Max Bogatec Max Bogatec - 1 year ago 98
PHP Question

PHP Post in URL without using GET

I'm currently working on an Code.
Where you should be able to upload a file and select witch type of file it is.
I'm using urls to make an database entry on the upload page , so my link should look like


But php only gets the id because it uses get from the previous page.

So it looks like this


So my question is how can i get the selection in the url?
I tried it with jquerry but i suck at it ;D.

My form code:

$datetype = $_POST['dateiart'];
echo $datetype;
$ek = $_GET['id'];

<form action="upload.php?id=<?php echo $ek; ?>&type=<?php echo $datetype;?>" target="_blank" method="post" enctype="multipart/form-data" id="dateiauswahl">
Datei zum hochladen auswählen
<input type="file" name="fileToUpload" id="fileToUpload"> <br>
<input onclick="myFunction()" type="submit" value="Datei hochladen" name="submit"><br><br>

<input type="hidden" value="<?php echo $ek?>" id="id" name="submit"><br><br>

<select name="dateiart" form="dateiauswahl" size="5">
<option value="EK-Rechnung">EK-Rechnung</option>
<option value="Kaufvertrag">Kaufvertrag</option>
<option value="VK-Rechnung">VK-Rechnung</option>
<option value="Datenblatt">Datenblatt</option>
<option value="Sonstige">Sonstige</option>



$pdo = new PDO('mysql:host=localhost;dbname=', '', '');
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
$ek = $_GET['id'];
$dateiart = $_GET['type'];
echo $dateiart;
// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
// Check file size
if ($_FILES["fileToUpload"]["size"] > 50000000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "pdf"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";

$statement = $pdo->prepare("INSERT INTO Dateien (Link, EKNR, Datei_Bezeichnung) VALUES (:Link, :EKNR, :Datei_Bezeichnung)");
$result = $statement->execute(array('Link' => $target_file, 'EKNR' => $ek, 'Datei_Bezeichnung' => $dateiart));


Answer Source

Pass parameters as hidden inputs instead of printing them in the query string of action URL of the form. Use htmlspecialchars function to prevent security issues.

 if (!isset($_GET['id']) || !isset($_GET['type'])){
     die('Missing parameters');

<form action="upload.php"  target="_blank" method="post" enctype="multipart/form-data" id="dateiauswahl">
    Datei zum hochladen auswählen

    <input type="hidden" name="id" value="<?php echo htmlspecialchars($_GET['id']) ?>">
    <input type="hidden" name="type" value="<?php echo htmlspecialchars($_GET['type']) ?>">

    ....... other inputs


The in the upload.php script get them from $_POST superglobal.

$ek = $_POST['id'];
$dateiart = $_POST['type'];
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download