Page 1 of 1

Variable post problem

Posted: Mon Sep 03, 2007 11:36 am
by kkonline
I am working on an article manager comment thing.
The problem is that i am not getting the posted variables sid,catid and page variables which are extracted using GET in index.php (not shown in the code)

Finally in post.php i am not getting the values of the three variables and get

Notice: Undefined variable: sid,catid and page in d:\easyphp\www\gb\post.php on line 21

contents of index.php

Code: Select all

$sql = "SELECT * FROM `dh_gbentries` WHERE `sectionid` = $sid AND `catid` = $catid AND `contentid` = $page AND `trusted` = 1 ORDER BY `id` DESC LIMIT 0, 30";
$result = mysql_query($sql, $conn) or die(mysql_error());
if(mysql_num_rows($result) == "0") {
	$tmp = new template("tmp_nomsg.tpl");
	$tmp->replace_tags(array("LANG_NO_MSG" => $lang_no_msg));
	$tmp->output();
}
while($g = mysql_fetch_array($result)) {
	$g_timeadded = date("jS F Y H:i", $g['timeadded']);
	if($allowhtml == "yes") { $g_message = nl2br($g['message']); } else { $g_message = nl2br(htmlspecialchars($g['message'])); }
	$tmp = new template("tmp_entry.tpl");
	$tmp->replace_tags(array("AUTHOR" => $g['author'],"DATE_POSTED" => $g_timeadded,"MESSAGE" => $g_message));
	$tmp->output();
}
$rnad = rand(100000,999999);
$tmp = new template("tmp_postnew.tpl");
$tmp->replace_tags(array("LANG_POST_NEW" => $lang_post_new,"LANG_YOUR_NAME" => $lang_your_name,"LANG_YOUR_MESSAGE" => $lang_your_message,"LANG_TYPE_NUMBER" => $lang_type_number,"LANG_YOUR_IP" => $lang_your_ip,"LANG_ADD_MESSAGE" => $lang_add_message,"IP_ADDR" => $_SERVER['REMOTE_ADDR'],"SECURE_NUMBER" => "$rnad"));
$tmp->output();

$tmp = new template("tmp_footer.tpl");
$tmp->output();
contents of post.php

Code: Select all

if(!$_POST['author'] OR !$_POST['message'] OR !$_POST['secnum']) {
	$tmp = new template("tmp_error1.tpl");
	$tmp->replace_tags(array("LANG_EMPTY_FORMS" => $lang_empty_forms));
	$tmp->output();
} else {
if($_POST['secnum'] != $_POST['snumber']) {
	$tmp = new template("tmp_error2.tpl");
	$tmp->replace_tags(array("LANG_WRONG_SECNUM" => $lang_wrong_secnum));
	$tmp->output();
} else {
	$conn = mysql_connect($dbhost, $dbuser, $dbpass);
	mysql_select_db($dbtable, $conn) or die(mysql_error());
	$sql = "INSERT INTO 

// i am posting the values to db but they are not posted and i get 
Notice: Undefined variable: sid,catid and page in d:\easyphp\www\gb\post.php on line 21 below is line 21

dh_gbentries(sectionid,catid,contentid,author,message,timeadded,trusted,ipaddress) VALUES('$sid','$catid','$page','$_POST[author]', '$_POST[message]', '".time()."', 0, '$_SERVER[REMOTE_ADDR]')";
	$result = mysql_query($sql, $conn) or die(mysql_error());

	$tmp = new template("tmp_posted.tpl");
	$tmp->replace_tags(array("LANG_MESSAGE_ADD" => $lang_message_add,"LANG_MESSAGE_ADDED" => $lang_message_added));
	$tmp->output();
contents of tmp_postnew.tpl

Code: Select all

<br>
<table class="entry">
<form action="post.php" method="POST">
<tr valign="top">
<td width="100%" align="left" colspan="2"><strong>{LANG_POST_NEW}</strong><br /></td>
</tr>
<tr valign="top">
<td width="50%" align="left"><strong>{LANG_YOUR_NAME}</strong></td>
<td width="50%" align="left"><input type="text" name="author" class="inputbox" /></td>
</tr>
<tr valign="top">
<td width="100%" align="left" colspan="2"><strong>{LANG_YOUR_MESSAGE}</strong><br /><textarea name="message"></textarea></td>
</tr>
<tr valign="top">
<td width="50%" align="left"><strong>{LANG_YOUR_IP}</strong></td>
<td width="50%" align="left">{IP_ADDR}<input type="hidden" name="ipaddress" value="{IP_ADDR}" /></td>
</tr>
<tr valign="top">
<td width="50%" align="left"><strong>{LANG_TYPE_NUMBER}</strong> -> {SECURE_NUMBER}</td>
<td width="50%" align="left"><input type="text" name="secnum" class="inputbox" maxlength="6" /><input type="hidden" name="snumber" value="{SECURE_NUMBER}" /></td>
</tr>

//i just get the below part in source of html page and not the values of sid,page and catid

<input type="hidden" name="sid" value="<?php echo $sid; ?>" />
<input type="hidden" name="page" value="<?php echo $page; ?>" />
<input type="hidden" name="catid" value="<?php echo $catid; ?>" />


<tr valign="top">
<td width="100%" align="center" colspan="2"><input type="submit" value="{LANG_ADD_MESSAGE}" /></td>
</tr>
</form>
</table>

Posted: Mon Sep 03, 2007 2:28 pm
by Kieran Huggins
you can request a page using either GET or POST.

GET encodes all the data in the URL in the form

Code: Select all

?key1=val1&key2=val2
POST requests are not sent via the URL, but instead in the body of the request (you don't see it).

The $_GET and $_POST arrays are collections of these variables, but you only have one available to you depending on which request method you choose.

The $_REQUEST array is a combination of the $_GET $_POST and $_COOKIE arrays, and is often safe to use as a substitute, just be aware that some values could theoretically be overridden. I'm not sure what the order in which they're overridden is, but it would probably be in the "Predefined Variables" section of the manual.