Sometimes works, sometimes doesnt

Hi guys, another problem.

Im trying to grab a posted form variable. Sometimes it works, sometimes it does not.
Im trying to grab hiddendescription

<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">

Im trying to grab it by doing the following..

$grab_hiddendescription = $_REQUEST['hiddendescription'];
echo "The value of \$grab_hiddendescription is: " . $grab_hiddendescription;

I dont know why it is not returning.
Any help greatly appreciated.
<form name="formedit" method="post" action="edit_task.php">		
							
							<!-- Send the edit_task.php page, the variable 'radioedittask' which has selected record's id_ctk. -->					
							<input type="radio" name="radioedittask" value="<?php echo $rows_view_tasks['id_ctk']; ?>">	
							<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">							
							<!-- 
							The following are not required to be sent to edit_task.php. The id id_ctk is enough
							<input type="hidden" name="hiddentaskname" value="<?php echo $rows_view_tasks['name_ctk']; ?>">	
							<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">
							-->								
					</td>		
						
				</tr> <?php } ?>	
							
							<input id="edittaskbutton" type="submit" name="Submit" value="Edit">
		
						</form>

Open in new window

LVL 1
Simon336697Asked:
Who is Participating?
 
hieloConnect With a Mentor Commented:
try changing:

<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">                                           
to:
<input type="hidden" name="hiddendescription" value="<?php echo htmlspecialchars($rows_view_tasks['description_ctk']); ?>"> 
also verify that $rows_view_tasks['description_ctk'] actually has some value. If your db field is empty you will not see anything when you try to retrieve the value of the hidden field.

Open in new window

0
 
Simon336697Author Commented:
Hi mate,
hi,
should i be using something like htmlspecialchars when actually inserting into the database?
Could this be part of my problem as well?

When inserting, this is what im doing..

==================================================== insert_task.php
<form name="form1" method="post" action="insert_task_ac.php">
<td class="descriptioncol2"><textarea name="description" type="text" id="description"></textarea></td>
<input type="submit" name="Submit" value="Insert New Task">
</form>
0
 
Simon336697Author Commented:
Hi,
the insert_task.php posts to insert_task_ac.php which does the insertion.
All i have in insert_task_ac.php for the insertion is:

$sql="INSERT INTO $tbl_tasks(name_ctk, fk_id_pro_ctk, description_ctk)VALUES('$taskname', '$project', '$description')";
$result=mysql_query($sql);

Should i be using something here to make sure it is safe to put the textarea stuff into mysql?
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
bansidharCommented:
please don't post same problem in 2 posts. Check my suggestions on the last post.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23778324.html#a22615761
0
 
Simon336697Author Commented:
Sorry ban
0
 
bansidharConnect With a Mentor Commented:
you must have
$taskname = mysql_real_escape_string($taskname);
$project = mysql_real_escape_string($project);
$description = mysql_real_escape_string($description);
$sql="INSERT INTO $tbl_tasks(name_ctk, fk_id_pro_ctk, description_ctk)VALUES('$taskname', '$project', '$description')";
$result=mysql_query($sql);
0
 
Simon336697Author Commented:
ban,
so do i first grab the variables like:

$taskname=$_POST['taskname'];
$project=$_POST['projectid'];
$description=$_POST['description'];

then do:

$taskname = mysql_real_escape_string($taskname);
$project = mysql_real_escape_string($project);
$description = mysql_real_escape_string($description);
0
 
Simon336697Author Commented:
hielo and ban.
thank you again for your awesome help.
points now and ill work on this more thanks so much.
0
 
bansidharCommented:
easier is you can do both in single step

$taskname=mysql_real_escape_string($_POST['taskname']);

etc...
0
 
bansidharCommented:
happy it helped you :)
0
 
hieloCommented:
>>the insert_task.php posts to insert_task_ac.php which does the insertion.
Then in  insert_task_ac.php you just need to use mysql_real_escape_string on the value you are inserting into the db.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.