how to send post value in url
the $_POST[catidHd] value coudnt taken how to give this $_POST[catidHd] in url
why are we passing posted variables in the url anyway, why not just submit the form to that url in the first place off of form action='x.php', and process the posted values on x.php which I am assuming the original poster is doing anyway.
stoopkid has a point: "The bottom line is don't trust your users. All it takes is one SQL Injection to wipe out your work."
and I would also agree that:
'You should post your code so we actually know what you're trying to do.'
which I also asked for earlier in this thread.
why show/explain to somebody how to build their form incorrectly when there is probably 'a better way'.
If the form values ($_POST) are being used to access an underlying database, then you're correct the values should be escaped to avoid MySQL injection attacks.
If however, the values are just being used to create and redirect to another URL, then there is no reason to escape the values, because they will be accessible again on the next page, hence they could be tampered with again.
On the next page, if the URL values ($_GET) are being used to access an underlying database, then the values should be escaped to avoid MySQL injection attacks.
The OP might be entering the details into a database and then redirecting to a subsequent page based on their selection. Using method="get" is one option, but if the follow on page could be one of many, then a redirect works just as well.
sure blocblue: I understand why certain things are done and when and how to do them, but that is just it, this is all speculation the OP has yet to reply about what they are doing and why, which is a relevant question, because they might not understand what they are actually doing or how stuff works.
you have now replied to stoopkid 2x, somehow denouncing (or attempting to clarify) their answer, which he has a valid point, just perhaps not useful at that exact moment but you do not know that and neither do I, it's all speculation on what is actually happening and when it is happening in this code, stoopkid made a good point to never trust user input, so how much closer are we to an answer... still nowhere until the OP either tells us what is going on, or closes the thread, I'll leave the speculating to you.