Passing value of $op between functions

SFDonovan

Environment is OSX 10.4 with registered_globals off

I have a single index.php within my admin folder to handle all my administrative processes in my script.

I use functions throughout.

My problem is passing the value of the variable $op between the functions.

For example this works and displays all my questions that are waiting

//List the Questions in the Queue
function listQuestions($op) {
global $db;
  echo "<form method=\"post\" action=\"" .$_SERVER['PHP_SELF'] ."\">\n";
  echo "<table border='0' align='center' width='100%' cellpadding='2' cellspacing='0'>\n";
  echo "<tr>";
  echo "<div class=\"title\">";
  echo "<td align='left' valign='top' width='50%'>&nbsp;<b><u>Title</u></b>&nbsp;</td>\n";  

  echo "<td align='center' valign='top' width='25%'>&nbsp;<b><u>Time Posted</u></b>&nbsp;</td>\n"; 
  echo "<td align='right' valign='top' width='25%'>&nbsp;<b><u>Preview</u></b>&nbsp;</td>\n";   

  echo "</div>";
  echo "</tr>\n";
  echo "</font>";


$result = $db->sql_query("SELECT * FROM comment_queue");   

while ($row = $db->sql_fetchrow($result))
	{	
$cid = $row['cid'];
$title = $row['title'];
$comment_text = $row['comment_text'];
$timestamp = $row['timestamp'];	
$formatdate = date("M j, Y g: i A",strtotime("$timestamp"));	
	OpenTable();	
	echo "<table width=\"100%\" border=\"0\">";	
	echo "<tr>";	
	echo "<td align=\"left\" width=\"50%\"><div class=\"content\">$title</div></td>";	
	echo "<td align=\"center\" width=\"25%\"><div class=\"content\">$formatdate</div></td>";
	echo "<td align=\"right\" width=\"25%\"><div class=\"content\"><a href=\"index.php?op=previewQuestion&cid=$cid\">Preview</a></div></td>";
	echo "</tr>";			
	echo "<input name=\"cid\" type=\"hidden\" value=\"$cid\" />";	
	echo "</form>";	
	echo "</table>";	
	CloseTable();	
	}


}

I then go to Preview Question

//Preview the Question
function previewQuestion($op, $cid) {
global $AllowableHTML, $db;
$cid = $_GET['cid'];
$title = $_POST['title'];
$comment_text = $_POST['comment_text'];

$result = $db->sql_query("SELECT * FROM comment_queue WHERE cid = '$cid'"); 
while ($row = $db->sql_fetchrow($result)) {

$title = stripslashes(check_html($row['title'], 'nohtml'));
$comment_text = stripslashes(check_html($row['comment_text'], 'nohtml'));
}     
$pre_title = $title;
$pre_comment_text = $comment_text;      
OpenTable();    
echo "<form method=\"post\" action=\"" .$_SERVER['PHP_SELF'] ."\">\n";            
echo "<b>Question Title:</b><br />"
    ."<input type=\"text\" name=\"title\" size=\"50\" maxlength=\"80\" value=\"$pre_title\" /><br />";   
echo "<b>Text of Question:</b> HTML is fine. <br />"
    ."<textarea cols=\"50\" rows=\"15\" style=\"background:#EFEFEF\" name=\"pre_comment_text\">$pre_comment_text</textarea><br />";   
echo "<p>If you included any URLs or html, be sure to double check them for typos.</p>"
    ."<p>Allowed HTML:<br />"
    ."</p>"
	."<p>";
while (list($key,) = each($AllowableHTML)) echo ' &lt;'.$key.'&gt;';
echo "</p>";
echo"<select name=\"op\">"
    ."<option value=\"deleteQuestion\">Delete Question</option>"
    ."<option value=\"preview\" selected=\"selected\">Preview</option>"
    ."<option value=\"postReply\">Post Reply</option>"
    ."</select>"
    ."<input type=\"submit\" value=\"OK\" />";
	echo "<input name=\"cid\" type=\"hidden\" value=\"$cid\" />";

echo "</form>";
CloseTable();    
}

Which displays the information in a textarea for edits.

