Not Passing Username value to next function
Posted: Wed Feb 04, 2009 12:13 am
Its loading the edithandler form back again but no values I'm thinking that when it goes through from the handlers function to the edithandler function it loses which username it is.
Handlers Function
Edithandler function
Code: Select all
include ('database.php');
/* Gets the value of 'f' from the URL and secures the variable against XSS */
$f = htmlentities ( $_GET ['f'], ENT_QUOTES );
if (function_exists ( $f )) {
$f ();
} else {
die ( 'Error 404!' );
}
function getFormData($username, $table, $field){
$query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
while($row = mysql_fetch_assoc($query)){
return $row[$field];
}
}
Code: Select all
function handlers() {
print '<h1 class=backstage>Handler Management</h1><br />';
print "<h2 class=\"backstage\">Handlers :: <a href=\"#\" onclick=\"ajaxpage('addhandler', 'content'); return false;\">Add New</a></h2><br />";
print '<table width="100%" class="table1">';
print '<tr class="rowheading">';
print '<td width="30"> </td>';
print '<td align="center">Username</td>';
print '<td align="center">Surname</td>';
print '<td align="center">First Name</td>';
print '<td align="center">E-Mail</td>';
print '</tr>';
$query = "SELECT * FROM users ORDER BY `username`";
$result = mysql_query ( $query ); // Run The Query
if ($result) {
// Fetch and print all records.
$i = 0;
while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
$sClass = 'row2';
if ($i ++ & 1) {
$sClass = 'row1';
}
printf ( "<tr class=\"%s\">", $sClass );
print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [username] );
printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [surname] );
printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [firstname] );
printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [email] );
print '</tr>';
}
}
print '</table><br />';
print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
Code: Select all
function edithandler() {
$query = "SELECT * FROM `users` WHERE `username` = '" . $_GET['username'] . "'";
$result = mysql_query ( $query ); // Run The Query
$row = mysql_fetch_array ( $result, MYSQL_ASSOC );
print '<h1 class=backstage>Handler Management</h1><br />';
print '<h2 class=backstage>Edit Handler Details</h2><br />';
print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
print '<table width="100%" class="table2">';
print '<tr>';
print "<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print "<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 value=\"". getFormData($username, "users","password") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Surname:</td><td class=row3>';
print "<input type=text name=surname class=fieldtext490 value=\"". getFormData($username, "users","surname") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Firstname:</td>';
print "<td class=row3><input type=text name=firstname class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Email:</td>';
print "<td class=row3><input type=text name=email class=fieldtext490 value=\"". getFormData($username, "users","email") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>AIM:</td>';
print "<td class=row3><input type=text name=aim class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>MSN:</td>';
print "<td class=row3><input type=text name=msn class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Forum ID:</td>';
print "<td class=row3><input type=text name=forumid class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Account:</td>';
print '<td class=row3><select name=enabled class=selection>';
print '<option value=1>Enabled</option><option value=0>Disabled</option>';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Administrator:</td>';
print '<td class=row3><select name=isadministrator class=selection>';
print '<option value=1>Yes</option><option value=0>No</option>';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Default Character:</td>';
print "<td class=row3>\"". getFormData($username, "users","username") ."\"</td>";
print '</tr>';
print '</table><br />';
print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
print '<option value=0>- Select -</select> <input type=submit value="Add" class=button></form></h2><br />';
print '<br /><br />';
print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}