Hi,

I am trying to set up so that users on my site can pay to upgrade there account. What i thought would work but does not seem to be is this:

<input type="hidden" name="return" value="http://www.web.com/upgrade-account-process.php?id={$sessionid}">

Then in the upgradeaccount-process.php i have done:


if (isset($_GET['type'])){

$sdate = date("Y-m-d");

$query = mysql_query("UPDATE `users` SET type='1', sdate='$sdate' WHERE id = '$_GET[id]'");

header("Location: members.php"); /* Redirect browser */
exit();

}


But when i tried this it does not upgrade, have i done something wrong?

Cheers,
Adam

Hello,

Check that you need to actually output PHP, not HTML:


<input type="hidden" name="return" value="http://www.web.com/upgrade-account-process.php?id=<?=$sessionid;?>">


Also, your SQL can suffer from injection* so, I'd add some mysql_real_escape_string (http://www.php.net/mysql_real_escape_string) in there.

Jay

* Depending on your PHP configuration (i.e. magic quotes).

($_GET['type']) should be ($_GET['return'])

the isset condition can't see $_GET['type'] because there is none

<input type="hidden" name="return" value="http://www.web.com/upgrade-account-process.php?id={$sessionid}">


maybe

sdate=".'$sdate'."

($_GET['type']) should be ($_GET['return'])

the isset condition can't see $_GET['type'] because there is none


maybe

sdate=".'$sdate'."
Incorrect. The MySQL Query is within double quotes, therefore variables are parsed. Also, your syntax is wrong as it would simply add $sdate, and not's it's value.

Jay

<input type="hidden" name="return" value="http://www.web.com/upgrade-account-process.php?id=<? echo $sessionid;?>">

Try that, also you should try using $_POST. and a proper form.