If I choose Delete Question in the dropdown which assigns deleteQuestion to the variable $op the page does not go to the deleteQuestion function but instead goes to default in my switch statement.

//Delete the Question
function deleteQuestion($op, $cid) {
    global $db;	
    $cid = $_GET[intval($cid)];
    $result = $db->sql_query("DELETE FROM comment_queue where cid = '$cid'");
    if (!$result) {
        return;
        die();
    }
    Header('Location: index.php?op=listQuestions');
}


switch ($_GET['op']) { 


case "listQuestions":
listQuestions($op);
break;

case "info":
info();
break;

case "listCourses":
listCourses($op);
break;	

case "previewQuestion":
previewQuestion($op, $cid);
break;

case "saveQuestion":
saveQuestion($cid, $pre_title, $pre_comment_text);
break;

case "deleteQuestion":
deleteQuestion($op, $cid);
break;

default:
admin_menu($op);
break;
}
}
?>

Sould I pass the variable $op in my functions as in

function previewQuestion($op, $cid) {

and in my switch statement as in

   admin_menu($op);

Do I need to $_GET the value of $op within each of my functions?

$op = $_GET['op'];

If $op was within <form> tags in my sending function then in the receiving function I should use $op = $_POST['op']; correct?

I learned most of my PHP while coding in PHPNuke and now with this standalone app with globals are off, I am finding I have been learning bad practices.

laserlight

Sould I pass the variable $op in my functions as in

No, since $op is not used within those functions.

Also, you are assigning to $cid when you should not:

function previewQuestion($op, $cid) {
    global $AllowableHTML, $db;
    $cid = $_GET['cid'];

Rather, validate $_GET['cid'] before the switch, then pass it to the functions, e.g., previewQuestion($_GET['cid']).

SFDonovan

Thanks...

Why isn't my script going to deleteQuestion like it should?

I think my error lies in previewQuestion somewhere. Am I not passing the value of op from that function?

SFDonovan

Somewhere here:

echo"<select name=\"op\">"
        ."<option value=\"deleteQuestion\">Delete Question</option>"
        ."<option value=\"preview\" selected=\"selected\">Preview</option>"
        ."<option value=\"postReply\">Post Reply</option>"
        ."</select>"
        ."<input type=\"submit\" value=\"OK\" />";
		echo "<input name=\"cid\" type=\"hidden\" value=\"$cid\" />";			
    echo "</form>";

I go from listQuestion to previewQuestion just fine because of this:

<a href=\"index.php?op=previewQuestion&cid=$cid\">Preview</a>

But I can't go from previewQuestion to deleteQuestion

SFDonovan

It is definitely somewhere in my listbox code. I an get to my function by using

<a href=\"index.php?op=deleteQuestion&cid=$cid\">Delete</a>

but cannot get there using the listbox.

[code=php]echo"<select name=\"op\">"
    ."<option value=\"deleteQuestion\">Delete Question</option>"
    ."<option value=\"preview\" selected=\"selected\">Preview</option>"
    ."<option value=\"postReply\">Post Reply</option>"
    ."</select>"
    ."<input type=\"submit\" value=\"OK\" />";
	echo "<input name=\"op\" type=\"hidden\" value=\"$op\" />";
	echo"<a href=\"index.php?op=deleteQuestion&cid=$cid\">Delete</a>";
	//echo "<input name=\"cid\" type=\"hidden\" value=\"$cid\" />";			
echo "</form>";[/code]

Weedpacket

You've got two form fields named "op".

And you shouldn't use links to alter data stored on the server (that's the difference between GET and POST).

SFDonovan

Weedpacket wrote:
You've got two form fields named "op".

