Passing a value to a form

I have a ‘Send Enquiry’ button for each product on my website. When the user clicks this button a form appears and I want the product name (from which it was clicked) on the product field to be filled automatically.
Kindly help.
Thanks a lot in advance.

Thanks a lot eruna…
So in the php file (from where I call the form), I specify $product=“productname”;

You can do this by stripping out dangerous characters.

Can you please tell me how to do this or point me to some resources which will help me…
Thank you again.

In the HTML:
<form action=‘[address of mail script]’ method=‘post’>
The input will need a name. ie name=‘product’

Then on the mail script the data will be available in the $_POST array.

ie:
$product= $_POST[‘product’];

On a mail form make sure you protect variables that go into the header like the from name and reply email. You can do this by stripping out dangerous characters.
Its pretty easy for spammers to hack an unprotected email form.

Just one more thing,
The form is a separate php file… how do I pass this value along with the form call. (Sorry, I’m a PHP beginner…)
Thank you again for your great help.

for these kind of methods, it is best to use htmlentities() or htmlspecialchars() as it is not intended for database usage at the moment, the information is only being used for “public viewing” and therefore mysql_real_escape_string() is not yet necessary

but that of course is a great thinking as well

If its going into a database, you should also clean it up a little first to protect your database from an injection attack.

<?= $product=mysql_escape_string($_GET[‘name_of_the_product’]:wink: ?>
<input type=“text” value="<?=$product ?> " />

if your product field is on a text field, do something like this

<input type=“text” value="<?php echo $_GET[‘name_of_the_product’]; ?> " />

just modify it according to your requirements

always filter user inputs before processing them

Thanks a lot for your help, Paul.

One way is to filter them with a sanitization filter using [url=“http://php.net/manual/en/function.filter-input.php”]filter_input.

Here’s how you might use it for a name and email that have been posted from a form:


$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRIPPED);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);

Thanks guys for your replies. But a database is not involved. Its a simple mailer form, sending the name, email and product name.