+ Post New Thread
Results 1 to 9 of 9
Web Development Thread, PHP variables in Coding and Web Development; I'm creating a web script for my school. here's what its supposed to do. 1) Staff enter a web address ...
  1. #1

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242

    PHP variables

    I'm creating a web script for my school. here's what its supposed to do.

    1) Staff enter a web address in a text box and submit using GET method
    2) Loads site that was entered with frame at top saying are you sure you want to add this site? The entered value gets stored into $site_address on this page.
    3) Adds site to the database and delivers success message

    1 & 2 work fine, but when it gets to the third page it seems to have forgotten the value in $site_address

    I'm new to PHP so is there something obvious I'm missing? If you need code to help let me know and I'll get it posted up.

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,867
    Thank Post
    412
    Thanked 778 Times in 651 Posts
    Rep Power
    182
    paste the code? otherwise it's like driving with a blindfold!

  3. #3
    Friez's Avatar
    Join Date
    Dec 2006
    Posts
    839
    Thank Post
    22
    Thanked 22 Times in 21 Posts
    Rep Power
    24
    Aye post code for sure. Also depends if you're running code across different php pages and/or frames.

    You can always do this at opportune locations in your PHP script to try and find out where it drops out:

    print_r($_GET);

    Will dump out the contents of your $_GET variable.
    Also make sure you're using $_GET and not the old-style way of just naming variables the same as a normal variable e.g. $_GET['site_address'] as opposed to $site_address, since accessing GET/POST in this manner can cause some security oopsies (should be locked off for the latest versions of PHP anyway).

    What I think is happening is this (Assumptions Made):

    You have a page like this:

    PHP Code:
    $addy $_GET['site_address'];
    Are you sure you want to add this site? <a href="continue.php">Yes</a> <a href="index.php">No</a>

    ... and 
    in continue.php

    database_saving_bits
    ($addy); 
    Which of course won't pass on the GET to the next page (it's not carried across through multiple page reloads, you'll have to do that either via stuffing it into a sessioned page using $_SESSION and all the session_start() hoo-hah or, pass it in the URL as a second GET (like follows)

    PHP Code:
    $addy = $_GET['site_address'];
    Are you sure you want to add this site? <a href="continue.php?addy=<?php echo $addy?>">Yes</a> <a href="index.php">No</a>

    ... and in continue.php

    $addy = sanitise_all_gets_before_hitting_db($_GET['addy']);
    database_saving_bits($addy);
    But that's just pure guesswork (and subtle pseudocodish made-up functions to hint some things) as to what your code looks like. I strongly advise you do the $_GET printing so you know exactly what point things dissappear though!

    Code would be nice to dissect
    Last edited by Friez; 2nd December 2008 at 02:34 PM.

  4. Thanks to Friez from:

    Hightower (2nd December 2008)

  5. #4

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    Quote Originally Posted by powdarrmonkey View Post
    paste the code? otherwise it's like driving with a blindfold!
    You can't drive with a blind fold on?! I thought everyone could....

    OK, here it goes:

    This is the first page - the one where the teacher enters details into a form.
    PHP Code:
    <p align="center"><strong>Please answer ALL fields!</strong></p>

    <
    form action="checksite.php" method="GET">
        <
    table width="500" border="0" align="center" cellpadding="3" cellspacing="0">
            <
    tr>
                <
    td width="30%"><p align="right">Title of website:</p></td>
                <
    td width="70%"><input name="txtTitle" type="text" size="50" /> </td>
            </
    tr>
            <
    tr>
                <
    td p align="right">Address of website:</p></td>
                <
    td><input name="txtAddress" type="text" value="http://" size="50" /></td>
            </
    tr>
            <
    tr>
                <
    td><p align="right">Subject:</p></td>
                <
    td><select name="subject">
                    <
    option value="All" selected="selected">Please select</option>
                    <
    option value="Art">Art</option>
                    <
    option value="Business">Business Studies</option>
                    <
    option value="DT">DT</option>
                    <
    option value="English">English</option>
                    <
    option value="Humanities">Humanities</option>
                    <
    option value="ICT">ICT</option>
                    <
    option value="Maths">Maths</option>
                    <
    option value="MFL">MFL</option>
                    <
    option value="Music">Music</option>
                    <
    option value="PE">PE</option>
                    <
    option value="Science">Science</option>
                    <
    option value="All">Whole School</option>
                </
    select></td>
            </
    tr>
            <
    tr>
                <
    td><p align="right">Why do pupils need access to this site?</p></td>
                <
    td><input name="reason" type="text" size="50" /></td>
            </
    tr>
            <
    tr>
                <
    td>&nbsp;</td>
                <
    td><input type="submit" name="submit" value="Add to whitelist" /></td>
            </
    tr>
        </
    table>
    </
    form
    This is the second page which asks if the user is sure they want to add the site and displays the website in the page.

