Member Avatar for mmcdonald

Hi all. I'm having a mad issue... totally mad. I mean I've never had this before.

I have the following HTML form:

<form action="" method="POST" name="createForumCategory">
    <label>Create a new category:</label> 
    <input type="text" name="category" class="m-wrap placeholder-no-fix" />
    <input type="hidden" name="id" id="id" value="<?php echo $forumOrange['id']; ?>" />
    <button class="btn green" type="submit">Add Category</button>
</form>

That uses the following PHP handler:

if(isset($_SESSION['authenticatedStaff'], $_POST["category"], $_POST["id"])){

        $mysqli = mysqli_connect($config['host'], $config['user'], $config['pass'], $config['db']);

        $category = $mysqli->real_escape_string($_POST['category']);
        $position = "99999";

        $query = "INSERT INTO topic_category (id,name,position) VALUES (?, ?, ?)";
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('isi', $_POST['id'], $_POST["category"], $position);
        $result = $stmt->execute();
        $mysqli->close();
}

I know there is no error handling - but there is no need! The reason being is that the form handler doesn't seem to detect any $_POST variables. The HTML form submits and the only thing that changes is the files query string. It changes from localhost/manage.php to localhost/manage.php?category=test&id=1 (Where test was the value of the category field). So the forms data is being set in the query string, but not processed as per usual.

I could change:

if(isset($_SESSION['authenticatedStaff'], $_POST["category"], $_POST["id"])){

to:

if(isset($_SESSION['authenticatedStaff'], $_GET["category"], $_GET["id"])){

but this is a weak work around and I'd rather try and get to the bottom of why this is occuring in the first place. Any thoughts?

+1 to the individual who spots the magic mistake that I obviously can't.

Thanks in advance,
Michael

N.B. Please ignore the 'unique' blend of procedural and OO code!

Edited by mmcdonald
  • 4 Contributors
  • 13 Replies
  • 281 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by mmcdonald

Recommended Answers

All 13 Replies

Member Avatar for cereal

Place this die(print_r($_POST)); before the IF statement and check what you get, you can do the same with $_SESSION. Otherwise just try to echo something before and after the conditional statement, if everything works fine, then it's something else. I don't think it's related to $_POST because the redirect seems correct, although I don't see how this is generated.

Unless $_POST['id'] is received as a string, verify it with var_dump, in that case change this:

$stmt->bind_param('isi', $_POST['id'], $_POST["category"], $position);

to:

$stmt->bind_param('isi', intval($_POST['id']), $_POST["category"], $position);
Edited by cereal
Member Avatar for mmcdonald

die(print_r($_POST)); outputs Array ( ) 1. die(print_r($_SESSION)); is correct 100%.

I've already tried echoing before and after, but this of course doersn't matter - the IF statement isn't executing.

Unless $_POST['id'] is received as a string

This may be a potential issue further down the line but not now as the form handler isn't even executing. All that happens when the form is submitted is a change to the query string.

I should add to the OP that the form is located in pages/forums.php and the handler is located in administration.php, but pages/forums.php is included in administration.php.

Thanks for your input,
Michael

Edited by mmcdonald
Member Avatar for cereal

I can only think to an internal redirect, that will empty the $_POST array.

I should add to the OP that the form is located in pages/forums.php and the handler is located in administration.php, but pages/forums.php is included in administration.php

This confuses me :D Can you show more about the script?

Member Avatar for mmcdonald

I wouldn't mind, not at all, but the script is huge and split all over the place, sorry!

Basically, administration.php?manage=forums is our current location, but it could be administration.php?manage=blog, administration.php?manage=addons, administration.php?manage=settings, administration.php?manage=support or administration.php?manage=theme. Each ?manage query string opens a different file.

So, administration.php looks a little like this:
if($_GET['manage'] == "forum"){
    include('pages/administration/forums.php');
}

if($_GET['manage'] == "addons"){
    include('pages/administration/addons.php');
}

if($_GET['manage'] == "api"){
    include('pages/administration/api.php');
}

but with more control, obviously :) and:

pages/administration/forums.php has this in it:
    <form>
        <div class="span6">
            <form action="" method="POST" name="createForumCategory" id="createForumCategory">
                <label>Create a new category:</label> 
                <input type="text" name="category" id="category" class="m-wrap" />
                <input type="hidden" name="lmsid" id="lmsid" value="<?php echo $core['id']; ?>" />
                <button class="btn green" type="submit">Add Category</button>
            </form>
        </div>
    </form>

The HTML forms are located within the includes (I.E. pages/administration/forums.php) and the PHP form handlers are located at the top of administration.php. So the PHP handlers are there by default, and the HTML forms are included.

Does that make more sense?

I have, for troubleshooting purposes, tried having the handler in the same file as the form, the same issue occured. I just can't seem to get ANY form to submit in this file - they all add on to the query string as $_POST's!

Edited by mmcdonald
Member Avatar for urtrivedi

what is name of ur html file and handler file?

Member Avatar for mmcdonald

I've said above three times mate, and there is no HTML file.

My HTML code is in /administration/forums.php and my PHP form handler is in administration.php.

Member Avatar for urtrivedi

come to shoutbox

Member Avatar for urtrivedi

you must also pass manage variable in your post

Member Avatar for mmcdonald

I missed you, what do you mean 'pass a manage variable'? I've never heard that term before.

Member Avatar for urtrivedi

I suggest you
1) give name and id to forms
2) put button as simple button and not as submit button
3) on click on button submit speicifi form using javascript

Member Avatar for mmcdonald

Good news people - problem solved!

After hours of... cursing... the problem was caused by a very close friend who hid a very sneaky <form> tag towards to the top of the page. Turns out it's payback for going on a date with his ex-ex-ex-ex (Four times removed).

Last time I leave my PC unlocked when he visits!

Member Avatar for iamthwee

Yeah I remember you having another issue where it was somebody else's fault.

Funny.

Member Avatar for mmcdonald

That's one of the few cons of collaborative coding. However I know that this was J as I've already spoken to him on the phone and he's the only one who has seen that script since its creation. I can clearly see what you're hinting at, as can the rest of the community - but I couldn't care less. There are too many errors that are of my doing; so it's a beautiful thing when I discover one that's not! (Insert cheesey grin here)

One thing to leave you with,

“Sarcasm is the lowest form of wit.”
― Oscar Wilde

Good luck,
Michael

Edited by mmcdonald
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.