 2010 thank you Rwwd i've tried '.$_POST['id'].' and it works perfect also i did understand what you've said. no need for example thanks alot for informations. Also thank you vungee for your trying Quote Link to comment Share on other sites More sharing options...
vungee Posted September 20, 2010 Share Posted September 20, 2010 BUT if you are going to do that, be aware that WHATEVER is sent through the $_POST array, php will interpret as a string, you would need to use either a preg_ function or ctype_digit() or even typecast the incoming var so that you can be certain that it is ONLY a numerical value that is being sent, personally though I would use a preg_ function as ctype_digit is a but lax IMO and your 'safer' using preg because you can be a lot more stricter with the conditional patterns. Thank you rwwd for the additional explanation. My example shows the need for using $_POST['id'] to set the $id variable (without the php error). To me it is unclear as to the value type of $id as manalnor didn't specify. There are cases were the post value should be a string so no type cast is needed since it will be a string. In either case, it is important to know what type of value you are expecting and validate all *used* $_POST values. Thanks again Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.