No that wasn't it. I had that commented and it still won't send me to whatever I select, but just sends me to the default

 default:
    admin_menu();
    break;

Weedpacket wrote:
And you shouldn't use links to alter data stored on the server (that's the difference between GET and POST).

Well I wouldn't be using links if I had my list box working, or is that not what you meant?

Weedpacket

I also notice that your form uses the POST method, and you're trying to get the value of the 'op' field from the $GET array instead of $POST. In fact you seem to be jumping back and forth between the $GET and $POST arrays a fair bit for some reason.

SFDonovan

Weedpacket wrote:
I also notice that your form uses the POST method, and you're trying to get the value of the 'op' field from the $GET array instead of $POST. In fact you seem to be jumping back and forth between the $GET and $POST arrays a fair bit for some reason.

The reason for this is I seem to be able to $GET the value of $op or $cid much better than using the $POST method.

Registered globals are off.

For example.

function editQuestion() {
global $AllowableHTML, $db;
$cid = $_GET['cid'];

$result = $db->sql_query("SELECT * FROM comment_queue WHERE cid = '$cid'"); 
while ($row = $db->sql_fetchrow($result)) {

$title = stripslashes(check_html($row['title'], 'nohtml'));
$comment_text = stripslashes(check_html($row['comment_text'], 'nohtml'));
}     

OpenTable();    
echo "<form method=\"post\" action=\"" .$_SERVER['PHP_SELF'] ."\">\n";            
echo "<b>Title:</b><br />"
    ."<input type=\"text\" name=\"title\" size=\"50\" maxlength=\"80\" value=\"$title\" /><br />";   
echo "<b>Text:</b>You can use HTML to format your question.<br />"
    ."<textarea cols=\"50\" rows=\"15\" style=\"background:#EFEFEF\" name=\"comment_text\">$comment_text</textarea><br />";   
echo "<p>If you included any URLs or html, be sure to double check them for typos.</p>"
    ."<p>Allowed HTML:<br />"
    ."</p>"
	."<p>";
while (list($key,) = each($AllowableHTML)) echo ' &lt;'.$key.'&gt;';
echo "</p>";   
echo"<select name=\"op\">"
    ."<option value=\"deleteQuestion\">Delete Question</option>"
    ."<option value=\"preview\" selected=\"selected\">Preview</option>"
    ."<option value=\"postReply\">Post Reply</option>"
    ."</select>"
    ."<input type=\"submit\" value=\"OK\" />";		
	echo"<br>";
	echo"<a href=\"index.php?op=deleteQuestion&cid=$cid\">Delete</a>";
	echo"<br>";
	echo"<a href=\"index.php?op=previewQuestion&cid=$cid\">Preview</a>";
	echo"<br>";
	echo"<a href=\"index.php?op=saveQuestion&cid=$cid\">Save</a>";
	echo"<br>";	

echo "</form>";
CloseTable();    
}

Anything inside my opening and closing form tags are inside my $_POST array...correct?

If I choose deleteQuestion

function deleteQuestion() {
    global $db;	
$cid = $_GET['cid'];	
    $result = $db->sql_query("DELETE FROM comment_queue where cid = '$cid'");
    if (!$result) {
        return;
        die();
    }	
	echo"Question has been deleted";
	echo"<br>";
	echo"<a href=\"index.php?op=listQuestion\">Return to question list</a>";
   // Header("Location: index.php?op=listQuestions");
}

I have to $_GET the value of $cid which works.

I have tried to pass this as a variable

function deleteQuestion($cid) but this did not work.

Look at my editQuestion function and you see the values of $comment_text and $title within my form tags, however if I choose saveQuestion I cannot extract these values in my saveQuestion function from the $_POST array.

