1
<form action="process.php" method="post">
    <input type="submit" name="p" value="<?php echo $row['tID'];?>"/>
</form>

I have the above button to send it's value to another page to renew the query results on it's own page with it's own value.

the query looks like this:

    $p = $_POST['p'];
    $safe_p =  mysqli_real_escape_string($dcon, $p);
    $sql1 = 'SELECT * FROM bla bla... WHERE tID = '.$safe_p.' ';

I was using $_GET and a href link before and it was working; but everybody says I should use more secure ways. So now I want to switch to POST.

Button shows it's value alright and all I did on the query page was changing the GET to POST so What's wrong with this query?

edit: I worked it out. The problem was not the query or the button. I just needed to set form action to the correct page. So it was me. instead of the query itself, I directed the form to the result page and it's working now.

idexo
  • 73
  • 8
  • Have you tried to display mySQL errors? Have you tried to echo `$sql1`? To print `$_POST`? –  Aug 17 '15 at 15:25
  • 3
    Side note: POST provides exactly *zero* security benefits over GET. It does provide benefits, but security isn't one of them. – David Aug 17 '15 at 15:28
  • I forgot to mention that all I get is a blank page. so should I left it as it is? I use this query to show results of some other form posts. – idexo Aug 17 '15 at 15:28
  • 3
    Try to [display PHP errors](http://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) then. –  Aug 17 '15 at 15:29
  • 1
    so it says: `Notice: Undefined index: p in` should I use `isset` ? – idexo Aug 17 '15 at 15:33
  • `` – Shehary Aug 17 '15 at 15:35
  • I want button, not text box or text areas... so input type should be submit. but I may add hidden field if it helps. more importantly: @David should I left it as it is? because It works fine and I'm a beginner so I thought I could hide the values etc to be more secure.. – idexo Aug 17 '15 at 15:40
  • @idexo: POST values generally aren't displayed in the UI, but they are in no way hidden or protected. What *actual* security benefit are you trying to achieve? What information are you trying to protect? You can't just "be more secure", you have to have an actual goal of securing something specific. – David Aug 17 '15 at 15:42
  • @David I would say the "security" provided is that it avoid the page being referenced. I agree it's not giving security on its own anyway. – Tensibai Aug 17 '15 at 15:46

1 Answers1

0

I worked it out. The problem was not the query or the button. I set form action to the correct page.

idexo
  • 73
  • 8