0

I have a Wordpress website that needs to display a 3rd party newsletter signup form. This sign-up form has lots of fields and takes up its own full page.

I want to display a simple "enter email address, hit submit" form at the top of every page. When the user hits submit, it should take them to the full form, where their email address is already pre-populated in the appropriate field.

What's a good way to pass the input value from the short form to the long form? I'm inclined to use the URL somehow, but I've never approached it before.

(My skills: expert XHTML/CSS. competent with WP theme hacking. comfortable enough with PHP and Javascript to move things around, but not enough to write them from scratch.)

Thanks!

ETA: Here's the shell of what worked (thanks for the solutions!):

Form One

<form method="get" action="form2.php">

email:
<input type="text" name="email" value="" />

<input type="submit" />

</form>

Form One (form2.php)

<form>

Email field:
<input type="text" value="<?php echo $_GET["email"]; ?>" />

</form>
Improve this question
2
  • You can use URL (GET METHOD) or POST METHOD. It does not sound like a question which can be reasonable answered. Go ahead and hack! Commented Apr 26, 2010 at 0:32
  • I think you just answered my question!! Hacking now.. Commented Apr 26, 2010 at 0:57

1 Answer 1

Reset to default
2

you just send the value of the first email form via the get or post method and in the php/html for the second form use <input type="text" name="email" value"$_POST['firstFormsName']" />

of course this example assumes you're using the post method in your form on the first page.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

@BalusC That script would only be vulnerable to XSS if it used $_GET or $_REQUEST. In this case $_POST is fine.
@Adrian: that's absolutely false. POST variables are just as vulnerable to being injected by a third party as GET variables (eg. imagine evildomain.com hosting a <form method="POST" action="http://www.mydomain.com/form.php"> and automatically posting it via JS. In any case, htmlspecialchars() must be used to insert any text content into HTML regardless of where it came from: this is a simple matter of correctness, regardless of whether the bug is exploitable or not. value="<?php echo htmlspecialchars($_POST['email']); ?>"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.