Solved

Sometimes works, sometimes doesnt

Posted on 2008-10-01
11
167 Views
Last Modified: 2012-05-05
Hi guys, another problem.

Im trying to grab a posted form variable. Sometimes it works, sometimes it does not.
Im trying to grab hiddendescription

<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">

Im trying to grab it by doing the following..

$grab_hiddendescription = $_REQUEST['hiddendescription'];
echo "The value of \$grab_hiddendescription is: " . $grab_hiddendescription;

I dont know why it is not returning.
Any help greatly appreciated.
<form name="formedit" method="post" action="edit_task.php">		

							

							<!-- Send the edit_task.php page, the variable 'radioedittask' which has selected record's id_ctk. -->					

							<input type="radio" name="radioedittask" value="<?php echo $rows_view_tasks['id_ctk']; ?>">	

							<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">							

							<!-- 

							The following are not required to be sent to edit_task.php. The id id_ctk is enough

							<input type="hidden" name="hiddentaskname" value="<?php echo $rows_view_tasks['name_ctk']; ?>">	

							<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">

							-->								

					</td>		

						

				</tr> <?php } ?>	

							

							<input id="edittaskbutton" type="submit" name="Submit" value="Edit">

		

						</form>

Open in new window

0
Comment
Question by:Simon336697
  • 5
  • 4
  • 2
11 Comments
 
LVL 82

Accepted Solution

by:
hielo earned 250 total points
ID: 22615708
try changing:

<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">                                           
to:
<input type="hidden" name="hiddendescription" value="<?php echo htmlspecialchars($rows_view_tasks['description_ctk']); ?>"> 
also verify that $rows_view_tasks['description_ctk'] actually has some value. If your db field is empty you will not see anything when you try to retrieve the value of the hidden field.

Open in new window

0
 
LVL 1

Author Comment

by:Simon336697
ID: 22615787
Hi mate,
hi,
should i be using something like htmlspecialchars when actually inserting into the database?
Could this be part of my problem as well?

When inserting, this is what im doing..

==================================================== insert_task.php
<form name="form1" method="post" action="insert_task_ac.php">
<td class="descriptioncol2"><textarea name="description" type="text" id="description"></textarea></td>
<input type="submit" name="Submit" value="Insert New Task">
</form>
0
 
LVL 1

Author Comment

by:Simon336697
ID: 22615913
Hi,
the insert_task.php posts to insert_task_ac.php which does the insertion.
All i have in insert_task_ac.php for the insertion is:

$sql="INSERT INTO $tbl_tasks(name_ctk, fk_id_pro_ctk, description_ctk)VALUES('$taskname', '$project', '$description')";
$result=mysql_query($sql);

Should i be using something here to make sure it is safe to put the textarea stuff into mysql?
0
 
LVL 11

Expert Comment

by:bansidhar
ID: 22615926
please don't post same problem in 2 posts. Check my suggestions on the last post.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23778324.html#a22615761
0
 
LVL 1

Author Comment

by:Simon336697
ID: 22615945
Sorry ban
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 11

Assisted Solution

by:bansidhar
bansidhar earned 250 total points
ID: 22615950
you must have
$taskname = mysql_real_escape_string($taskname);
$project = mysql_real_escape_string($project);
$description = mysql_real_escape_string($description);
$sql="INSERT INTO $tbl_tasks(name_ctk, fk_id_pro_ctk, description_ctk)VALUES('$taskname', '$project', '$description')";
$result=mysql_query($sql);
0
 
LVL 1

Author Comment

by:Simon336697
ID: 22616018
ban,
so do i first grab the variables like:

$taskname=$_POST['taskname'];
$project=$_POST['projectid'];
$description=$_POST['description'];

then do:

$taskname = mysql_real_escape_string($taskname);
$project = mysql_real_escape_string($project);
$description = mysql_real_escape_string($description);
0
 
LVL 1

Author Comment

by:Simon336697
ID: 22616168
hielo and ban.
thank you again for your awesome help.
points now and ill work on this more thanks so much.
0
 
LVL 11

Expert Comment

by:bansidhar
ID: 22616169
easier is you can do both in single step

$taskname=mysql_real_escape_string($_POST['taskname']);

etc...
0
 
LVL 11

Expert Comment

by:bansidhar
ID: 22616175
happy it helped you :)
0
 
LVL 82

Expert Comment

by:hielo
ID: 22616220
>>the insert_task.php posts to insert_task_ac.php which does the insertion.
Then in  insert_task_ac.php you just need to use mysql_real_escape_string on the value you are inserting into the db.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now