AshleyByrom Posted July 30, 2009 Share Posted July 30, 2009 Okay well I have a page which has a PHP if function at the start to check for the do variable that is submitted when the form (on the same page) is submitted. Here is my code: if(isset($_GET["do"])) { $action = $_GET["do"]; mysql_connect(DB_HOST, DB_USER, DB_PASS); mysql_select_db(DB_NAME); //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } if($action=="editAbout") { $abouttext = clean($_POST["aboutText"]); $CAQ = "UPDATE users SET aboutme='$abouttext' WHERE id='" . $_SESSION["theID"] . "'"; $RCAW = mysql_query($CAQ); } } <form id="form2" name="form2" method="post" action="usercp.php?do=editAbout"> <p> <label> <textarea name="aboutText" cols="90" rows="10" id="aboutText"></textarea> </label> </p> <p> <label> <input type="submit" name="button2" id="button2" value="Submit" /> </label> </p> </form> Hopefully you will understand what I am trying to do... any help? I'm sure it is probably just a simple spelling mistake.. but when I do this the 'aboutme' column for that ID just goes blank.. Quote Link to comment Share on other sites More sharing options...
cleibesouza Posted July 30, 2009 Share Posted July 30, 2009 Try either changing this if(isset($_GET["do"])) to _POST or change the form method to GET Quote Link to comment Share on other sites More sharing options...
bruce080 Posted July 30, 2009 Share Posted July 30, 2009 Try either changing this if(isset($_GET["do"])) to _POST or change the form method to GET Ya, I agree with cleibesouza. If the form's method is "post", you need to use _POST to retrieve the information. If it is "get", then you need to use _GET to retrieve the information. Information sent from a form with the GET method is visible to everyone (it will be displayed in the browser's address bar) and has limits on the amount of information to send (max. 100 characters). On the other hand, POST is invisible to the user and has no limit on the amount of information to send. Quote Link to comment Share on other sites More sharing options...
AshleyByrom Posted July 30, 2009 Author Share Posted July 30, 2009 Thanks! I added a hidden field named go and changed the value to editAbout... same principle.. guess it works better. Thanks for the help! Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 30, 2009 Share Posted July 30, 2009 There is nothing wrong with the usage of the post/get variables. (Edit: using a GET variable to indicate what type of action to perform is used all the time - i.e. look at the address bar of the phpfreaks forum web pages for an example.) return mysql_real_escape_string($str); return has a problem processing values from some types of function calls (it's probably a bug).Assign the value returned by msyql_real_escape_string() to a variable and then return that variable - $str = mysql_real_escape_string($str); return $str; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.