Jump to content

Archived

This topic is now archived and is closed to further replies.

flamerail

Help with $_GET and isset

Recommended Posts

What im working on is a site that has a cpanel to edit its pages and add and remove news. This is the page editing panel. The sql connect ect details are in the header. The problem im having is whenever i post a new page the variables are all screwed up. Could someone please look over my code and tell me how i should do stuff diffrently ect.





[code]<?php include("../include/header.php") ?>
<table width="400">
<tr>
<td>Page</td>
</tr>

<?php
if (isset($_GET['add'])) {
    $query = 'INSERT INTO `pages` (`id`, `name`, `page`) VALUES (\''.$id.'\', \''.$name.'\', \''.$page.'\');';
    mysql_query($query);
    print "Page Added";
    print '<a href="page.php">Back to Page</a>';
    } else {
}
?>

<?php
if (isset($_GET['delete'])) {
    $page_query = mysql_query("SELECT * FROM pages");  
    $pagedb = mysql_fetch_array($page_query);
    $page = $pagedb['id'];
    $name = $pagedb['name'];
    mysql_query("DELETE FROM pages WHERE id = '$page'");
    print $name."Deleted Sucessfully";
    } else {
    print "nothign do delete <br>";
}
?>
<?php
if (empty($_GET)) {
$page_query = mysql_query("SELECT * FROM pages");  
   while ($pagedb = mysql_fetch_array($page_query)) {
           $page = $pagedb['id'];
        $name = $pagedb['name'];  
        print '<tr>';
        print '<td width="15"><a href="page_update.php?id='.$page.'">'.$name.'</a></td>';
        print '<td width="50">'.'<a href="page.php?delete='.$page.'">delete</a></td>';
        print '</tr><tr><td>---</td></tr>';
      }
    } else {
    print "not listing because stuff is set on the get";
  }
?>


</table>
<form action="page.php?add=true" method="post">
    <table width="509" cellpadding="0" cellspacing="0">
      <tr>
      <td width="68">id:</td>
    <td width="439"><input name="id" type="text" size="30" /></td>
    </tr>
      <tr>
        <td width="68">name:</td>
      <td><input name="name" type="text" size="30" /></td>
    </tr>
      <tr>
        <td>page:</td>
      <td width="439"><textarea name="page" cols="30" rows="2"></textarea></td>
    </tr>
      <tr>
        <td colspan="2"><input type="submit" name="Submit" value="Submit" />
       </td>
      </tr>
    </table>
  </form>
<?php include("../include/footer.php") ?> [/code]

Share this post


Link to post
Share on other sites
Presuming this script/page is calling itself, your form says to use the POST method, yet your code is attempting to use the GET method.

Also you might streamline the code somewhat. You are looking for 3 possibilities, why not use a SWITCH statement rather than 3 ISSET's?

Just an old coots observation (could be wrong I haven't had my nap today)

Lite...

Share this post


Link to post
Share on other sites
[!--quoteo(post=358668:date=Mar 26 2006, 05:14 PM:name=litebearer)--][div class=\'quotetop\']QUOTE(litebearer @ Mar 26 2006, 05:14 PM) [snapback]358668[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Presuming this script/page is calling itself, your form says to use the POST method, yet your code is attempting to use the GET method.

Also you might streamline the code somewhat. You are looking for 3 possibilities, why not use a SWITCH statement rather than 3 ISSET's?

Just an old coots observation (could be wrong I haven't had my nap today)

Lite...
[/quote]

Will try

Share this post


Link to post
Share on other sites
using $_GET to get variables to be inseted into ur database is not secured at all.

Try using POST form and filter out illegal characters using addslashes or check if get magic quotes is on.

Share this post


Link to post
Share on other sites
Thanks! Using switch worked out perfect!

I'll post the revised code here soon. This is all within a protected directory so Im not to worried about security *yet*.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.