PHP Script, help needed!

Flipper

Flipper

New Member
I am working on a PHP Script and my insert query seems to be on the fritz, when the link is at newthread.php?fid=1 (fid means forum id which distinguishes what forum it is being posted in)

$fid = $_GET['fid']; is set for the insert query, using the above link would insert the fid as 1, but for some odd reason inserts it as 0 everytime. I have tried everything, can anyone help?

My code is located here:
http://paste.ubuntu-nl.org/17878
 
Im not the best at php...but I've always found the site phpfreaks.com helpful...their forum may be able to help a little more.
 
The initial request would have $_GET['fid'] as 1. But after they submit the form (and thus the code ot insert into the database is run), the $_GET variables are not kept across another page load.

The best way is to insert a hidden form field with the variable, and then use $_POST as the fid:

Code: 
...
<form action="newthread.php" method="POST">
[B] <input type="hidden" name="fid" value="<?php echo $_GET['fid']; ?>" />[/B]
PHP: 
 $fid = $_POST['fid'];
Also note that unless you are running with magic_quotes enabled, you are vulnerable to SQL injection. You should 1) Disable magic_quotes (it's unreliable across different installs) so you can take care of slashes on your own. Then always run mysql_real_escape_string() on variables you use in your queries.
 
Last edited:
You must log in or register to reply here.
Back
Top