Page 1 of 1

Easy varibles not working...

Posted: Wed Apr 13, 2005 6:58 am
by neon068
Ok, this is what I'm trying to do. I have a db set up with all the clients in there with and id number and a randomly generated xcode which is codesql in the mysql db. I have jangomail that gets all the info from my db and sends out mass emails. And in the email there is a link that looks similar to this...

https://www.serasfinancial.com/pgspro/? ... code=36029

The id and the xcode HAVE to match whats currently in the db to view the webpage. After they click submit, the xcode changes so they can't click their link again and change their answer.

What I'm trying to do is get the $xcode variable from the link and put it into the link that goes to the processing page.

Line 57 is the part that is giving me problems... I've tryed everything I could think of

Getting the id works perfectly fine, but not for the xcode.


Here is the full script...

Code: Select all

<?
    include_once ( 'config.php' );
    $id = $_GET['id'];
    $xcode = $_GET['xcode'];


$query = "select codesql
    from pgspro
    where id = $id";

$result = mysql_query($query);
$xcodemysql=mysql_fetch_assoc($result);
if ( ( $xcode ) != ( $xcodemysql['codesql'] ) ) {
  $errmsg = require ( 'error.php' );
  die ( '<? $errmsg; ?> <font face=verdana size=3><p align=center><b>Error 112x</b></p></font>' );
} else {




    if ( isset ( $_REQUEST['id'] ) && ! empty ( $_REQUEST['id'] ) )
    {

        if ( strtolower ( $_SERVER['REQUEST_METHOD'] ) == 'post' )
        {
            $query = array ();

            if ( isset ( $_POST['firstname'] ) && ! empty ( $_POST['firstname'] ) )
            {
                $query[] = "firstname = '" . mysql_real_escape_string ( $_POST['firstname'] ) . "'";
            }

            if ( isset ( $_POST['lastname'] ) && ! empty ( $_POST['lastname'] ) )
            {
                $query[] = "lastname = '" . mysql_real_escape_string ( $_POST['lastname'] ) . "'";
            }

            if ( isset ( $_POST['email'] ) && ! empty ( $_POST['email'] ) )
            {
                $query[] = "email = '" . mysql_real_escape_string ( $_POST['email'] ) . "'";
            }
            if ( isset ( $_POST['yesno'] ) && ! empty ( $_POST['yesno'] ) )
            {
                $query[] = "yesno = '" . mysql_real_escape_string ( $_POST['yesno'] ) . "'";
            }

            if ( ! empty ( $query ) )
            {

                $result = "UPDATE pgspro SET " . implode ( ', ', $query ) . " WHERE id = '" . mysql_real_escape_string ( $_REQUEST['id'] ) . "'";

                mysql_query ( $result ) or die ( 'UPDATE ERROR: ' . mysql_error () );
                $id2 = (int)$_REQUEST['id'];

            $xcode3 = $_GET['xcode'];

                echo "<meta http-equiv=Refresh content=0;url='processing.php?id=$id2&xcode=$xcode3'>";
            }
            else
            {
                echo 'This error should not come up, if it does, then there are some serious problems!';
                echo '<meta http-equiv=Refresh content=2;url=' . $SERVER['PHP_SELF'] . '?id=' . $_REQUEST['id'] .'>';
            }
        }
        else
        {

            $result = "SELECT firstname, lastname, email, yesno FROM pgspro WHERE id = " . (int)$_REQUEST['id'];

            $r = mysql_query ( $result ) or die ( 'SELECT ERROR: ' . mysql_error () );

            if ( mysql_num_rows ( $r ) > 0 )
            {
                $form = mysql_fetch_assoc ( $r );
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<title>SerasFinancial.com - PGS Pro</title>
<script language="JavaScript">
<!--
function confirmSubmit()
{
var agree=confirm("Please confirm your selection. Is this correct?");
if (agree)
    return true ;
else
    return false ;
}
</script>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<meta http-equiv="Content-Language" content="en-us">
</head>

