Solved

Losing $_GET variable inside if clause

Posted on 2009-07-08
9
254 Views
Last Modified: 2013-12-13
Hi Experts!

the variable $_GET['subtask'] is not being posted to the database.

If I remove "isset($_POST['task'] from the if statement, it will work. But it has to be there.

Note that the other variables are being posted correctly to the database in both cases.

Thank you!
<? include 'inc/func.php'; ?>

<? include 'inc/dbc.php'; ?>

 

<? include 'inc/head.php'; ?>

 

<?

if(isset($_GET['subtask']) && isset($_POST['task'])){

	$q = "INSERT INTO tasks (task, parent_id, added) VALUES ('{$_POST['task']}', '{$_GET['subtask']}', NOW())";

	$r = mysql_query($q);

	redirect("index.php");    

}

?>

 

<? include 'inc/head.php'; ?>

 

<form action="new.php" method="post">

	<label>Task: </label><input name="task" id="task" type="text" />

    <br />

    <br />

    <input name="submit" id="submit" type="submit" value="Submit" />

</form>

 

<? include 'inc/foot.php'; ?>

Open in new window

0
Comment
Question by:AphX
  • 5
  • 3
9 Comments
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 24804028
Try it like this:
(as indicated in the other question, this may need to be $_GET['task'] as well)
<? include 'inc/func.php'; ?>

<? include 'inc/dbc.php'; ?>

 

<? include 'inc/head.php'; ?>

 

<?

if(isset($_GET['subtask']) && isset($_POST['task'])){

        $q = "INSERT INTO tasks (task, parent_id, added) VALUES ('".$_POST['task']."', '".$_GET['subtask']."', NOW())";

        $r = mysql_query($q);

        redirect("index.php");    

}

?>

 

<? include 'inc/head.php'; ?>

 

<form action="new.php" method="post">

        <label>Task: </label><input name="task" id="task" type="text" />

    <br />

    <br />

    <input name="submit" id="submit" type="submit" value="Submit" />

</form>

 

<? include 'inc/foot.php'; ?>

Open in new window

0
 
LVL 2

Author Comment

by:AphX
ID: 24804114
Hi and thanks for fast response!

It didn't work. I can´t even echo $_GET['subtask'] inside the if clause. The exact same echo works outside the if clause.

As I pointed out above: if I use this if statement instead, it works 100%

if(isset($_GET['subtask'])){

Something turns wrong when using $_POST['task'] in the if statement...
0
 
LVL 59

Accepted Solution

by:
Kevin Cross earned 450 total points
ID: 24804121
Oh, yeah and you have to ensure that you are passing on the 'subtask' query parameter, either in the post URL or as another value along side task maybe with a hidden variable.

URL method:
<form action="new.php?<?php echo $_SERVER['QUERY_STRING']; ?>" method="post">

Hidden field method:
<input name="subtask" id="subtask" type="hidden" value="<?php echo $_GET['subtask'] ?>" />
(And then change the if to use $_POST['subtask'] instead)
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 24804148
Remember that the $_POST['task'] is only set after the form has been posted; therefore, you have to test that way.  Otherwise, the IF condition will fail as $_POST['task'] will not be set.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 27

Assisted Solution

by:yodercm
yodercm earned 50 total points
ID: 24804471
By the way, NEVER use $_GET or $_POST variables directly in a MySQL query!!   It leaves you wide open to SQL Injection hacking!

Always pass the inputs through a safety function such as mysql_real_escape_string().
0
 
LVL 2

Author Closing Comment

by:AphX
ID: 31601123
Thank you!

Now I see!
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 24804556
Great point, yodercm.  Same on me for not mentioning as I presented a security discussion on cross-site scripting (XSS) on the very subject.  Definitely a no no, especially going to a database as it becomes the gift that keeps on giving. ;)
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 24804560
*Shame NOT same. :)
0
 
LVL 2

Author Comment

by:AphX
ID: 24805484
Thank you! :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now