3 Replies - 502 Views - Last Post: 23 April 2013 - 03:55 PM Rate Topic: -----

#1 seyidesh  Icon User is offline

  • D.I.C Head

Reputation: -1
  • View blog
  • Posts: 51
  • Joined: 24-November 10

Post URL error

Posted 23 April 2013 - 10:06 AM

Hello guys, I am having difficulty posting my URL to database and displaying my tables from the database.

I have this code for the post-processing

<?php
include 'connect.php';
//$cid=$_GET['id'];
if ($_SESSION['signed_in'] == ""){

	header("Location: index.php");
	exit();

	}if(isset($_POST['create_topic'])){
	
			if(($_POST['topic_subject'] == "") && ($_POST['post_content'] =="")){
			echo "You did not fill the both fields. Please return to the previous page.";
			exit();
			}else{
			$cid = $_POST['id'];
			$title=$_POST['topic_subject'];
			$content = $_POST['post_content'];
			$creator =$_SESSION['signed_in'];
			$sql = "INSERT INTO topics (cat_id, topic_title, topic_creator, topic_date, topic_reply_date) VALUES ('".$cid."', '".$title."', '".$creator."', now(), now())";
			$res =mysql_query($sql) or die(mysql_error());
			$new_topic_id = mysql_insert_id();
			$sql2 = "INSERT INTO posts(cat_id, topic_id, post_creator, post_content, post_date) VALUES ('".$cid."', '".$new_topic_id."', '".$creator."', '".$content."', now())";
			$res2 =mysql_query($sql2) or die(mysql_error());
			$sql3 = "UPDATE categories SET last_post_date=now(), last_user_posted='".$creator."' WHERE cat_id ='".$cid."' LIMIT 1 ";
			$res3 =mysql_query($sql3) or die(mysql_error());
			if(($res) && ($res2)  && ($res3)){
			
			header("Location: view_topic.php?id=".$cid."&tid=".$new_topic_id);
			
			}else{
			 echo "There was a problem creating your potic. Please try again.";
			}
	}
}

?>


The content will be post successfully but the cat_id is not been posted, therefore making my url look like

http://localhost/forum/classes/view_topic.php?id=&tid=25


The id value is not displaying, therefore sending a value of "0" to the database as cat_id value for all the posted mssge.

Also my table is not displaying.

Kindly help me check to see where my error is coming from, am confused already.

Thanks.

Is This A Good Question/Topic? 0
  • +

Replies To: Post URL error

#2 laytonsdad  Icon User is offline

  • Cheese and Sprinkles
  • member icon

Reputation: 447
  • View blog
  • Posts: 1,930
  • Joined: 30-April 10

Re: Post URL error

Posted 23 April 2013 - 10:20 AM

I dont see an error with the php. Posably check that your $_POST['id] has a value. it may have an issue with spelling or case in your html.
Was This Post Helpful? 1
  • +
  • -

#3 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4421
  • View blog
  • Posts: 12,286
  • Joined: 18-April 07

Re: Post URL error

Posted 23 April 2013 - 03:41 PM

I just want to let you know that you should never simply accept a value from the user in a $_POST variable and use it directly in an SQL statement. This is a security issue. This is the basis for SQL injection attacks because someone could post an cat id that is not just a number but contains things like single quotes etc and essentially alter the type of query you are running.

To prevent this from happen, always test your data for validity (like testing if it is a number in the range you expect) and then using methods like bound parameters from the PDO classes. This will help protect your application from hacking attempts.

As for your question, I would have to agree with laytonsdad that you may not have a value in the $_POST["id"] field. Did you include a field called "id" in the form that is posting to your script? If not, that could be the problem since if you don't have a form field called "id" then $_POST["id"] wouldn't have a value.

:)
Was This Post Helpful? 0
  • +
  • -

#4 andrewsw  Icon User is online

  • It's just been revoked!
  • member icon

Reputation: 3809
  • View blog
  • Posts: 13,518
  • Joined: 12-December 12

Re: Post URL error

Posted 23 April 2013 - 03:55 PM

Quote

Hello guys, I am having difficulty posting my URL to database and displaying my tables from the database.

I would guess that the OP is passing the id between pages, doing so as part of the url. This is accessible in the $_GET array but, at some stage, he refers to it as $_POST - which would require it to be posted via a form as a (perhaps hidden) input element. Just a guess :)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1