Jump to content


Photo

$POST and isset ($_GET[' '])


  • Please log in to reply
3 replies to this topic

#1 agupta2683

agupta2683
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 20 July 2006 - 03:44 PM

Hi All,

I have  a form which asks a user to add and delete the fields. These fields r defined in the backend database. I'm using POST method on the submission and once the user presses submit, the control goes to the form_submit page. This page uses isset($_get[' ']) method to retrive the values entered by the user and perform insertion or deletion operations in the database. The code is not throwing any error . when a user tried to enter the values for the fields on the form, the insertion or deletion operations are not performed in the database.

I have checked that I have made connection to the database.

I tried different if else combinations but it doesnt seem to work.

I have also attached the code if anyone can be kind enough to have a look at it.

I would highly appreciate any sort of help in this.

CODE

<?php
 
        if( isset( $_GET[ 'region' ], $_GET ['addstate'],$_GET ['deletestate']) )
      {
        $addstate = $_GET[ 'addstate' ];
        $deletestate = $_GET[ 'deletestate' ];   
        $region = $_GET[ 'region' ];
        $query  = "INSERT INTO dbo.off_campus_ashish VALUES ('$region', '$addstate') AND DELETE * FROM dbo.ashishdate WHERE region = '$region' AND state = '$deletestate'" ;
        mssql_query($query);
        //$result = db_query( "INSERT INTO dbo.ashishdate VALUES ($category, $addate) AND DELETE * FROM dbo.ashishdate WHERE category = $category AND date = $deletedate");
        }
      else
      {
      if( isset( $_GET[ 'region' ],$_GET ['addstate']) )
        {
        $addstate = $_GET[ 'addstate' ];
        $region = $_GET[ 'region' ];
        $query  = "INSERT INTO dbo.off_campus_ashish VALUES ('$region', '$addstate')";
        mssql_query($query);
        //$result = db_query( "INSERT INTO dbo.ashishdate VALUES ($category, $addate)");
        }
       
      else
      {
        if (isset( $_GET[ 'region' ], $_GET ['deletestate']) )
        {
        $deletestate = $_GET[ 'deletestate' ];   
        $region = $_GET[ 'region' ];
        $query  = "DELETE * FROM dbo.off_campus_ashish WHERE region = '$region' AND state = '$deletestate'" ;
        mssql_query($query);
        //$result = db_query("DELETE * FROM dbo.ashishdate WHERE category = $category AND date = $deletedate");
        }
        else
        {
        echo "You did not submit all the required information.  Please go back and try again.";
        }
        }
        }
    ?>

#2 desithugg

desithugg
  • Members
  • PipPipPip
  • Advanced Member
  • 281 posts
  • LocationScarborough

Posted 20 July 2006 - 04:05 PM

change the $_GET[ 'region' ]  to $_POST[ 'region' ]
not just the reigon all the fields that are being sumbit using post change them to $_post...

#3 smartguyin

smartguyin
  • Members
  • PipPipPip
  • Advanced Member
  • 61 posts

Posted 20 July 2006 - 04:19 PM

It should be " $_POST['region'] and not $_GET['region'] "

When you are using form to transfer info from form to script then we should use $_POST always....

$_GET[''] is used when the info i passed through url like http://domain.com/fo...?region=anyinfo

Inthis the "anyinfo" transfered to script to work with and it can be used by $_GET['anyinfo']

I hope you have understand the difference.........

I am also new and trying to learn things........ Please other guys correct me if i am wrong.
One of my php project >> http://www.mumbaipropertysite.com

#4 HeyRay2

HeyRay2
  • Members
  • PipPipPip
  • Advanced Member
  • 223 posts

Posted 20 July 2006 - 04:31 PM

Forms can be submitted in either POST or GET methods, which you define as below:

<form name="myform" method="POST">

or

<form name="myform" method="GET">

The POST method is more secure, in that the form values are passed "behind-the-scenes", which is good for ensuring that the information is not broadcast in the URL and cannot be manipulated outsite of the script. I recommend this method for items like user login scripts and other items that have sensitive data to be passed.

The GET method is less secure, but can a good choice where you want the form values passed through the URL. This is good for search scripts and the like where you would want a user to "bookmark" the page.

Whichever method you choose, you can access the variables by the corresponding $_POST or $_GET variable array.

Alternatively, you can use the $_REQUEST variable array for either form type, but be prepared to validate the contents of the variable because you won't know whether the information was passed by POST or GET.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users