Cookies

A

Anonymous

Guest
Hi There

I have several scripts that work amazing with my ISP

I have then installed Apache 1.3.29, MySQL, PHP 4, phpMyAdmin

So then i tryed to run the files on my local mahcine. Had problems with session. added a dir called sessiondata and added the path to that dir in my php.ini file under session path..

But i'm know finding some very simple scirpts such as

Code: 
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form action="brownies.php" method="get">

<input name="item" type="hidden" value="Bag of Fudgy Two-Bite Brownies"><input name="price" type="hidden" value="2.99">

  <table width="100%" border="0" cellspacing="0" cellpadding="0">
    <tr> 
      <td><img src="images/special1-1.jpg" width="300" height="50" onClick="printText('Add a bag of fudg two-bite brownies to any order!');"></td>
  	</tr>
  	<tr>
		<td><textarea  name="order" cols="30" rows="9" wrap="VIRTUAL"></textarea></td></tr>
    </tr>
    <tr> 
      <td> <input type="image" src="images/order.jpg" width="200" name-"submit" height="50" /></td>
    </tr>
  </table>
</form>
</body>
</html>

calles this file:
Code: 
<?php 
include ("dbconnect.php");

	$sql = "INSERT INTO ordertemp (item,price) VALUES ('$item','$price')";
	// do the query...
$results = mysql_query($sql, $db);

	header("location: ./specials.php");
?>

Will add a blank line in my database with out adding the filds?? any suggestions..

Even using code such as:
Code: 
<?php 

include ("dbconnect.php");

$sql = "DELETE FROM ordertemp WHERE id = '$id'";
$result = mysql_query($sql, $db);

header("location: ./specials.php");
?>

Is a problem, but if i use sessions i'm able to add?? :shock:
 
Try to get your variables in the second age with:
Code: 
$_GET['whatever'];
$HTTP_GET_VARS['whatever'];
But are you using sessions or not !?

Yeh, even using sessions you´ll be able to add it!!
For security reasons, i suggest you to make a simple verification before using the sql query´s, like:
PHP: 
<?
if($submit){
// Do something
}
else{
// Do another thing
}
?>

BTW, you have an error here:
Code: 
<input type="image" src="images/order.jpg" width="200" name-"submit" height="50" /></td>
name-"submit", should be: name="submit" !
 
Got that error that's :-D

Thanks So much for your sugestions.. I'm going to put them into effect asap.. :D
 
You must log in or register to reply here.
Back
Top