How to post data to controller when form button is inside a table

Question

I'm doing a school project and I am having a small problem.

I'm trying to click a button in my tables which will post some data to my controller function but the variables doesn't seem to be going through (with my code below) and I'm getting a mismatch token error if I add a CSRF security feature on "post".

This is part of the code from my function / Table :

$lecid = $lab->lecture_id;
$tutid = $lab->tutorial_id;
$labbid = $lab->lab_id;
$courseid = $lab->course_id;

echo
"<tr class='danger'><td>".
'<form name="f1" action="/member/student/functionregistercourses" method="post" >'.
'<input id="add" value="ADD" type="submit"  lab_id=$labbid tutorial_id=$tutid "course_id"=$courseid lecture_id=$lecid term=$term year=$year >'.
'</form>'.
"---------- LAB ".$lab_id
."</td>"."<td>".
$day

Gives me the form below, which is what I want but when I click it, it doesn't work properly.

_{(source: 4.ii.gl)}

The problems I have:

Mismatch token error

When I click the button above on the form, it gives me a token mismatch error. When I remove this line from my controller it works:

$this->beforeFilter('csrf', array('on'=>'post'));

This is a security feature. Is there any way to fix it while keeping the CSRF code ?

My forms are usually in this format:

{{ Form::open(array('url'=>'member/student/regcourses', 'class'=>'comform')) }}

The variables are not been passed to the controller

This is how I get the variables in the controller:

$regcourse->course_id = strtolower(Input::get('course_id'));
$regcourse->lecture_id = strtolower(Input::get('lecture_id'));
$regcourse->tutorial_id = strtolower(Input::get('tutorial_id'));

Answer 1

Mismatch token error

You have to include the token in a hidden input:

<input type="hidden" name="_token" value="{{ csrf_token() }}">

Or there is a shorter way.

{{ Form::token() }}

This way the token will be added to the POST and you can check it in your filter:

Route::post('register', array('before' => 'csrf', function()
{
    return 'You gave a valid CSRF token!';
}));

Passed variables

Your submit button is a big mess. You have to put the variables into hidden input fields. This way after submit the POST will contain them because the form data is what will be sent in it.

<input name="course_id" type="hidden" value="{{ $courseid }}">

Also use the Blade template engine by naming your views with a .blade.php ending. This way you can echo something by using the {{ $echoed_variable }} syntax.