print"<form method='post' action='staff.php?step=$userban&ID=$queryid'> <input type='submit' name='Submit' value='$userban' class='button'/> </form>"; $step=$_GET['step']; if(isset($step)) { if($step=='ban') { $ID=$_GET[ID]; $user1="update user set ban='0' where id='$ID'"; $user2=mysql_query($user1) or die(mysql_error()); }else{ $ID=$_GET[ID]; $user1="update user set ban='1' where id='$ID'"; $user2=mysql_query($user1) or die(mysql_error()); } } else{ print "booooo"; } PHP: staff.php?step=unban&ID=2 <=== example of what shows in url staff.php?step=ban&ID=5 <=== example of what shows in url If i try to print $ID or $step i get nothing. not the entire page as you can tell but from the form to where i need to use the info is in the same area get is right under the form. why wont this work!
in form you use "post" method but in script you call $_GET change $_GET with $_POST or change form method to "get"
but this is not safe! you can get your code injected. if you want to use $ID instead of $_GET['ID'] you can call function extract($_GET) but this is not safe too but more safer than register_globals on
He ask why his form is not working and answer is simple in form he uses method="post" in php he is uses $_GET he should use $POST instead of $_GET
I still never got it working, but im not too worried about security at the moment. I just want to build. even my login post forms dont have strip slashes or preg replace yet thanks for the information. i will play with it tommorow
No, You are wrong, I got working this[even with method post] , may be he is using PHP version < 4.1.0, If so try to $HTTP_GET_VARS instead of $_GET And one more thing, when using $_GET, even no need to submit a form data, A url with query string is enough
PHP Version 4.4.7 I just have no idea what im doing. just learning php. im going to recode the entire page im doing. got out of control
Do you maybe have a constant defined as "ID"? If so, PHP would interpret the following wrong: $ID=$_GET[ID]; Put ALWAYS quotes around the array keys, except, if they're variables, constants, or integers. Like this: $ID=$_GET['ID']; I don't think this is causing the actual issue, but should be fixed regardless. Then try adding these 2 lines on top of your script and see if you get any errors: error_reporting(E_ALL); ini_set('display_errors', '1'); PHP:
$user1="update user set ban='1' where id='$ID'"; PHP: Take out the quotation marks around $ID unless you're using a string for an ID in your SQL db.. Preferably you would do something like this: $user1="update user set ban='1' where id=" . intval($ID); PHP:
You can use quotes around integers, but it's not necessary. And they do not cause problems or errors.
thanks for the replies. but i ended up fixing it. I just redid the page and used cases. there was actually alot wrong with everything. It works, its not secure, but it works. and at this time that is all that matters. I also fixed all my $_GET[] with ' '. thanks for that