Jump to content

[SOLVED] posting to self.. doesn't work.

AshleyByrom

By AshleyByrom
in PHP Coding Help

 Share

Recommended Posts

AshleyByrom Member

AshleyByrom

Posted
Posted

Okay well I have a page which has a PHP if function at the start to check for the do variable that is submitted when the form (on the same page) is submitted. Here is my code:

if(isset($_GET["do"])) {
$action = $_GET["do"];

mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_NAME);

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

if($action=="editAbout") {
	$abouttext = clean($_POST["aboutText"]);
	$CAQ = "UPDATE users SET aboutme='$abouttext' WHERE id='" . $_SESSION["theID"] . "'";
	$RCAW = mysql_query($CAQ);
}
}

 

<form id="form2" name="form2" method="post" action="usercp.php?do=editAbout">
                  <p>
                    <label>
                      <textarea name="aboutText" cols="90" rows="10" id="aboutText"></textarea>
                    </label>
                  </p>
                  <p>
                    <label>
                      <input type="submit" name="button2" id="button2" value="Submit" />
                    </label>
                  </p>
                </form>

 

Hopefully you will understand what I am trying to do... any help? I'm sure it is probably just a simple spelling mistake.. but when I do this the 'aboutme' column for that ID just goes blank..

Link to comment
Share on other sites
bruce080 Newbie

bruce080

Posted
Posted

Try either changing this  if(isset($_GET["do"])) to _POST

or change the form method to GET

 

Ya, I agree with cleibesouza.  If the form's method is "post", you need to use _POST to retrieve the information.  If it is "get", then you need to use _GET to retrieve the information. 

 

Information sent from a form with the GET method is visible to everyone (it will be displayed in the browser's address bar) and has limits on the amount of information to send (max. 100 characters).  On the other hand, POST is invisible to the user and has no limit on the amount of information to send.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

There is nothing wrong with the usage of the post/get variables. (Edit: using a GET variable to indicate what type of action to perform is used all the time - i.e. look at the address bar of the phpfreaks forum web pages for an example.)

 

      return mysql_real_escape_string($str);

return has a problem processing values from some types of function calls (it's probably a bug).Assign the value returned by msyql_real_escape_string() to a variable and then return that variable -

 

      $str = mysql_real_escape_string($str);
return $str;

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.