Jump to content

getting Vars to pass to next page.

jay7981

By jay7981
in PHP Coding Help

 Share

Recommended Posts

jay7981 Member

jay7981

Posted
Posted

Hello all,

I have a confusing situation on my hands, i am a member of a gaming community and we are setting up a website (yay i get to be teh techie!!) im not exactly a noob with php but i am by far not an expert, so i need some help please.

 

I have a table populated with mysql data, and i am using multiple submit buttons to perform actions to the selected row of information. i have 2 of the 3 buttons working great however the third is not passing on all the information that i need to pass to the next page. the only thing that is not passing is the var $name that is returned from mysql.

 

Below are the codes i am using. any help with how to get the var $name to pass with the $_POST information would be great, thanks in advance!

 

The Table:

<?php
include 'config.php';
include 'access.php';

$db = mysql_connect ($hostname, $username, $password) or die ('Failed to connect to database: ' . mysql_error());
mysql_select_db($database);
  
  $query = "SELECT clan_members.authid, clan_members.rank, clan_members.name, admins.access FROM imagest5_bioclan.clan_members LEFT OUTER JOIN imagest5_bioclan.admins ON clan_members.name = admins.name WHERE clan_members.rank = 9 ORDER BY clan_members.rank DESC, clan_members.name";
$result = mysql_query($query) or die ('Failed to query ' . mysql_error());
?>
<form method="post" action="./process.php">
<table width="100%" border="1">
  <tr>
    <th scope="col"> </th>
    <th scope="col">SteamID</th>
    <th scope="col">Name</th>
    <th scope="col">Rank</th>
    <th scope="col">Flags</th>
  </tr>
  <?php
while ($row = mysql_fetch_assoc($result)) 
{
  $auth = $row['authid'];
  $name = $row['name']; 
  $rank = $ranks[$row['rank']];
  $flags = $row['access'];
?>
  <tr>
    <td><div align="center">
        <input type="radio" name="auth" id="radio" value="<?php echo "$auth";?>">
      </div></td>
    <td><?php echo "$auth";?></td>
    <td><?php echo "$name";?></td>
    <td><?php echo "$rank";?></td>
    <td><?php echo "$flags";?></td>
  </tr>
  <?php
}
?>
</table>
<table width="100%">
  <tr>
    <td width="11%"><div align="center">
        <input type="submit" name="submit[edit]" value="Edit">
      </div></td>
    <td width="20%"><div align="center">
        <input type="submit" name="submit[delete]" value="Delete">
      </div></td>
    <td width="69%"><div align="center">
        <select name="access" id="access">
          <option selected="selected">Quick Admin----</option>
          <option value='abcdefghijklmnopqrstu'>Leader/CoLeader</option>
  <option value='abcdefghijklmnopqrstu'>Tech</option>
        <option value='bcdefijmnopqrstu'>Upper Admin</option>
        <option value='bcefijnprstu'>Mid Admin</option>
        <option value='cfu'>Recruit Admin</option>
        <option value='u'>Member</option>
        </select>
        <input type="submit" name="submit[access]" value="Set">
      </div></td>
  </tr>
</table>
</form>
<?php
mysql_free_result($result);
mysql_close($db);
?>

 

The table posts to this page:

<?php
//print_r($_POST);
$submit_array = array_keys($_POST['submit']);
$action = $submit_array[0];
if ($_POST)
{
switch ($action)
{
  case 'edit':
   echo include('./includes/edit.inc');
   break; 
   
  case 'delete':
   echo include('./includes/delete.inc');
   break; 
  case 'access':
   echo include('./includes/mem2admin1.inc');
   break; 
}
}
?>

 

and if the set button on the table is clicked the above page loads this:

<?php
if(!isset($_SESSION['clan_id']))
{
  die("You are not logged in and cannot view this page.");
}
echo '<center>';
$auth = $_POST['auth'];
$name = $_POST['name'];
$access = $_POST['access'];
echo "<br><br>Are you sure you want to give '$access' flags to:<br><br>";
echo "SteamID: $auth<br />Name: $name";
echo "<br><br><a href=\"admin_add3.php?auth=$auth&name=$name&access=$access\">Yes</a>  <a href=\"main.php\">No</a></center>;"
?>

Link to comment
https://forums.phpfreaks.com/topic/183267-getting-vars-to-pass-to-next-page/
Share on other sites
jay7981 Member

jay7981

Posted
  • Author
Posted

Firstly, i apologize for the double post.

secondly, i now have it passing a $name var to the process.php page but its not the right name that is associated with the row that is selected. I ended up adding a hidden input field, i have attached a pic of the table and the output for more of a vivid image of what is happening. The name that should be passed in this example is "bob" not remegade.... please help.

