Form field hidden

vasia1970

Guys and ladies:

Can someone possibly explain to me why can I pass value of my userid(key) as a hidden field in the html form???:mad:

I put it in a variable and use GET in form instead of POST, I can see that value in the address bar. However if I use POST that variable is empty and as such I can run MySQL statement because value of that variable is used in WHERE statement...:mad:

Even I put that variable as one of the regular form fields it is still not being passed on to the following pages...:bemused:

netmastan

Hi,

Can you show us our code ?

Make sure your hidden field is between <form></form> tag
Also,after you pass hidden id see if its appear in the html source code.

roscor

First check if register_globals = On within phpinfo(); then on the target page do a print_r($_POST) which Prints human-readable information about a variable. This will give you the variables within POST likewise for GET, SESSION etc.

vasia1970

Hello, guys:

Here is the code

<?
session_start();
/*include "auth_admin.inc.php";*/ --> TURNED OFF AT THIS POINT...
include "conn.inc.php";
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTNL 3.2//EN">
<HTML><HEAD><TITLE>Update Phonebook Entry</TITLE></HEAD>
<BODY><img src="../../images/mockup-2-logo.gif" alt="City IT" width="63" height="63" border="0"><H1><I><FONT FACE="Arial, Helvetica, sans-serif" COLOR="#3333FF">Update Phonebook Entry</FONT></I></H1>
<?

$LastName = $_POST[LastName];
$FirstName = $_POST[FirstName];
$JobTitle = $_POST[JobTitle];
$Dept = $_POST[Dept];
$Phone = $_POST[Phone];
$Email = $_POST[Email];
$Cellno = $_POST[Cellno];
$SID = $_POST[SID];

$update = "UPDATE contactinfo SET LastName='$LastName', FirstName='$FirstName', JobTitle='$JobTitle', Dept='$Dept', Phone='$Phone', Email='$Email', Cellno='$Cellno' WHERE Userid = '$SID'; ";

echo "Here is what had been received and recorded into database<br /><br />";
echo "Last Name is $LastName <br>First Name is $FirstName<br />Job Title is $JobTitle <br />Department is $Dept <br />Phone number is $Phone<br /> E-mail address is $Email<br /> Cell phone number is $Cellno <br />for user $UID ";

$results = mysql_query($update) or die(mysql_error());

?>
  <b><br /><br />User information has been updated.</b><br>
  <a href="admin_area.php">Click here</a> to return to the admin area.

</p></body></html>

vasia1970

roscor wrote:
First check if register_globals = On within phpinfo(); then on the target page do a print_r($_POST) which Prints human-readable information about a variable. This will give you the variables within POST likewise for GET, SESSION etc.

print_r($_POST) spits out array, as it should, and SID has value in it. But when I am telling to run echo "user $SID "; it comes out empty....😕

vasia1970

<?
session_start();
/*include "auth_admin.inc.php";*/
include "conn.inc.php";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTNL 3.2//EN">
<HTML><HEAD><TITLE>Update Emeryville Phonebook Entry</TITLE></HEAD>
<BODY><img src="../../images/mockup-2-logo.gif" alt="City IT" width="63" height="63" border="0"><H1><I><FONT FACE="Arial, Helvetica, sans-serif" COLOR="#3333FF">Update Phonebook Entry</FONT></I></H1>
<?
	$SID = $_POST[SID];
	$LastName = $_POST[LastName];
	$FirstName = $_POST[FirstName];
	$JobTitle = $_POST[JobTitle];
  	$Dept = $_POST[Dept];
  	$Phone = $_POST[Phone];
	$Email = $_POST[Email];
	$Cellno = $_POST[Cellno];


$update = "UPDATE contactinfo SET LastName='$LastName', FirstName='$FirstName', JobTitle='$JobTitle', Dept='$Dept', Phone='$Phone', Email='$Email', Cellno='$Cellno' WHERE Userid = '$SID'; ";

echo "Here is what had been received and recorded into database<br /><br />";

echo "the user is: $SID";
echo "Last Name is $LastName <br>First Name is $FirstName<br />Job Title is $JobTitle <br />Department is $Dept <br />Phone number is $Phone<br /> E-mail address is $Email<br /> Cell phone number is $Cellno <br />for user $SID ";
print_r($_POST);
$results = mysql_query($update) or die(mysql_error());

?>
  <!--<b><br /><br />User information has been updated.</b><br>
  <a href="admin_area.php">Click here</a> to return to the admin area.-->

</p></body></html>

halojoy

try putting quotes around variable names in $POST
They can be single '..... or double "

//	
	$SID = $_POST['SID'];
	$LastName = $_POST['LastName'];
	$FirstName = $_POST['FirstName'];
	$JobTitle = $_POST['JobTitle'];
//etc, etc

and please start using php long tags instead of <?
if you do not learn this now, you will have to learn in future - the hard way :eek:
you wont be the first having to spend hours and hours rewrite all your php pages

<?php

Regards - your friendly adviser