<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">

<div align="center">
    <center>
    <table id="Table_01" width="600" height="672" border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111">
        <tr>
            <td align="center" valign="top" height="470">
            <font face="Verdana" size="2">
            <img src="images/pgspro_top.jpg" width="600" height="224" alt=""></font><p class="MsoBodyText">
            </p>
            <p align="left"><font face="Verdana" size="2">Hello <b><?=htmlentities($form['firstname']);?>
            <?=htmlentities($form['lastname']);?></b>. <br>
            <br>
            The PGS analysis has recommended that the following actions be taken:</font></p>
            <p align="left"><font face="Verdana" size="2"><? include ( 'recommendation.txt' ); ?></font></p>
            <p class="MsoBodyText"></p>
            <p>&nbsp; </p>
            <form method="post" action="<?=$_SERVER['PHP_SELF'];?>">
                <font face="Verdana" size="2"><? $id = (int)$_REQUEST['id']; ?>
                <input type="hidden" name="id" value="<?=$id?>">Please indicate
                your decision by clicking on either “YES” or “NO” below. <br>
                <br>
                <p align="left">
                <input type="radio" value="Accept" checked name="yesno"><font size="4"><b>YES,</b></font>
                please make the recommended move.<br>
                <br>
                <input type="radio" value="Decline" name="yesno"><font size="4"><b>NO,</b></font>
                please make sure I am in a cash position or cash equivient. </p>
                <br>
                <br>
                <input type="submit" onclick="return confirmSubmit()" name="submit" value="Submit --->">
                <br>
                <br>
                <br>
            </form>
            </font></td>
        </tr>
        <tr>
            <td align="center" height="34" bgcolor="#000066">
            <font face="Verdana" color="#FF9933" size="1">Recommendations are based
            on the Protective Growth Strategy analysis, which is provided through
            a contracted source. Clients are under no obligation to follow recommendations,
            and must make their own determination as to which, if any, they will
            approve of or apply to their respective investments. Although the Protective
            Growth Strategy strives to protect capital while still seeking growth,
            there are no guarantees for future results. The Protective Growth Strategy
            analysis model attempts to manage risk but will not eliminate risk.
            All information received from the Protective Growth Analysis is believed
            to be reliable but its reliability cannot be guaranteed. You may lose
            money with this investment style. Both the principle value and return
            of investments will fluctuate over time, so an investor’s shares, when
            redeemed, may be worth more or less than their original value.</font></td>
        </tr>
    </table>
    </center></div>

</body>

</html>



<?

            }
            else
            {
          $errmsg = require ( 'error.php' );
                die ( '<? $errmsg; ?> <font face=verdana size=3><p align=center><b>Error 113id</b></p></font>' );
            }
        }
    }
    else
    {
    $errmsg = require ( 'error.php' );
        echo '<? $errmsg; ?> <font face=verdana size=3><p align=center><b>Error 114</b></p></font>';
    
    }
}
?>

Posted: Wed Apr 13, 2005 9:24 pm
by neon068
bump...

pleaseeeeeeeeeeeeeeeeeeeeee

Posted: Wed Apr 13, 2005 9:44 pm
by hongco
line 53 is ok, id gets parsed by your form
line 55 is wrong, xcode is not set.

your form should include the request for xcode as it does for id
so, if the user go to this link:

https://www.serasfinancial.com/pgspro/? ... code=36029

you get the value for $xcode by:
$xcode = $_GET['xcode'];

then use this value for part of the form
<input type="hidden" name="xcode" value="<?=$xcode?>">Please indicate

after the form being submitted, change the line 55 to:
$xcode3 = $_POST['xcode'];

Note: where is the part that you say it changes the xcode value? it looks to me that user will go back to the same form with the same id and xcode :)

Posted: Thu Apr 14, 2005 1:53 pm
by neon068
Works perfectly... THANKS!!! :-D <3