Best way to pass variables to a php page

Posted on 2009-04-09
Last Modified: 2013-12-13
what would be the best way to pass the values for strDesc and  fileUpload to a php page called grabfile.php

<input type="text" name="strDesc" size="20" maxlength="50">

<input type="file" name="fileUpload" size="20">



<title> Upload a File </title>


<body bgcolor="#FFFFFF">

<form enctype="multipart/form-data" name="frmUploadFile" action="grabfile.php?var1='strDesc'&var2='fileUpload'" method="post">

<a href="">

<img border="0" src="">


<table border="0" cellpadding="0" cellspacing="0" bordercolor="#111111" width="100%">


<td width="100%" bgcolor="#FF9900" height="22" colspan="2">

<p style="margin-left: 10"><b><font face="Verdana" size="2" color="#FFFFFF">

Upload a File</font></b></td>



<td width="100%" bgcolor="#FFE3BB" colspan="2">

<p style="margin-left: 10; margin-right: 10"><font face="Verdana" size="2">

<br>Please select a file from your local computer to upload to our web server

for saving in our database. This file can be of any type you like. Once you

have chosen a file, please click on the &quot;Upload this file&quot; button below.&nbsp;




<td width="15%" bgcolor="#FFE3BB">

<p style="margin-left: 10"><font face="Verdana" size="2">

File Description:</font></td>

<td width="85%" bgcolor="#FFE3BB">

<input type="text" name="strDesc" size="20" maxlength="50"></td>



<td width="15%" bgcolor="#FFE3BB">

<p style="margin-left: 10"><font face="Verdana" size="2">File Location:</font></td>

<td width="85%" bgcolor="#FFE3BB">

<font face="Verdana" size="2">

<input type="file" name="fileUpload" size="20"></font></td>



<td width="33%" bgcolor="#FFE3BB">

<p style="margin-left: 10"><font face="Verdana" size="2">




<td width="67%" bgcolor="#FFE3BB">

<font face="Verdana" size="2">

<input type="submit" value="Upload this file" name="cmdSubmit"></font></td>






Open in new window

Question by:gevensen
  • 4
  • 2
LVL 10

Expert Comment

ID: 24108650
Just use a hidden field for strDesc, except define the value:
<input type="hidden" name="var1" size="20" maxlength="50" value="strDesc">
In your post method file, you will catch the variables with $_POST array and $_FILES should contain your file in a temp directory.
Your syntax in the <FORM> tag mixes submit methods, you call for POST as method, but you are forcing a GET method in the action portion of the FORM.

For more info on uploading files, visit:

Expert Comment

ID: 24108726
I would say it depends on the data and how sensitive it is and where it is coming from.  You can pass the variables in a URL string e.g.

But another way is do this is to include the variables in a session $_SESSION['strDesc'] = xxx;

You can also pass them using cookies or forms.  I suggest looking at the following link as it explains it better than I would:

Author Comment

ID: 24108821
im passing file desc and filename for uploading blobs to a mysql database
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails


Author Comment

ID: 24109000
i passed it using session start but it doesnt pass the whole path of the image location

for example it passes the filename file.jpg but not the entire path?
LVL 10

Accepted Solution

webwyzsystems earned 500 total points
ID: 24109145
It cannot pass the entire path because the file is stored in a temporary directory that is destroyed at the end of the request. You have to expressly move the uploaded file out of the temp directory and into it's permanent resting place - or a place where you can work with it further.
Also - you won't be able to pass any decent amount of data in the URL string because it's size is limited to 2048 chars in IE. I believe that DOM states max is supposed to be 8096 or something like that....but IE truncates at 2048.
IF the user is coming in via proxy - then the URL string is limited to 255 chars, which is REALLY tiny for transferring data.

Author Comment

ID: 24110556
i ended up putting the upload on the same php page and simply not passing the variables at all
i was able to upload the jpg and retrieve it, it must pass the temp file variables without you being able to see it if its on the same page
i posted the code if anyone has a future question and wants to blob
// mysql query for creating the table

create table myBlobs


blobId int auto_increment not null,

blobTitle varchar(50),

blobData longblob,

blobType varchar(50),

primary key(blobId),

unique id(blobId)


// php code for uploading


include 'include/config.php';  // your mysql data

if (isset($_POST['submit'])) 

{ // if form has been submitted 3333





if(empty($_POST['recnum']) || $_POST['fileUpload'] == "none")

die("You must enter both a description and file");

// PHP has several built-in functions that allow us to open and read files. We use the fopen and fread methods to open the uploaded file from the local directory on the web server, and then read its contents into a variable. The addslashes method escapes any apostrophises and double quotes in the file:

$fileHandle = fopen($fileUpload, "r");


			{ die ("Fopen Error Dying Now"); }

$fileContent = fread($fileHandle, $fileUpload_size);


			{ die ("Fread Error Dying Now"); }

$fileContent = addslashes($fileContent);

// We connect to our database using PHP's built-in MySQL functions in combination with our database connection variables that we defined above:

$sConn = mysql_connect($dbServer, $dbUser, $dbPass)

or die("Couldn't connect to database server");

$dConn = mysql_select_db($dbDatabase, $sConn)

or die("Couldn't connect to database $dbDatabase");

// Once connected to the MySQL database, we run an insert query to actually add the details of our uploaded file (as a blob) to the myFiles table:

$dbQuery = "INSERT INTO myBlobs VALUES ";

$dbQuery .= "(0, '$recnumb', '$fileContent', '$fileUpload_type')";

mysql_query($dbQuery) or die("Couldn't add file to database");

// If the mysql_query function didn't succeed, then we our script calls the die function, which stops the execution of our script and outputs "Couldn't add file to database" to the clients browser. On the other hand, if the mysql_query function succeeded, then we output the details of the uploaded file to the browser:


//header('Location: grabfile.php');

} // if form has been submitted 3333










<center><h1>File Upload</h1></center>




<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<table border="0">

<tr><td><center>Record Number:</td><td>

<input type="text" name="recnum" maxlength="60">



<input type="file" name="fileUpload" size="150">


<tr><th colspan=4><input type="submit" name="submit" value="Log In"></th></tr> </table>






Open in new window


Author Closing Comment

ID: 31568548
thanks for the help

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Part of the Global Positioning System A geocode ( is the major subset of a GPS coordinate (, the other parts being the altitude and t…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
In this tutorial viewers will learn how to style transparent/translucent elements using alpha transparency in CSS Start with a normal styled element, such as a div.: Define its "background-color" property as "rgba (255, 255, 255, .5): The numbers in…
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now