PHP Script, help needed!

Flipper · 07-13-2006, 04:13 AM

I am working on a PHP Script and my insert query seems to be on the fritz, when the link is at newthread.php?fid=1 (fid means forum id which distinguishes what forum it is being posted in)

$fid = $_GET['fid']; is set for the insert query, using the above link would insert the fid as 1, but for some odd reason inserts it as 0 everytime. I have tried everything, can anyone help?

My code is located here:
http://paste.ubuntu-nl.org/17878

nick5449 · 07-13-2006, 07:02 AM

Im not the best at php...but I've always found the site phpfreaks.com helpful...their forum may be able to help a little more.

Chroder · 07-14-2006, 02:15 AM

The initial request would have $_GET['fid'] as 1. But after they submit the form (and thus the code ot insert into the database is run), the $_GET variables are not kept across another page load.

The best way is to insert a hidden form field with the variable, and then use $_POST as the fid:

Code:

...
<form action="newthread.php" method="POST">
 <input type="hidden" name="fid" value="<?php echo $_GET['fid']; ?>" />

PHP Code:


			
 $fid = $_POST['fid'];

Also note that unless you are running with magic_quotes enabled, you are vulnerable to SQL injection. You should 1) Disable magic_quotes (it's unreliable across different installs) so you can take care of slashes on your own. Then always run mysql_real_escape_string() on variables you use in your queries.

07-13-2006, 04:13 AM	#1 (permalink)
Flipper Silver Member Join Date: Apr 2006 Location: USA Posts: 121	PHP Script, help needed! I am working on a PHP Script and my insert query seems to be on the fritz, when the link is at newthread.php?fid=1 (fid means forum id which distinguishes what forum it is being posted in) $fid = $_GET['fid']; is set for the insert query, using the above link would insert the fid as 1, but for some odd reason inserts it as 0 everytime. I have tried everything, can anyone help? My code is located here: http://paste.ubuntu-nl.org/17878 __________________ dotOmega Forum System - It's whats for cool people. Too bad it's still in development :). 98% of the teenage population will try, does or has tried smoking pot. If you're one of the 2% who hasn't, copy & paste this into your signature

07-14-2006, 02:15 AM	#3 (permalink)
Chroder VIP Member Join Date: Dec 2003 Location: Toronto, Ontario Age: 19 Posts: 1,302	The initial request would have $_GET['fid'] as 1. But after they submit the form (and thus the code ot insert into the database is run), the $_GET variables are not kept across another page load. The best way is to insert a hidden form field with the variable, and then use $_POST as the fid: Code: ... <form action="newthread.php" method="POST"> <input type="hidden" name="fid" value="<?php echo $_GET['fid']; ?>" /> PHP Code: `$fid = $_POST['fid'];` Also note that unless you are running with magic_quotes enabled, you are vulnerable to SQL injection. You should 1) Disable magic_quotes (it's unreliable across different installs) so you can take care of slashes on your own. Then always run mysql_real_escape_string() on variables you use in your queries. __________________ :: Devlog - New developer blog with useful PHP information :: The New Tech - Technology Forum :: *WeTalk.tv - TV Forums* Last edited by Chroder; 07-14-2006 at 02:19 AM.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

07-13-2006, 07:02 AM	#2 (permalink)
nick5449 Bronze Member Join Date: Jun 2006 Location: Blacksburg, VA Posts: 96	Im not the best at php...but I've always found the site phpfreaks.com helpful...their forum may be able to help a little more.