 

<td><div align="center">
        <input type="radio" name="auth" id="radio" value="<?php echo "$auth";?>">
	<input type="hidden" name="name" id="name" value="<?php echo "$name";?>" />
      </div></td>
    <td><?php echo "$auth";?></td>

 

[attachment deleted by admin]

jay7981 Member

jay7981

Posted
  • Author
Posted

the if ($_POST) was to make sure that the form was submitted with the radio selected. If there is a better or more effencient way of doing this any critique is well appreciated.

 

the $rank = $ranks[$row['rank']]; is because i have a hard coded array inside of the include ('./includes/access.php'), i have to use this due to a plugin on my game server itself reading it as well. and it allows me to translate the rank from a number to a name when displayed in the table.

 

here is the access.php 

<?php
$access = array("None","User","Admin","Root");
$ranks = array("None","Inactive","Recruit","Member","Recruit Admin","Mid Admin","Upper Admin","Tech","Co-Leader","Leader");
$level = array("Upper Admin","Mid Admin","Recruit Admin","Member","Tech");
?>

abazoskib Regular Member

abazoskib

Posted
Posted 

[quote author=jay7981 link=topic=278708.msg1319455#msg1319455 date=1259480120]
the if ($_POST) was to make sure that the form was submitted with the radio selected. If there is a better or more effencient way of doing this any critique is well appreciated.

I know what you think it does. Read my post again.

jay7981 Member

jay7981

Posted
  • Author
Posted

so your saying that my processing code is pointless? ... or checking for the submission in my current processing code is pointless..

 

im going to assume the latter, i want to check for the actual submission to prevent injection from the url, thus keeping the database as secure as possible, if i have used this improperly, please elaborate on how to fix it instead of simply stating that it is pointless.

play_ Advanced Member

play_

Posted
Posted

1. Did you check to see if the query is yielding the results you expect?

 

2. You're doing this:


<input type="radio" name="auth" id="radio" value="<?php echo "$auth";?>">
<input type="hidden" name="name" id="name" value="<?php echo "$name";?>" />

 

but on process.php, you should query the database for "auth" to make sure it exists, since a user could use firebug to edit the hidden field and give any value it wants.

And since you'll be querying the database already to make sure that auth exists, pull the username from it...

 

select clan_members.authid,  clan_members.name from clan_members where authid = "$auth"

 

So, you don't even need to pass a hidden field for name.

 

Did that make sense? (its 6am and i haven't slept yet, so there's a chance it didn't).

 

Basically..

 

1. don't do '<input type="hidden" name="name" id="name" value="<?php echo "$name";?>" />'

2. Just pass <input type="radio" name="auth" id="radio" value="<?php echo "$auth";?>">

3. Youre passing the "$auth" to process.php. On process.php, select 'name' where auth = '$auth'

 

If these dont suit your needs for some reason, i'll analyze your code later when i wake up.

 

------------ also -------

 

<td><?php echo "$auth";?></td>
    <td><?php echo "$name";?></td>
    <td><?php echo "$rank";?></td>
    <td><?php echo "$flags";?></td>

 

You don't need quotes around variables. you can just have <?php echo $auth; ?>

 

 

You also have " <td><div align="center">" .. you can do <td align="center">

no need to clutter your html :)

 

 

abazoskib Regular Member

abazoskib

Posted
Posted 

if($_POST) {}

 

will ALWAYS be true. Therefore it is pointless to check for it. On the other hand, you could check for specific $_POST variables such as the ones you are using, but make sure to use isset() when checking if the exist, such as

 

if(isset($_POST['authid'])){}

 

Usually when submitting a form you can just check for the name of the submit button you have, so that way you don't have to check every single variable you are posting. In your case this would be "submit[access]"

jay7981 Member

jay7981

Posted
  • Author
Posted

@play_ :

firstly,thank you for your response.

1.Yes i checked to see if the query is yielding the results that i expect, and you can see in the array.jpg i have echoed the array info at the top, it is indeed passing the $name from the hidden field but it is the name of the last record in the db that its pulled from the db no matter which record i select.

 

2. I will attempt this, and the reason for the "" around the vars is because dreamweaver is foolish LOL and the same goes for the <div align="center"> aswell.

 

 

@abazoskib:

 

again, thank you for your resonse, and i will change that portion to check to see if the submit is being used

 

you both have really helped me in this and i really appreaciate all of it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.