    PHP Code:
    <?php
    require "sec/seccheck.php";
    $site_title $_GET["txtTitle"];
    $site_address $_GET["txtAddress"];
    $site_subject $_GET["subject"];
    $site_username $_SESSION['username'];
    ?>

    <html>
    <head>
        <title>Please check the website before submitting</title>
    </head>
    <body style="font-family: Verdana, sans-serif;font-size:12px;text-align:center;">
        <p>You want to add the site <strong><?php echo $site_title?></strong>. Please ensure that this is the site you want to add. If the site doesn't
        load please ensure you have the correct address.</p>
        <p><a href="index.php?ad=successadd">This is the site - add it!</a> | <a href="index.php?ad=add">This isn't the site - Don't add it!</a></p>
        
        <iframe src=<?php echo $site_address?> height="90%" width="100%">
        </iframe>
    </html>
    The previous two pages work exactly how I want. Here is the third page that load when the user presses "YES I WANT TO ADD THAT SITE":

    PHP Code:
    <p>Title: <?php echo $site_title?> </p>
    This 3rd page will use a mysql_query when I pass the variables properly but just for testing at the minute I only have that echo command. All that is displayed on the page is:

    Title:

    I'm sure you know what's wrong, but remember I'm a PHP n00b so be kind

  6. #5

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    I just stored the value into $_SESSION['Title']. Could of swore I tried it before but this time it worked so thanks!

  7. #6

    CESIL's Avatar
    Join Date
    Nov 2006
    Location
    Hampshire
    Posts
    1,404
    Thank Post
    109
    Thanked 267 Times in 198 Posts
    Rep Power
    169
    Where are you declaring $site_title for the first time?

    To pass this variable from page to page you need to set it up as a session variable.

    PHP Code:
    $_SESSION['site_title'] = $_GET["txtTitle"]; 
    Ypu also need session_start() at the top of each page that refers to session variables.

    Retrieve it with

    PHP Code:
    <p>Title: <?php echo $_SESSION['site_title']; ?> </p>

  8. #7

    CESIL's Avatar
    Join Date
    Nov 2006
    Location
    Hampshire
    Posts
    1,404
    Thank Post
    109
    Thanked 267 Times in 198 Posts
    Rep Power
    169
    I dunno...I look away for a moment and someone else posts a solution

  9. #8

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,867
    Thank Post
    412
    Thanked 778 Times in 651 Posts
    Rep Power
    182
    Mmm, I just went and had my lunch, and he's fixed it himself Wish some of our staff could learn that trick.

  10. #9
    Friez's Avatar
    Join Date
    Dec 2006
    Posts
    839
    Thank Post
    22
    Thanked 22 Times in 21 Posts
    Rep Power
    24
    Quote Originally Posted by Hightower View Post
    I just stored the value into $_SESSION['Title']. Could of swore I tried it before but this time it worked so thanks!
    Yeah you could do it that way (session vars are handy especially for data you want to keep lurking around), or if you don't want to clutter up the session space, just make your YES <a href> have a ?somevariable=somevalue on the end to pass it into a $_GET on the page it refers to.

    Also beyond the functionality of your actual page some tips or pointers!

    Use POST rather than GET for forms unless it's absolutely necessary. Especially if the form is BIG. This Page describes the difference between POST and GET, but mainly a GET is passed via the URL itself. e.g.

    hxxp://www.edugeek.net/forums/newreply.php?do=newreply&p=259394

    all the stuff after the ? is a GET, the $_GET['do'] is one variable and the $_GET['p'] is another. URLS can only be so long. Imagine if my entire post here was embedded into a GET, it probably won't happen.

    Make sure you sanitise your Input variables

    This is important. Imagine if I came across your site and decided to say the reason that I want pupils to access your site was because:

    '); DELETE * FROM users

    (Or something to that extent) be sure that everything that goes into your mysql query that's been provided by a user has been thoroughly sanitised. There are functions out there to do this for you.

    Google for SQL Injection Hack for info on this.

    Cleanliness!

    If you choose to go the way of the $_SESSION variable, when you're totally and utterly sure you're 100% done with the variable and don't need it again for that session be sure to unset($_SESSION['somevar']); otherwise you'll end up with a massive $_SESSION variable list.

    Hope that helps!
    Last edited by Friez; 2nd December 2008 at 02:59 PM.

  11. 2 Thanks to Friez:

    Hightower (2nd December 2008), Marci (19th December 2008)



SHARE:
+ Post New Thread

Similar Threads

  1. using variables in wget etc
    By RabbieBurns in forum *nix
    Replies: 6
    Last Post: 31st July 2008, 10:23 PM
  2. TEMP and TMP variables Deleted?
    By techyphil in forum Windows
    Replies: 5
    Last Post: 23rd May 2008, 04:09 PM
  3. Server Variables on CC3
    By gibbo_ap in forum Web Development
    Replies: 2
    Last Post: 24th April 2008, 03:48 PM
  4. Environment variables or other method
    By HodgeHi in forum Scripts
    Replies: 3
    Last Post: 21st June 2006, 10:05 AM
  5. Replies: 4
    Last Post: 10th October 2005, 11:12 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •