can't read form variables...

This site is best viewed in a modern browser with JavaScript enabled.

AliHurworth

I have a form which sends it's output to a page.The user agrees with what has been sent, and the data is sent to a third page to add a new line to MySQL.

The first and second pages work, but the new line is empty.

Can anyone tell me why??

Form:

<form action="reg_proc.php" method="post" enctype="application/x-www-form-urlencoded" name="register">
<table width="97%" border="0" cellspacing="5" cellpadding="0">
  <tr>
    <td bordercolor="#6699CC"><div align="left">Your FIRST name</div></td>
    <td><input name="fname" type="text" maxlength="25"/></td>
  </tr>
  <tr>
    <td bordercolor="#6699CC"><div align="left">Your SECOND name</div></td>
    <td><input name="sname" type="text" maxlength="25"/></td>
  </tr>
  <tr>
    <td bordercolor="#6699CC"><div align="left">Your EMAIL</div></td>
    <td><input name="email" type="text" /></td>
  </tr>
  <tr>
    <td bordercolor="#6699CC"><div align="left">MOBILE</div></td>
    <td><input name="mobile" type="text" value="07" /></td>
  </tr>
  <tr>
    <td bordercolor="#6699CC"><div align="left">I am a </div></td>
    <td><input name="gender" type="radio" value="m" />boy
    	<input name="gender" type="radio" value="f" />girl   	</td>
  </tr>
  <tr>
    <td bordercolor="#6699CC"><div align="left">POSTCODE</div></td>
    <td><input name="pcode" type="text"  /></td>
  </tr>
  <tr>
    <td bordercolor="#6699CC"><div align="left">I am...</div>
    </td>
    <td><input name="user_level" type="radio" value="1" />Staff/screener <br />
    	<input name="user_level" type="radio" value="2" />a Coordinator <br />
        <input name="user_level" type="radio" value="0" />just passing by <br />
    </td>
  </tr>
  <tr>
  	<td>
    <input type="submit" value="Register" />
    </td>
    <td>
    	<input type="reset" value="Start again"/>
    </td>
	</tr>
</table>


</form>

Confirmation...

<div id="positioned-element24">
<?php include("connect.php"); 

$db_name="tht"; // Database name
$tbl_name="users"; // Table name

// username and password sent from form
$fname=$_POST['fname'];
$sname=$_POST['sname'];
$email=$_POST['email'];
$mobile=$_POST['mobile'];
$gender=$_POST['gender'];
$pcode=$_POST['pcode'];
$user_level=$_POST['usr_level'];

?>
<br />

<table width="50%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td>Your name is 
    </td>
    <td><strong><?php 
						echo ($fname); 
						echo($sname);
					 ?></strong></td>
  </tr>
  <tr>
    <td>Your mobile</td>
    <td><strong><?php 
						echo ($mobile); 
				?></strong>
    </td>
  </tr>
  <tr>
    <td>Your email</td>
    <td><strong><?php 
						echo ($email); 
					 ?></strong>
    </td>
  </tr>

</table>
You are (m/f): <?php echo ($gender)?>, and live in <?php echo ($pcode)?>.
<br />
<form action="reg_proc2.php">
    <input name="reg_submit" id="reg_submit" value="Register me!" type="submit"/>
    <input type="button" value="No, start again" ONCLICK="history.go(-1)"/>
</form>
</div>

and the actual doings...

<div id="positioned-element24">
<?php include("connect.php"); 

// username and password sent from form
$fname=$_POST['fname'];
$sname=$_POST['sname'];
$email=$_POST['email'];
$mobile=$_POST['mobile'];
$gender=$_POST['gender'];
$pcode=$_POST['pcode'];
$user_level=$_POST['usr_level'];

$sql  = "INSERT INTO users (fname, sname, email, mobile, gender, pcode, acs_lvl) VALUES ('$fname','$sname','$email','$mobile', '$gender', '$pcode', '$user_level')"; 

    #execute SQL statement 
    $result = mysql_query($sql, $db); 

    # check for error 
    if (mysql_error()) { print "Database ERROR: " . mysql_error(); }

$to = $email;
$subject = "THT Registration";
$header = "From: ". $fname . $sname." <" . $email . ">\r\n";

$body = "Hi there.<br>Someone entered this address to register at THT's site. If it wasn't you, please accept our apologies. Your data will be removed within seven days. <br>Otherwise, please follow the link below. <hr> For more info on the trust, please visit http://www.tht.org ";

echo 'Thank-you'.$fname.'. Your message has been sent to '.$email;
mail($to, $subject, $body, $header);

?> 

<br />
An email has been sent to the address you entered. <br />
This contains a link, and when you click this the registration is complete.
<p>
You should follow this link within <strong>seven days</strong>, or <a href="#">request</a> a new email.

</div>

Rodders

Your first page has a form with method="post", so when the form is submitted the $_POST array is populated with the values of the form field.

Your second page doesn't have a form, thus the $_POST array is not populated and the third page cannot see the form fields as you expected.

You could place all of the form fields into hidden inputs on the 2nd page - keeping what you already have but adding:

<input type="hidden" value="<?php echo $fname; ?>" name="fname" />
etc.

Something like that.

Mindzai

Also the code you posted leaves you wide open to SQL injection and XSS attacks.

AliHurworth

Rodders, new concept to me, simply explained, ta.

Mindzai, I know everyone says this, but the eventual code will be more robust, including stripslashes etc., but thanks anyway.

AliHurworth

I amended the code so that it took in your suggestion, but it still won't play:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>add to database</title>

<link href="boxes_lg.css" rel="stylesheet" type="text/css" />
</head>

<body >
<div id="container">


...

<div>
<form action="#" method="POST">
<input type="hidden" value="<?php echo $fname; ?>" name="fname" /> 
<input type="hidden" value="<?php echo $sname; ?>" name="sname" />
<input type="hidden" value="<?php echo $email; ?>" name="email" /> 
<input type="hidden" value="<?php echo $mobile; ?>" name="mobile" />
<input type="hidden" value="<?php echo $gender; ?>" name="gender" /> 
<input type="hidden" value="<?php echo $pcode; ?>" name="pcode" />
<input type="hidden" value="<?php echo $user_level; ?>" name="acs_lvl" /> 
</form>
<?php 
//username and password sent from form
$fname=$_POST['fname'];
$sname=$_POST['sname'];
$email=$_POST['email'];
$mobile=$_POST['mobile'];
$gender=$_POST['gender'];
$pcode=$_POST['pcode'];
$user_level=$_POST['usr_level'];

echo $fname;
$sql  = "INSERT INTO users (fname, sname, email, mobile, gender, pcode, acs_lvl) VALUES ('$fname','$sname','$email','$mobile', '$gender', '$pcode', '$user_level')"; 

    #execute SQL statement 
    $result = mysql_query($sql, $db); 

    # check for error 
    if (mysql_error()) { print "Database ERROR: " . mysql_error(); }

$to = $email;
$subject = "THT Registration";
$header = "From: ". $fname . $sname." <" . $email . ">\r\n";

$body = "Hi there.<br>Someone entered this address to register at THT's site. If it wasn't you, please accept our apologies. Your dat will be removed within seven days. <br>Otherwise, please follow the link below. <hr> For more info on THT, please visit http://www.tht.org ";

echo 'Thank-you'.$fname.'. Your message has been sent to '.$email;
mail($to, $subject, $body, $header);

?> 

<br />
This message contains a link, and when you click this the registration is complete.
<p>
You should follow this link within <strong>seven days</strong>, or <a href="#">request</a> a new email.

</div>
...

</div>


</body>
</html>

...but actually, couldn't I just do it one page? I'd just need the SQL to fire when the "register me" button is pressed ... something like

<form action="#" method="post">
    <input name="reg_submit" id="reg_submit" value="Register me!" type="submit"/>
    <input type="button" value="No, start again" ONCLICK="history.go(-1)"/>
</form>

Except that, once again, it won't get the variables. Right, deep breath, more coffee...

OctoberWind

You're on the right track... just the wrong place.

<input type="hidden" value="<?php echo $fname; ?>" name="fname" /> 
<!-- et al -->

has to go on reg_proc.php, (the second page) inside the

<form action="reg_proc2.php">
<!-- input type="hidden" here...
    <input name="reg_submit" id="reg_submit" value="Register me!" type="submit"/>
    <input type="button" value="No, start again" ONCLICK="history.go(-1)"/>
</form>