Hi,
I want to use a date-picker and submit button to be used as the parameter that is passed to my SQL server stored procedure, I have the stored procedure working on today’s date currently.
Previously I used the $_GET ‘id’ in a link to pass the date from a href link.
How do I pass it with the submit button?
I’m using the bootstrap date-picker from here:
https://formden.com/form-builder/
Hey,
so i’ve only had a quick look but as far as i can see the date field just sets a variable called ‘date’
name="date"
So when you submit the form if you have set your form method to GET you will see the date in the url as a variable.
if you want to then use that variable in php you just assign it to something
`<?php $newdate = $_GET['date']; //do something with the date like print it on the screen echo $newdate; ?>
Hope that’s answered what you are asking.
Yep, that worked, thanks.
If anyone searches and needs to see some code for this here it is:
My HTML page with a form in:
form target=“_blank” action=" class.php " method=“get”
My PHP class which uses the HTML page form:
if ( isset ( $_GET [ ‘submit’ ] ) )
{
$newDate = $_GET [ ‘date’ ];
}
echo $newDate;
Thanks, Noppy.
Just to add you shouldn’t really just output variables that are entered without sanitising the variable. If you do not do this you are vulnerable to XSS (cross site scripting) and sql injection attacks (if you insert into a database).
Basically a user can come along and instead a date or name add some javascript or link code whcih would then be output onto your page and show a link to somewhere dodgy or get information out of cookies. A malicious user could send that to people how might then assume the link is ok as it is on your site and open it.
Also from my recent learning on here (you never stop learning) you shouldn’t check if the form is submit by checking the ‘submit’ variable. instead you should use
<?php if($_SERVER['REQUEST_METHOD'] == 'GET'){ ....?>
As apparently the other way is not always reliable.
I am no expert in XSS so i won’t go into how to sanitise inputs and outputs but something that is always useful doing if a variable is a certain type you can check for that
e.g. if you have a number field that should only ever contain a number only allow that
<?php if(is_numeric('$_GET['age'])){ echo 'Age is ok';}?>
etc, although you still need to sanitise any echo’d output to the page.
hope that makes sense.
Great point, thanks, Noppy!
I have integrated those ideas.
An example is:
if($_SERVER[ ’ REQUEST_METHOD ’ ] == ‘GET’)
{
if ( is_numeric)
{
$newDate = $_GET [ ‘date’ ];
}
}
All pages tested and working.
Thank you.
You need to specify a variable to check. And also what it is checking is actually meant to be numeric e.g date. Although you may find Date is not numeric depending on the format that is passed to the page as it may contain hyphens etc 23-03-2018 . That was more of an example in general than specifically for your date perameter. Should work though if your date is in the format like 20180320 or 23032018 etc as that obv is a number.
`
`
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.