Why wont this work???

Hi all,

I have a problem.

Here are my files:

file.php

<?php

$id1 = 1;

?>
<form action="file1.php?id=<?php echo $id1; ?>" method="GET">
<textarea cols="33" rows="3" name="reply"></textarea>
<input type="submit" name="submit" value="Reply!" />
</form>

<?php
include("file2.php");
?>

PHP:

file1.php

<?php

include("db.php");

$id2 = $_GET['id'];
$button = $_GET['submit'];

if (!$button)
{
echo "You didn't press the submit button! Redirecting back...     <meta http-equiv='refresh' content='2;url=file.php?id=$id2'>";
}

else

{

$reply1 = mysql_real_escape_string($_GET['reply']); 

$sql="INSERT INTO example (id, text)
VALUES
('$id2','$reply1')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
mysql_close($con);

$location = "file2.php?id=$id2";

header("Location: $location");
}

?>

PHP:

file2.php

<?php
$id3 = $_GET['id'];

include("db.php");

$result = mysql_query("SELECT * FROM example WHERE id='$id3'"); 
while($row = mysql_fetch_array($result)) 
{ 

?>

<table>
<tr>
  <td><b><? echo $row['text']; ?></b></td>
</tr>
<tr>
 <td>Submitted: <? echo $row['time']; ?></td>
</tr>
</table>
<?php
// file2.php
if ($_SERVER['PHP_SELF'] == "file2.php") {
   header("Location: file.php?id=$id3");
}
}

mysql_close($con);

?>

PHP:

What's wrong with these files? Which part is wrong?

(Example table contains id, text fields)

Any help is appreciated.

Thanks!

 

What error do you get?

 

Data doesn't get selected in file2.php, because the $_GET['id'] doesn't work. It comes out this way "id=" instead of "id=1".

 

Yeah please provide what errors you get and what part about it is not working. I would take all your code and put it in my sandbox but I have a life.

Is anything getting submitted to the next page "file1.php"? Try having this as your if statement on "file1.php";

if(isset($_POST['submit'])) {
//do something
} else {
//send em back
}

Code (markup):

 

In addition; are your "id's" sensitive information? If so you should do a $_POST and not $_GET. So you would have to change a few things in that respect in your form and sub files related to your project.
-MT

 

I'm not sure why you are including file2.php in file.php

I think when file.php is run there are going to be some problems here: $id3 = $_GET['id'];

 

Cucumba123,
Good eye! I didn't even get that far in the code. Yes, there will be problems.
-MT

 

Switching from GET to POST is insufficient to protect sensitive information. Just because the data is not present in the URL does not protect it in any significant manner.

 

i really don't understand why you need to do that