Recently I worked on a project where I had to pass a value from one php page to another. It was very simple and I had it working but didnt think about the security around this functionality as I am still fairly new to php. The biggest issue is to make sure someone cant inject code into the field and mess up your site. Most examples I saw didn’t include this security check, so here you go.

1
2
3
4
5
6
7
8
9

<?php
	//grab email that is passed in from a page
	if (isset ($_GET["email"])) {
	        //htmlentities removes quote characters and html characters from the value passed in
		$email = htmlentities($_GET["email"], ENT_QUOTES);
	} else {
		$email = '';
	}
?>

And here is the code you use to send the value to the page:

<form name="myForm" action="submitForm.php?email=+document.getElementById('emailField').value);">
...
<input type="text" name="emailField" id="emailField" value="email goes here">
<input type="image" src="images/submit.jpg">
</form>

Thanks to PlanetKodiak for the help with this.