Page 1 of 1

Not Passing Username value to next function

Posted: Wed Feb 04, 2009 12:13 am
by CoolAsCarlito
Its loading the edithandler form back again but no values I'm thinking that when it goes through from the handlers function to the edithandler function it loses which username it is.

Code: Select all

include ('database.php');
 
/* Gets the value of 'f' from the URL and secures the variable against XSS */
$f = htmlentities ( $_GET ['f'], ENT_QUOTES );
 
if (function_exists ( $f )) {
    $f ();
} else {
    die ( 'Error 404!' );
}
 
function getFormData($username, $table, $field){
      $query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
      while($row = mysql_fetch_assoc($query)){
           return $row[$field];
      }
}
 
Handlers Function

Code: Select all

 
function handlers() {
    print '<h1 class=backstage>Handler Management</h1><br />';
    print "<h2 class=\"backstage\">Handlers :: <a href=\"#\" onclick=\"ajaxpage('addhandler', 'content'); return false;\">Add New</a></h2><br />";
    print '<table width="100%" class="table1">';
    print '<tr class="rowheading">';
    print '<td width="30">&nbsp;</td>';
    print '<td align="center">Username</td>';
    print '<td align="center">Surname</td>';
    print '<td align="center">First Name</td>';
    print '<td align="center">E-Mail</td>';
    print '</tr>';
    $query = "SELECT * FROM users ORDER BY `username`";
    $result = mysql_query ( $query ); // Run The Query
    if ($result) {
        // Fetch and print all records.
        $i = 0;
        while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
            $sClass = 'row2';
            if ($i ++ & 1) {
                $sClass = 'row1';
            }
            printf ( "<tr class=\"%s\">", $sClass );
            print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
            
            printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [username] );
            printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [surname] );
            printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [firstname] );
            printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [email] );
            print '</tr>';
        }
    }
    print '</table><br />';
    print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
 
Edithandler function

Code: Select all

 
function edithandler() {
    $query = "SELECT * FROM `users` WHERE `username` = '" . $_GET['username'] . "'";
    $result = mysql_query ( $query ); // Run The Query
    $row = mysql_fetch_array ( $result, MYSQL_ASSOC );
    print '<h1 class=backstage>Handler Management</h1><br />';
    print '<h2 class=backstage>Edit Handler Details</h2><br />';
    print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
    print '<table width="100%" class="table2">';
    print '<tr>';
    print "<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print "<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 value=\"". getFormData($username, "users","password") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Surname:</td><td class=row3>';
    print "<input type=text name=surname class=fieldtext490 value=\"". getFormData($username, "users","surname") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Firstname:</td>';
    print "<td class=row3><input type=text name=firstname class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Email:</td>';
    print "<td class=row3><input type=text name=email class=fieldtext490 value=\"". getFormData($username, "users","email") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>AIM:</td>';
    print "<td class=row3><input type=text name=aim class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>MSN:</td>';
    print "<td class=row3><input type=text name=msn class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Forum ID:</td>';
    print "<td class=row3><input type=text name=forumid class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Account:</td>';
    print '<td class=row3><select name=enabled class=selection>';
    print '<option value=1>Enabled</option><option value=0>Disabled</option>';
    print '</select></td>';
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Administrator:</td>';
    print '<td class=row3><select name=isadministrator class=selection>';
    print '<option value=1>Yes</option><option value=0>No</option>';
    print '</select></td>';
    print '</tr>';
    print '<tr>';
    print '<td class=rowheading>Default Character:</td>';
    print "<td class=row3>\"". getFormData($username, "users","username") ."\"</td>";
    print '</tr>';
    print '</table><br />';
    print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
    print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
    print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
    print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
    print '<option value=0>- Select -</select>&nbsp;&nbsp;<input type=submit value="Add" class=button></form></h2><br />';
    print '<br /><br />';
    print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}