get parameter value from form select instead of qu

2019-09-18 00:08发布

I have a URL structure with query string and parameter called position.

example:

http://computerhelpwanted.com/jobs/?occupation=administrator&position=network+administrator

I also have a form select option drop down list with the form select name of position.

example:

<form action="/jobs/" method="GET" id="menuform">

<select name="occupation" onChange="populate(this.id,\'position\')">
<option selected="" disabled="">Select Occupation</option>
<option value="administrator">Administrator</option>
</select>

<select name="position" onChange="this.form.submit()">
<option selected="" disabled="">Select Position</option>
<option value="network administrator">Network Administrator</option>
</select>

</form>

When the user makes a selection, it sends the option values to the action attribute with the select name="position" as the parameter to use in the query string.

My question is, how do I access the form select values separately from the query string values?

I use the _GET method to call the value from the query string parameter.

example:

$position = isset($_GET['position']) ? ($_GET['position']) : '';

Apparently that gets the value from the URL structure, not the form element. Or maybe it does both, not sure. But testing it, I seem to draw conclusion that it is getting it from URL, not form.

How can I make sure to access the form select value when making my comparisons in my PHP?

Update

The issue I'm having is with my canonical URL set in the header.

<link rel="canonical" href="http://computerhelpwanted.com/jobs/?occupation=administrator&position=network-administrator" />

that link is a indexed link on Google. I know I can just do an htaccess redirect to new link, but I'm just trying to figure out how to display the canonical url for this page.

it should be

<link rel="canonical" href="http://computerhelpwanted.com/jobs/?occupation=administrator&position=network+administrator" />

the only difference is the - and the + in the query string.

Not all of my query strings have the +. Some have the -. But I display the content on both urls whether it has - or +. Either way, both urls get same page content.

But since the canonical is being created dynamically from the URI instead of what the value is from the form element, both content pages have 2 different canonicals.

Using _Get('value') is pulling the value from query string instead of form element. I know this because the form element value has a space between network administrator which gets urlencoded when form submits as network+administrator. So if I can compare to the form element value, I can set the proper canonical.

2条回答
The star\"
2楼-- · 2019-09-18 00:41

HTTP is a stateless protocol, you generate the HTML stuff upon invoking the required page, and then it's there. When interacting with a form element, you can put select values from the predefined (built with DOM) options, and you can pass that on to another file for processing. When you pass the values to that processor file, you can do so through various methodologies (for simplicity lets just take a look at the GET and the POST ones).

GET: will convert your form parameters to a url query which you have also posted in your question. When your data arrives in the form of the GET array to your processor file, the file itself has no idea what kind of form it got it from, it only sees the query.

POST: will encode your parameters into the transport layer, having it not apparently visible, however it is still there.

Using GET, you could manually form a query with intendedly invalid or malicious parameters and invoke your processor file with them. POST can also be programatically set to be malicious, but provides a convenient level of obscuration as such, and considering your question, might provide the effect you were looking for ("not directly taking it from the url").

Edit:

Code for simplifying form parameter handling according to visible pattern seen in OP question and comment:

$validKeys = array(
    'position',
    'occupation'
);

foreach ($validKeys AS $key){
    ${$key} = isset($_GET[$key]) ? $_GET[$key] : '';
}

/* other processing code */

With the above, if you had lets say 15 input parameters, you wouldn't have to go through all of them one-by-one, as ${$key} allows you to create dynamically named variables, and you just update your $validKeys container (which could also be filled with values held in the database, and not manually controlled). From your updated comment I devised that you might be looking for something like this.

查看更多
劳资没心,怎么记你
3楼-- · 2019-09-18 00:46

That is because you are are you using GET which can be easily manipulated through URL.

I suggest changing the method to POST. It can be edited though using debuggers.

查看更多
登录 后发表回答