Jump to content


Photo

Help with $_GET and isset


  • Please log in to reply
4 replies to this topic

#1 flamerail

flamerail
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 26 March 2006 - 09:07 PM

What im working on is a site that has a cpanel to edit its pages and add and remove news. This is the page editing panel. The sql connect ect details are in the header. The problem im having is whenever i post a new page the variables are all screwed up. Could someone please look over my code and tell me how i should do stuff diffrently ect.





<?php include("../include/header.php") ?>
<table width="400">
<tr>
<td>Page</td>
</tr>

<?php
if (isset($_GET['add'])) {
    $query = 'INSERT INTO `pages` (`id`, `name`, `page`) VALUES (\''.$id.'\', \''.$name.'\', \''.$page.'\');';
    mysql_query($query);
    print "Page Added";
    print '<a href="page.php">Back to Page</a>';
    } else {
}
?>

<?php
if (isset($_GET['delete'])) {
    $page_query = mysql_query("SELECT * FROM pages");  
    $pagedb = mysql_fetch_array($page_query);
    $page = $pagedb['id'];
    $name = $pagedb['name'];
    mysql_query("DELETE FROM pages WHERE id = '$page'");
    print $name."Deleted Sucessfully";
    } else {
    print "nothign do delete <br>";
}
?>
<?php
if (empty($_GET)) {
$page_query = mysql_query("SELECT * FROM pages");  
   while ($pagedb = mysql_fetch_array($page_query)) {
           $page = $pagedb['id'];
        $name = $pagedb['name'];   
        print '<tr>';
        print '<td width="15"><a href="page_update.php?id='.$page.'">'.$name.'</a></td>';
        print '<td width="50">'.'<a href="page.php?delete='.$page.'">delete</a></td>';
        print '</tr><tr><td>---</td></tr>';
      } 
    } else {
    print "not listing because stuff is set on the get";
  }
?>


</table>
<form action="page.php?add=true" method="post">
    <table width="509" cellpadding="0" cellspacing="0">
      <tr>
      <td width="68">id:</td>
    <td width="439"><input name="id" type="text" size="30" /></td>
    </tr>
      <tr>
        <td width="68">name:</td>
      <td><input name="name" type="text" size="30" /></td>
    </tr>
      <tr>
        <td>page:</td>
      <td width="439"><textarea name="page" cols="30" rows="2"></textarea></td>
    </tr>
      <tr>
        <td colspan="2"><input type="submit" name="Submit" value="Submit" />
       </td>
      </tr>
    </table>
  </form>
<?php include("../include/footer.php") ?>


#2 litebearer

litebearer
  • Members
  • PipPipPip
  • Advanced Member
  • 2,357 posts
  • Locationwhite lake michigan

Posted 26 March 2006 - 10:14 PM

Presuming this script/page is calling itself, your form says to use the POST method, yet your code is attempting to use the GET method.

Also you might streamline the code somewhat. You are looking for 3 possibilities, why not use a SWITCH statement rather than 3 ISSET's?

Just an old coots observation (could be wrong I haven't had my nap today)

Lite...

all the brothers were valiant!

[br][br]The truely intelligent people are not those who create the dots; rather they are they ones with the ability to connect the dots into a coherent picture

#3 flamerail

flamerail
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 26 March 2006 - 10:54 PM

[!--quoteo(post=358668:date=Mar 26 2006, 05:14 PM:name=litebearer)--][div class=\'quotetop\']QUOTE(litebearer @ Mar 26 2006, 05:14 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Presuming this script/page is calling itself, your form says to use the POST method, yet your code is attempting to use the GET method.

Also you might streamline the code somewhat. You are looking for 3 possibilities, why not use a SWITCH statement rather than 3 ISSET's?

Just an old coots observation (could be wrong I haven't had my nap today)

Lite...
[/quote]

Will try

#4 bUcKl3

bUcKl3
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 27 March 2006 - 04:36 PM

using $_GET to get variables to be inseted into ur database is not secured at all.

Try using POST form and filter out illegal characters using addslashes or check if get magic quotes is on.

#5 flamerail

flamerail
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 28 March 2006 - 08:52 PM

Thanks! Using switch worked out perfect!

I'll post the revised code here soon. This is all within a protected directory so Im not to worried about security *yet*.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users