1
skitch
Quirky $_POST issues
  • 2008/1/19 7:24

  • skitch

  • Just popping in

  • Posts: 3

  • Since: 2007/5/22


heres the code i am working with:
case "add":
        
xoops_cp_header();
        include 
XOOPS_ROOT_PATH."/class/xoopsformloader.php";
        if(isset(
$_POST['name'])) 
        {
        echo 
"SET";
        
$name=$_POST['name'];
        
$abrv=$_POST['abrv'];
        
mysql_query("INSERT INTO data VALUES ('', '".$name."', '".$abrv."')")
        or die(
mysql_error());
        }else{
        echo 
"not set";
        }
        
$data mysql_query("SELECT * FROM data ")
        or die(
mysql_error());
        echo 
"Check the right column first to see if the name is there. If not add it on the left.";
        echo
"";
        
$form = new XoopsSimpleForm('''add''''POST');
        
$form->addElement(new XoopsFormText('Name:''name'2020$value ""));
        
$form->addElement(new XoopsFormText('Abreviation:''abrv'2020$value ""));
        
$form->addElement(new XoopsFormButton('''button_id''Submit''submit'));
        
$form->display(); 
        echo
"";
        echo 
"";
        while(
$info mysql_fetch_array$data ) )
        {
            
$gid $info['gid'];
            
$name $info['name'];
            
$abrv $info['abrv'];
            echo 
"";
        }
        echo
"
".$abrv."".$name."
"
;
        break;

And now the problem:
When the page index.php?op=add loads the first time the data in the form is empty. If you type in data in the form and press submit the data is entered into the database like is should and the page is redisplayed as the for action is to the same page. When the page is redisplayed the form is there ready to be used again. Now this second time if you enter new data again and press submit it will display the "not set" echo thats in there and no data will be inserted into the database. Now after the second attempt and the "not set" displays if you hit f5 (page reload) then the second set of data is sent proper like and is put in the database. How do I avoid having to hit reload with the second set of data?

2
hervet
Re: Quirky $_POST issues
  • 2008/1/19 13:08

  • hervet

  • Friend of XOOPS

  • Posts: 2267

  • Since: 2003/11/4


use the Php header() function of the XOOPS redirect_header() function (see it in include/functions.php) to redirect user to another page or to the same page.

Two notes :
1/ Use the XOOPS API to talk with the database (use the database object), and never use, directly, the MySQL functions, for example :
$db =& Database::getInstance();
$result $db->query(....);


2/ Use the sanitizer before to use external data (especially coming directly for the user) in your sql queries.
What you are doing actually is dangerous and there as some security issues.
Use the XOOPS MyTextSanitizer object, for example :

Quote:

$myts =& MyTextSanitizer::getInstance();
$title = $myts->addSlashes($title);
$db->query("select * from ".$db->prefix('mydb')." where title=".$title;


Finally, I suggest you to use the XoopsObject, everything we discussed is inside it, and buy a good book about Php.

Take the code of a module an study it.

3
skitch
Re: Quirky $_POST issues
  • 2008/1/20 18:31

  • skitch

  • Just popping in

  • Posts: 3

  • Since: 2007/5/22


So use MyTextSanitizer and query like this?
$name=$_POST['name'];
$abrv=$_POST['abrv'];
$myts =& MyTextSanitizer::getInstance();
$name $myts->addSlashes($name);
$abrv $myts->addSlashes($abrv);
$db =& Database::getInstance();
$result $db->query("INSERT INTO xoops_names VALUES ('', '".$name."', '".$abrv."')");

4
trabis
Re: Quirky $_POST issues
  • 2008/1/20 18:39

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Yes that is good!

You can also use $db->prefix('names') instead of xoops_names,

Login

Who's Online

295 user(s) are online (195 user(s) are browsing Support Forums)


Members: 0


Guests: 295


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits