Norax February 2016

Changing ID Chosen Being dropdown PHP

I have a script for the forum. By default, users can only post if it has opened the site to determine the parent first. For example domain.com/new.php?parent=3

Here I am trying to modify using the dropdown. For example: OPTION 1 (value1) OPTION 2 (value2) OPTION 3 (value3)

I add $parent=$_POST['parent']; following the example of the $title=$_POST['title']; But always failed.

Is there a solution?

CODE:

<?php
//This page let users create new topics
include('config.php');
if(isset($_GET['parent']))
{
    $id = intval($_GET['parent']);
if(isset($_SESSION['username']))
{
    $dn1 = mysql_fetch_array(mysql_query('select count(c.id) as nb1, c.name from categories as c where c.id="'.$id.'"'));
if($dn1['nb1']>0)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
        <title>New Topic - <?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?> - Forum</title>
        <script type="text/javascript" src="functions.js"></script>
    </head>
    <body>
        <div class="header">
            <a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Forum" /></a>
        </div>
        <div class="content">
<?php
$nb_new_pm = mysql_fetch_array(mysql_query('select count(*) as nb_new_pm from pm where ((user1="'.$_SESSION['userid'].'" and user1read="no") or (user2="'.$_SESSION['userid'].'" and user2read="no")) and id2="1"'));
$nb_new_pm = $nb_new_pm['nb_new_pm'];
?>
<div class="box">
    <div class="        

Answers


luchaos February 2016

There is no input element with the name parent in the form, therefore $_POST['parent'] will not be set. Verify by dumping $_POST after submit: var_dump($_POST).

You could reuse the $id variable which holds the $_GET['parent'] value.

As it has been mentioned in the comments:

Make sure to sanitize all input values before stating SQL queries to prevent SQL injection attacks!

Post Status

Asked in February 2016
Viewed 1,515 times
Voted 14
Answered 1 times

Search




Leave an answer