Page 1 of 1

I don't understand why $Nickname variable is empty when I ac

Posted: Thu Sep 01, 2011 12:28 pm
by aneuryzma
I don't understand why $Nickname variable is empty when I access for the second time:

Code: Select all

	//STORE USER ANSWERS (basic and advanced)
	if (strlen($_POST['UserAnswers']) > 0) {
		
		$Nickname = $_POST["Nickname"]; //it contains the value, perfect.
		$DateOfBirth = $_POST['DateOfBirth'];
		$Gender = $_POST['Gender'];
		$Height = $_POST['Height'];
			
		mysql_query("UPDATE Users SET DateOfBirth = '$DateOfBirth', Gender = '$Gender', Height = '$Height'
			 where Nickname = '$Nickname'", $con);
		//	echo mysql_errno($con) . ": " . mysql_error($con) ;
		

		//if alreadyCreated is false, give back the sentences
		if ($_POST['UserAnswers'] == '0') {
			
			$pools = explode(",", $_POST['Pools']); 
			//print_r($pools);

			$sentences;
		 	for($i=0;$i<count($pools);$i++) {
			
				$result = mysql_query("SELECT * FROM Sentences WHERE Pool = '$pools[$i]'");
				
				$randomNumber = rand(1, mysql_num_rows($result));
				$counter = 1;
				while ($row = mysql_fetch_assoc($result)) {
					if ($randomNumber == $counter) $sentences = $sentences . $row['Sentence'].",";
					$counter++;
				}

			
			$sentences = substr($sentences, 0, -1);
			echo $sentences;
			
			//store sentences in user profile
			//$Nickname = $_POST["Nickname"]; I've tried this, but it is the same.. can't I just get a post argument again ?
			echo 'nickname: ' . $Nickname; // this is empty, but isn't $Nickname the same variable I have set before ?
thanks

Re: I don't understand why $Nickname variable is empty when

Posted: Fri Sep 02, 2011 12:49 am
by twinedev
Start doing a var_dump($Nickname); right after you first define it. Keep moving it down in the code until you find that it is empty.

Also, you need to protect your SQL, as it is, it is wide open for SQL injection. use mysql_real_escape_string().

-Greg

Re: I don't understand why $Nickname variable is empty when

Posted: Fri Sep 02, 2011 3:48 am
by aneuryzma
SO basically, for all $_POST I should use mysql_real_escape_string($_POST..) ?

Re: I don't understand why $Nickname variable is empty when

Posted: Fri Sep 02, 2011 4:42 am
by twinedev
You should use it on any variable that can be set by the visitor of the site. Note, you only need to use it when you are using the variable when putting into the SQL statement.