?
Solved

Sometimes works, sometimes doesnt

Posted on 2008-10-01
11
Medium Priority
?
177 Views
Last Modified: 2012-05-05
Hi guys, another problem.

Im trying to grab a posted form variable. Sometimes it works, sometimes it does not.
Im trying to grab hiddendescription

<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">

Im trying to grab it by doing the following..

$grab_hiddendescription = $_REQUEST['hiddendescription'];
echo "The value of \$grab_hiddendescription is: " . $grab_hiddendescription;

I dont know why it is not returning.
Any help greatly appreciated.
<form name="formedit" method="post" action="edit_task.php">		
							
							<!-- Send the edit_task.php page, the variable 'radioedittask' which has selected record's id_ctk. -->					
							<input type="radio" name="radioedittask" value="<?php echo $rows_view_tasks['id_ctk']; ?>">	
							<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">							
							<!-- 
							The following are not required to be sent to edit_task.php. The id id_ctk is enough
							<input type="hidden" name="hiddentaskname" value="<?php echo $rows_view_tasks['name_ctk']; ?>">	
							<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">
							-->								
					</td>		
						
				</tr> <?php } ?>	
							
							<input id="edittaskbutton" type="submit" name="Submit" value="Edit">
		
						</form>

Open in new window

0
Comment
Question by:Simon336697
  • 5
  • 4
  • 2
11 Comments
 
LVL 82

Accepted Solution

by:
hielo earned 1000 total points
ID: 22615708
try changing:

<input type="hidden" name="hiddendescription" value="<?php echo $rows_view_tasks['description_ctk']; ?>">                                           
to:
<input type="hidden" name="hiddendescription" value="<?php echo htmlspecialchars($rows_view_tasks['description_ctk']); ?>"> 
also verify that $rows_view_tasks['description_ctk'] actually has some value. If your db field is empty you will not see anything when you try to retrieve the value of the hidden field.

Open in new window

0
 
LVL 1

Author Comment

by:Simon336697
ID: 22615787
Hi mate,
hi,
should i be using something like htmlspecialchars when actually inserting into the database?
Could this be part of my problem as well?

When inserting, this is what im doing..

==================================================== insert_task.php
<form name="form1" method="post" action="insert_task_ac.php">
<td class="descriptioncol2"><textarea name="description" type="text" id="description"></textarea></td>
<input type="submit" name="Submit" value="Insert New Task">
</form>
0
 
LVL 1

Author Comment

by:Simon336697
ID: 22615913
Hi,
the insert_task.php posts to insert_task_ac.php which does the insertion.
All i have in insert_task_ac.php for the insertion is:

$sql="INSERT INTO $tbl_tasks(name_ctk, fk_id_pro_ctk, description_ctk)VALUES('$taskname', '$project', '$description')";
$result=mysql_query($sql);

Should i be using something here to make sure it is safe to put the textarea stuff into mysql?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 11

Expert Comment

by:bansidhar
ID: 22615926
please don't post same problem in 2 posts. Check my suggestions on the last post.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23778324.html#a22615761
0
 
LVL 1

Author Comment

by:Simon336697
ID: 22615945
Sorry ban
0
 
LVL 11

Assisted Solution

by:bansidhar
bansidhar earned 1000 total points
ID: 22615950
you must have
$taskname = mysql_real_escape_string($taskname);
$project = mysql_real_escape_string($project);
$description = mysql_real_escape_string($description);
$sql="INSERT INTO $tbl_tasks(name_ctk, fk_id_pro_ctk, description_ctk)VALUES('$taskname', '$project', '$description')";
$result=mysql_query($sql);
0
 
LVL 1

Author Comment

by:Simon336697
ID: 22616018
ban,
so do i first grab the variables like:

$taskname=$_POST['taskname'];
$project=$_POST['projectid'];
$description=$_POST['description'];

then do:

$taskname = mysql_real_escape_string($taskname);
$project = mysql_real_escape_string($project);
$description = mysql_real_escape_string($description);
0
 
LVL 1

Author Comment

by:Simon336697
ID: 22616168
hielo and ban.
thank you again for your awesome help.
points now and ill work on this more thanks so much.
0
 
LVL 11

Expert Comment

by:bansidhar
ID: 22616169
easier is you can do both in single step

$taskname=mysql_real_escape_string($_POST['taskname']);

etc...
0
 
LVL 11

Expert Comment

by:bansidhar
ID: 22616175
happy it helped you :)
0
 
LVL 82

Expert Comment

by:hielo
ID: 22616220
>>the insert_task.php posts to insert_task_ac.php which does the insertion.
Then in  insert_task_ac.php you just need to use mysql_real_escape_string on the value you are inserting into the db.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses
Course of the Month13 days, 18 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question