Page 1 of 1

why wont this variable pass?

Posted: Sat Oct 25, 2008 11:33 am
by steve_linn
For future note: please post code within tags, as I have done below for you. It's easy to do, just use the Code button when you are composing your message.
new programmer:

I want to pass the variable "id" that is in this url

http://localhost/Buzztown/index.php?con ... 5512120001

HERE IS THE HTML FORM (that is under this URL)

Code: Select all

 
<form action=index.php method=post>
<h2>Enter account information here!!</h2><br>
<table width="300" border="0">
  <tr>
  </tr>
  <tr>
    <td>email </td>
    <td><input type="text" name="email"></td>
  </tr>
  <tr>
    <td>password</td>
    <td><input type="text" name="password"></td>
  </tr>
  <tr>
 <td><input type="submit" value="Submit">
 
<input type="hidden" name="custid" value="?php echo htmlspecialchars('$id'); ?"></td>
<input type="hidden" name="content" value="updateaccount"></td>
 
HERE IS THE PHP PAGE

Code: Select all

 
<?php
echo "The Value of action is:".$_POST['$id'];
$accountid = $_POST['custid'];
$email = $_POST['email'];
$password = $_POST['password'];
{
$query = "INSERT INTO account (custid, email, password)" . 
" VALUES ('$accountid', '$email', '$password')";
$result = mysql_query($query);
if ($result) 
echo "<h2>Updates posted to account</h2>\n";
else
echo "<h2>Sorry, there was a problem posting your updates</h2>\n";
echo "<a href=\"index.php?content=showaccount&id=$custid\">Return to show account</a>\n";
}
?>
 
I keep getting echo Sorry, there was a problem posting your updates

It's beacause the ID is not being passed to this page....

where did I go wrong?

Re: why wont this variable pass?

Posted: Sat Oct 25, 2008 1:29 pm
by califdon
Are the 2 excerpts from the same file, index.php? That wasn't clear to me. If so, you didn't show where the value of $id comes from. Since that's what seems to be wrong, it would be rather important to show us where its value comes from. Also, perhaps this is because you haven't showed all of your code, there doesn't seem to be a closing </form> tag, although that's not likely to affect your problem.

Re: why wont this variable pass?

Posted: Sat Oct 25, 2008 2:50 pm
by steve_linn
the files are include files in index.php.

the process goes from showaccount.inc to enteraccount2.inc to updateaccount.inc

when you are at enteraccount2.inc page the url is (passed as a href from showaccount.inc)

http://.../index.php?content=enteraccount2&id=97055512120001

I want to pass the id '97055512120001'

thanks for the tip on the code!

Re: why wont this variable pass?

Posted: Sat Oct 25, 2008 3:30 pm
by califdon
steve_linn wrote:the files are include files in index.php.

the process goes from showaccount.inc to enteraccount2.inc to updateaccount.inc

when you are at enteraccount2.inc page the url is (passed as a href from showaccount.inc)

http://.../index.php?content=enteraccount2&id=97055512120001

I want to pass the id '97055512120001'

thanks for the tip on the code!
Well, your form is using method=post, but the URL you are showing is passing 2 variables as GET, not POST. So $_POST['id'] will never contain a value. It appears that what you may have intended is either $_POST['custid'] or $_GET['id'].

Re: why wont this variable pass?

Posted: Sat Oct 25, 2008 3:37 pm
by steve_linn
Revised code - I'm still not sure what I am doing wrong

enteraccount2.inc.php

Code: Select all

 
<form action=index.php method=post target="_self">
<input type="hidden" name="custid" value="<? echo $_POST['id']; ?>"> 
<h2>Enter account information here!!</h2><br>
<table width="300" border="0">
  <tr>
  </tr>
  <tr>
    <td>email </td>
    <td><input type="text" name="email"></td>
  </tr>
  <tr>
    <td>password</td>
    <td><input type="text" name="password"></td>
  </tr>
  <tr>
 <td><input type="submit" value="Submit">
<input type="hidden" name="content" value="updateaccount"></td>
</form>
 
updateaccount.inc.php

Code: Select all

 
<?php
 
$custid = $_POST['id'];
$email = $_POST['email'];
$password = $_POST['password'];
 
{
$query = "INSERT INTO account (custid, email, password)" . 
" VALUES ('$custid', '$email', '$password')";
$result = mysql_query($query);
if ($result) 
echo "<h2>Updates posted to account</h2>\n";
else
echo "<h2>Sorry, there was a problem posting your updates</h2>\n";
echo "<a href=\"index.php?content=showaccount&id=$accounttid\">Return to show account</a>\n";
}
 
?>
 
still receive the message that "there was a problem posting your updates"

Re: why wont this variable pass?

Posted: Sat Oct 25, 2008 7:18 pm
by califdon
Rather than just $result = mysql_query($query);, try this:

Code: Select all

$result = mysql_query($query) or die("Insert failed: ".mysql_error());
Apart from your immediate problem, you're really asking for trouble by accepting those POST values without "sanitizing" them, in case a hacker decides that he wants to bomb your site. Read about how to use mysql_real_escape_string()!