Help with $_GET and isset

[flamerail]

What im working on is a site that has a cpanel to edit its pages and add and remove news. This is the page editing panel. The sql connect ect details are in the header. The problem im having is whenever i post a new page the variables are all screwed up. Could someone please look over my code and tell me how i should do stuff diffrently ect.





[code]<?php include("../include/header.php") ?>
<table width="400">
<tr>
<td>Page</td>
</tr>

<?php
if (isset($_GET['add'])) {
    $query = 'INSERT INTO `pages` (`id`, `name`, `page`) VALUES (\''.$id.'\', \''.$name.'\', \''.$page.'\');';
    mysql_query($query);
    print "Page Added";
    print '<a href="page.php">Back to Page</a>';
    } else {
}
?>

<?php
if (isset($_GET['delete'])) {
    $page_query = mysql_query("SELECT * FROM pages");  
    $pagedb = mysql_fetch_array($page_query);
    $page = $pagedb['id'];
    $name = $pagedb['name'];
    mysql_query("DELETE FROM pages WHERE id = '$page'");
    print $name."Deleted Sucessfully";
    } else {
    print "nothign do delete <br>";
}
?>
<?php
if (empty($_GET)) {
$page_query = mysql_query("SELECT * FROM pages");  
   while ($pagedb = mysql_fetch_array($page_query)) {
           $page = $pagedb['id'];
        $name = $pagedb['name'];  
        print '<tr>';
        print '<td width="15"><a href="page_update.php?id='.$page.'">'.$name.'</a></td>';
        print '<td width="50">'.'<a href="page.php?delete='.$page.'">delete</a></td>';
        print '</tr><tr><td>---</td></tr>';
      }
    } else {
    print "not listing because stuff is set on the get";
  }
?>


</table>
<form action="page.php?add=true" method="post">
    <table width="509" cellpadding="0" cellspacing="0">
      <tr>
      <td width="68">id:</td>
    <td width="439"><input name="id" type="text" size="30" /></td>
    </tr>
      <tr>
        <td width="68">name:</td>
      <td><input name="name" type="text" size="30" /></td>
    </tr>
      <tr>
        <td>page:</td>
      <td width="439"><textarea name="page" cols="30" rows="2"></textarea></td>
    </tr>
      <tr>
        <td colspan="2"><input type="submit" name="Submit" value="Submit" />
       </td>
      </tr>
    </table>
  </form>
<?php include("../include/footer.php") ?> [/code]

[litebearer]

Presuming this script/page is calling itself, your form says to use the POST method, yet your code is attempting to use the GET method.

Also you might streamline the code somewhat. You are looking for 3 possibilities, why not use a SWITCH statement rather than 3 ISSET's?

Just an old coots observation (could be wrong I haven't had my nap today)

Lite...

[flamerail]

[!--quoteo(post=358668:date=Mar 26 2006, 05:14 PM:name=litebearer)--][div class=\'quotetop\']QUOTE(litebearer @ Mar 26 2006, 05:14 PM) [snapback]358668[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Presuming this script/page is calling itself, your form says to use the POST method, yet your code is attempting to use the GET method.

Also you might streamline the code somewhat. You are looking for 3 possibilities, why not use a SWITCH statement rather than 3 ISSET's?

Just an old coots observation (could be wrong I haven't had my nap today)

Lite...
[/quote]

Will try

[bUcKl3]

using $_GET to get variables to be inseted into ur database is not secured at all.

Try using POST form and filter out illegal characters using addslashes or check if get magic quotes is on.

[flamerail]

Thanks! Using switch worked out perfect!

I'll post the revised code here soon. This is all within a protected directory so Im not to worried about security *yet*.