How to pass variables to another page - easy question for PHP experts

Hi everyone,

I’m a complete beginner with regards to PHP, so please bear with me. Thanks.

At the moment I’m using a query string to pass 2 variables to another page.


<a href=“page2.php?variable1&variable2”>Buy now</a>


<body onload=“document.getElementById(‘product’).src=‘…/…/…/category/index.php?id_item=’‘&’)[0].substr(1); document.getElementById(‘name’)‘&’)[1];” >

The second variable is passed to a form input, so that the name is already on the form when page2 loads.

<p><label for=“name”>Name</label></p>
<input type=“text” id=“name” name=“name” size=“35” maxlength=“60” value=“”>

The question I have is how would I replace the JavaScript code with PHP code?
I believe that I can use the following code on page1:

<a href=“page2.php?name=foo&product=bar”>Buy now</a>

And the following code on page2, which is clearly incomplete:

$name = $_GET[‘name’];

$product = $_GET[‘product’];


A stupid question, but what else must I add to the PHP code? When I click the link, nothing happens. “foo” does not get added to the “name” input. When I use my original JavaScript code I’m referencing both an Id and a value:

Could someone please help?

Thank you

Dazed and :confused:.

PS: I could stick with my JavaScript code but I’m not sure if this method is secure or not?

Hi RedBishop,

What you need to do is output the variables from PHP into your JS in the relevant places, something like this:

<body onload="document.getElementById('product').src='../../../category/index.php?id_item=<?php echo $_GET['product'] ?>; document.getElementById('name').value=<?php echo $_GET['name'] ?>;" >

I wouldn’t say that doing it this way is necessarily any more secure than with JS, as I could still change the value your JS receives by altering the query string.

Hi fretburner,

thanks for your help - excuse the late reply. I’ve been trying out the code you provided but it isn’t passing any of the variables :frowning:
What if I leave out the document.getElement stuff and attach the <?php $_GET [‘$name’] ?> directly to the form input? For example, name=“<?php $_GET [‘$name’] ?>”?

I’ve tried it but something is still not working…

Sure, it makes sense to avoid passing the variables around in JS if you can just output them directly where they’re needed with PHP.

If it still doesn’t work, could you post the code for the page and I’ll take a look.

Hi fretburner,

thank you for getting back to me.


<a href=“page2.php?name=foo&ampid_item=4”>Buy now</a>


I need to add a name to a form input field field:

<input type=“text” id=“name” name=“<?php $name = $_GET[‘name’];?>” value=“” >

I’m not sure if I should append the the php code to name or value. I also don’t know if I should do $name = $_GET[‘name’] or just $_GET[‘name’]. Either way, nothing has worked so far. As I said, I’m just starting to learn php!

I also need to load a specific item on page2, replacing id_item=6 in the following code, with id_item=4 in the query string. I haven’t added the php code to the iframe code because I wouldn’t know where to begin. :rolleyes:

<iframe id=“ifrm_1” style=“border:none” scrolling=“no” src =“…/…/category/index.php?id_item=6” ></iframe>

If you have a moment to look at the code. Thank you so much!

Probably you want to set the value, as the name is the key you use to retrieve the submitted values on the server. So if you have an input like this:

<input type="text" name="email" value="">

you could retrieve the submitted value like this (in PHP):

$email = $_POST['email'];

To output a value from PHP, you need to use echo, like this:

<input type="text" id="name" name="name" value="<?php echo $_GET['name']; ?>">

To set the id_item in the iframe url is basically the same as we’ve done above for the form value. It would be something like this:

<iframe id="ifrm_1" style="border:none" scrolling="no" src ="../../category/index.php?id_item=<?php echo $_GET['product'] ?>" ></iframe>

Hi fretburner,

it’s working perfectly now! :tup: Thank you. You’ve been a big help.

One last question, though… Where would I put the htmlspecialchars code in order to “sanitize” the php. That was one of the main reasons why I wanted to use php instead of JavaScript.

Thanks again

I’d be tempted to do something along these lines:

<?php echo filter_input(INPUT_GET, 'product', FILTER_SANITIZE_NUMBER_INT); ?>
<?php echo filter_input(INPUT_GET, 'name', FILTER_SANITIZE_STRING); ?>

I like using the [fphp]filter_input[/fphp] function as it saves you an extra step of checking if the variables are set. If they’re not, it’ll just return null rather than throwing an error.

You can read more about the different filters available and what they do here:

I will check out the links.

Thank you for your time.