How to access the form's 'name' variable from PHP-ThrowExceptions

Exception or error:

I’m trying to create a BMI calculator. This should allow people to use either metric or imperial measurements.

I realise that I could use hidden tags to solve my problem, but this has bugged me before so I thought I’d ask: I can use $_POST['variableName'] to find the submitted variableName field-value; but…I don’t know, or see, how to verify which form was used to submit the variables.

My code’s below (though I’m not sure it’s strictly relevant to the question):

<?php
    $bmiSubmitted     = $_POST['bmiSubmitted'];

    if (isset($bmiSubmitted)) {
        $height        = $_POST['height'];
        $weight        = $_POST['weight'];
        $bmi        = floor($weight/($height*$height));

        ?>
            <ul id="bmi">
            <li>Weight (in kilograms) is: <span><?php echo "$weight"; ?></span></li>

            <li>Height (in metres) is: <span><?php echo "$height"; ?></span></li>

            <li>Body mass index (BMI) is: <span><?php echo "$bmi"; ?></span></li>

            </ul>
        <?php
    }

    else {
    ?>

    <div id="formSelector">

    <ul>
        <li><a href="#metric">Metric</a></li>
        <li><a href="#imperial">Imperial</a></li>
    </ul>

        <form name="met" id="metric" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="form/multipart">

            <fieldset>
                <label for="weight">Weight (<abbr title="Kilograms">kg</abbr>):</label>
                    <input type="text" name="weight" id="weight" />

                <label for="height">Height (<abbr title="metres">m</abbr>):</label>
                    <input type="text" name="height" id="height" />

                <input type="hidden" name="bmiSubmitted" id="bmiSubmitted" value="1" />
            </fieldset>

            <fieldset>
                <input type="reset" id="reset" value="Clear" />

                <input type="submit" id="submit" value="Submit" />
            </fieldset>
        </form>

        <form name="imp" id="imperial" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="form/multipart">

            <fieldset>

            <label for="weight">Weight (<abbr title="Pounds">lbs</abbr>):</label>
                <input type="text" name="weight" id="weight" />

            <label for="height">Height (Inches):</label>
                <input type="text" name="height" id="height" /
            <input type="hidden" name="bmiSubmitted" id="bmiSubmitted" value="1" />
            </fieldset>

            <fieldset>
                <input type="reset" id="reset" value="Clear" />
                <input type="submit" id="submit" value="Submit" />
            </fieldset>
        </form>

    <?php
    }
?>

I verified that it worked (though without validation at the moment -I didn’t want to crowd my question too much) with metric; I’ve added the form but not the processing for the imperial yet.

How to solve:

To identify the submitted form, you can use:

  • A hidden input field.
  • The name or value of the submit button.

The name of the form is not sent to the server as part of the POST data.

You can use code as followed

<form name="myform" method="post" action="" enctype="multipart/form-data">
    <input type="hidden" name="frmname" value=""/>
</form>

Answer:

You can do it like this:

<input type="text" name="myform[login]">
<input type="password" name="myform[password]">

Check the posted values

if (isset($_POST['myform'])) {
    $values = $_POST['myform'];

    // $login = $values['login'];
    // ...
}

Answer:

The form name is not submitted. You should just add a hidden field to each form and call it a day.

Answer:

In the form submitting button (id method of form is post):

<input type="submit" value="save" name="commentData">

In the PHP file:

if (isset($_POST['commentData'])){
    // Code
}

Answer:

For some reason, the name of the submit button is not passed to the superglobal $_POST when submitted with Ajax/jQuery.

Just in case it helps someone…

Answer:

As petervandijck.com pointed out, this code may be susceptible to XSS attacks if you have it behind some kind of log-in system or have it embedded in other code.

To prevent an XSS attack, where you have written:

<?php echo "$weight"; ?>

You should write instead:

<?php echo htmlentities($weight); ?>

Which could even be better written as:

<?=htmlentities($weight); ?>

Answer:

You can use GET in the form’s action parameter, which I use whenever I make a login/register combined page.

For example: action="loginregister.php?whichform=loginform"

Hope this helps!

Answer:

Use a unique value on the submit button for each form like so

index.html

<form method="post" action="bat/email.php">
    <input type="text" name="firstName" placeholder="First name" required>
    <input type="text" name="lastName" placeholder="Last name" required>
    <button name="submit" type="submit" value="contact">Send Message</button>
</form>

<form method="post" action="bat/email.php">
    <input type="text" name="firstName" placeholder="First name" required>
    <input type="text" name="lastName" placeholder="Last name" required>
    <button name="submit" type="submit" value="support">Send Message</button>
</form>

email.php

<?php
    if (isset($_POST["submit"])) {
      switch ($_POST["submit"]) {
          case "contact":
              break;
          case "support":
              break;
          default:
              break;
      }
    }
?>

Answer:

I had a similar problem which brought me to this question. I reviewed all the preceding answers but ultimately I ending up figuring out my own solution. I hope it helps someone else with this same issue:

<form name="ctc_form" id="ctc_form" action='' method='get'>

<input type="hidden" name="form_nm" id="form_nm">

<button type="submit" name="submit" id="submit" onclick="document.getElementById('form_nm').value=this.closest('form').name;">Submit</button>

</form>

It seamlessly and efficiently accomplishes the following:

  • Passes the form name attribute via a hidden input field, without using the fallible value attribute of the submit button.
  • Works with both GET and POST methods.
  • Requires no additional, independent JavaScript.

Answer:

Only the names of the form fields are submitted, the name of the form itself is not. But you can set a hidden field with the name in it.

Answer:

You do realize that with echo $height; you are opening up a very, very serious security hole in your application, right?

Answer:

You could just give a name to the submit button and do what needs to be done based on that. I have several forms on a page and do just that. Pass the button name and then if button name = button name do something.

Leave a Reply

Your email address will not be published. Required fields are marked *