The only thing that is displayed is $cid

function saveQuestion() {
global $db;
$cid = $_GET['cid'];
$title = $_POST['title'];
$comment_text = $_POST['comment_text']; 
echo"$cid";
echo"<br>";
echo"$title";
echo"<br>";
echo"$comment_text";
}

I would like to be consistant throughout my code and use one method but so far it is not working. Should I move the form method=\"post\" to the begining of each of my functions so that all variables assigned will be inside my form tags?

Weedpacket

Um, I'm still confused; are you trying to use <a> links to submit a form?

SFDonovan

I wass trying to use this.

"<select name=\"op\">" 
        ."<option value=\"deleteQuestion\">Delete Question</option>" 
        ."<option value=\"preview\" selected=\"selected\">Preview</option>" 
        ."<option value=\"postReply\">Post Reply</option>" 
        ."</select>" 
        ."<input type=\"submit\" value=\"OK\" />";

But the list box is not working. Ity doesn't send me anywhere but

   default: 
    admin_menu(); 
    break;

That is the reson I placed the <a> links to see if I can get to each of my functions that way.

SFDonovan

Trying to make some changes here and don't understand why this doesn't work.

At the top of my page I have this case statement.

$op = isset($_POST['op']) ? $_POST['op'] : ''; 
switch ($op) { 

case "listQuestions":
listQuestions($cid);
break;

case "info":
info();
break;

case "listCourses":
listCourses();
break;	

case "editQuestion":
editQuestion($cid);
break;

case "previewQuestion":
previewQuestion($cid, $title, $comment_text);
break;

case "saveQuestion":
saveQuestion($cid, $title, $comment_text);
break;

case "deleteQuestion":
deleteQuestion();
break;

default:
admin_menu();
break;
}

Then I have my admin_menu()

function admin_menu() {
  global $db;     

  echo "<form method=\"post\" action=\"" .$_SERVER['PHP_SELF'] ."\">\n";     

  OpenTable();    

  echo "<table border='1' align='center' width='100%' cellpadding='2' cellspacing='0'>\n";
  echo "<tr>\n";
  echo "<div class=\"title\"><td align='center' valign='top' width='15%'>&nbsp;<b><u>Waiting Questions</u></b>&nbsp;</td>\n";  

  echo "<td align='center' valign='top' width='15%'>&nbsp;<b><u>Change Your Info</u></b>&nbsp;</td>\n";  

  echo "<td align='center' valign='top' width='15%'>&nbsp;<b><u>Courses</u></b>&nbsp;</td></div>\n"; 
  echo "</tr>\n";
  echo "<tr>\n";
  echo "<td align='center' valign='top' width='15%' rowspan='3'>\n";  

  echo "&nbsp;<div class=\"content\"><a href='index.php?op=listQuestions'>List Questions</a>&nbsp;<br />\n";  

  echo "</td>\n"; 
  echo "</div>"; 
  echo "<td align='center' valign='top' width='15%' rowspan='3'>\n";  

  echo "&nbsp;<div class=\"content\"><a href='index.php?op=info'>Your Info</a>&nbsp;<br />\n";    

  echo "</td>\n"; 
  echo "</div>"; 
  echo "<td align='center' valign='top' width='15%' rowspan='3'>";    

  echo "&nbsp;<div class=\"content\"><a href='index.php?op=listCourses'>List Courses</a>&nbsp;<br />";
  echo "</div>";
  echo "</td>\n";  

  echo "</tr>\n";
  echo "</table>\n";	  

  echo "<table border='1' align='center' width='100%' cellpadding='2' cellspacing='0'>\n";  

  echo"</form>";
  CloseTable();
  }

Which doesn't send me to any of the other functions such as listQuestions.

I've alwaysed used links to send me to different pages but this just won't work.

Weedpacket

I can't help but notice that the "form" in your admin_menu() function doesn't appear to contain any form fields.

SFDonavan wrote:
I've alwaysed used links to send me to different pages but this just won't work.

My recommendation is to find some introductory HTML tutorial somewhere to find out how forms work. For reference there's the official word.