Passing variables between functions on same index.php

Donovan · Client Joined: Oct 07, 2003 Posts: 675 Location: Ohio

Another thread for help on my next issue for this standalone (Non Nuke) program.

As I stated on my other thread I have a single index.php page.

I have this at the top.

Code:

switch ($op) {

case "comment":
comment();
break;

case "reply":
reply($cid);
break;

case "previewComment":
previewcomment();
break;

case "submitComment":
submitComment($title, $comment_text, $topic, $ipaddress);
break;

default:
index();
break;
}

My form action for each function is:

Code:

action=\"" .$_SERVER['PHP_SELF']

In my comment function I have all my variables between my form tags such as

<select name=\"topic\">
<input type="\text\" name="\title\">
<textarea cols=\"50\" rows=\"12\" name=\"comment_text\"></textarea>

I send this to my submitComment function

Code:

echo'</p><p><input type="submit" name="submit" value="Submit" />  '
.'<input name="op" type="hidden" value="submitComment" />';

Where I receive nothing when I try to just echo the variables.

Code:

function submitComment($title, $comment_text, $topic, $ipaddress) {

Opentable();
echo"<tr><td>$title</td></tr></br >";
echo"<tr><td>$comment_text</td></tr></br >";
echo"<tr><td>$topic</td></tr></br >";
echo"<tr><td>$ipaddress</td></tr></br >";
Closetable();

}

Any help is appreciated.

Gremmie · Posted: Fri Aug 31, 2007 3:10 pm

Remember, register_globals is not on. You need to get the data out of the $_POST or $_GET arrays yourself.

Donovan · Client Joined: Oct 07, 2003 Posts: 675 Location: Ohio

So within my comment function I would need to do something like:

$topic = $_Post['topic'];

Gremmie · Posted: Fri Aug 31, 2007 3:36 pm

Yes, or wherever you want to use it.

fkelly · Posted: Fri Aug 31, 2007 7:00 pm

I'm not positive but I think it has to be $_POST. Capitalized. You might also want to make it a habit to do an isset check on POST variables. Text type fields will always be passed in the POST array but checkboxes will not unless they are checked.

montego · Posted: Sat Sep 01, 2007 6:55 am

Yes, it must be ALL CAPS. PHP is case sensitive on variable names.

Donovan · Client Joined: Oct 07, 2003 Posts: 675 Location: Ohio

How could I pass the $op variable from an admin menu that is called before each function.

Such as:

Code:

function admin_menu(){

OpenTable();
echo "<table border='1' align='center' width='100%' cellpadding='2' cellspacing='0'>\n";
echo "<tr>\n";
echo "<td align='center' valign='top' width='15%'> <b><u>Waiting Questions</u></b> </td>\n";
echo "<td align='center' valign='top' width='15%'> <b><u>Change Your Info</u></b> </td>\n";
echo "<td align='center' valign='top' width='15%'> <b><u>Courses</u></b> </td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td align='center' valign='top' width='15%' rowspan='3'>\n";
echo " <a href='index.php?op=listQuestions'>List Questions</a> <br />\n";
echo "</td>\n";
echo "<td align='center' valign='top' width='15%' rowspan='3'>\n";
echo " <a href='index.php?op=info'>Your Info</a> <br />\n";
echo "</td>\n";
echo "<td align='center' valign='top' width='15%' rowspan='3'>";
echo " <a href='index.php?op=listCourses'>List Courses</a> <br />";
echo "</td>\n";
echo "</tr>\n";
echo "</table>\n";
echo "<table border='1' align='center' width='100%' cellpadding='2' cellspacing='0'>\n";
CloseTable();
}

If I click on List Questions it does not go anywhere but just refreshes. The $op is not being passed to the switch $op I have at the bottom of my index page.

Code:

$op = isset($_POST['op']) ? $_POST['op'] : '';
switch ($op) {

case "listQuestions":
listQuestions();
break;

case "info":
info();
break;

case "listCourses":
listCourses();
break;

default:
admin_menu();
break;
}

globals are off and I can't seem get this concept thru my thick head that I need to $_POST the $op variable, but I don't know where.

evaders99 · Moderator Joined: Apr 30, 2004 Posts: 2749

You can add the $op variable as a parameter or use it as a global

Code:

function admin_menu($op){

...

admin_menu($op);

or

Code:

function admin_menu(){
global $op;

montego · Posted: Wed Sep 05, 2007 5:13 am

Donovan, the links that you are showing within your function admin_menu() are not coming from a form with a method of POST. Therefore, in this case, these are in $_GET....

Donovan · Client Joined: Oct 07, 2003 Posts: 675 Location: Ohio

Thanks Montego,

I didn't know coding with registered globals on made things much easier to a novice PHP developer. Without them it has lead to a bunch of errors in my code. Alas, things are more secure with them off, but it takes some getting used to.

fkelly · Posted: Wed Sep 05, 2007 7:35 am

Donovan, working without register globals is really not complicated. You either have $_POST variables or $_GET. These are all contained in a POST or GET array. If you are using a form with a POST request method then the field names on the form are all POSTED automatically to the receiving or processing program. You will want to validate them on the receiving end. There is an extensive discussion of this here:

Only registered users can see links on this board!
Get registered or login to the forums!

There is code in mainfile that turns register globals on (or I should say imports the variables) but I think there is general agreement that we would like to gradually convert Nuke so that we explicitly filter all variables rather than relying on implicitly importing them. That's going to take some doing since the old method permeates the core PHPnuke code. But for your new stuff you'd be better off getting familiar with the preferred approach. That's my opinion anyway.

Donovan · Client Joined: Oct 07, 2003 Posts: 675 Location: Ohio

fkelly wrote:

Donovan, working without register globals is really not complicated. You either have $_POST variables or $_GET. These are all contained in a POST or GET array.

But if my admin_menu () did not have any form tags at all then the only way to find the value of $op was to $_GET?

Correct?

I changed this

Code:

$op = isset($_GET['op']) ? $_GET['op'] : '';
switch ($op) {

blah
blah
}

and now I am able to get inside my listQuestions() function.

fkelly · Posted: Wed Sep 05, 2007 8:12 am

Correct. You are either using the GET method or the POST one and in this case you are using GET. The important part is to conceptualize of user input (whether it be a form with POSTS or a selection that results in setting a GET) and the processing of that input as being a single integrated piece of code. Because of the nature of web architecture you can't total rely upon the fact that anything sent to your processing program comes from the source it says it comes from so you need to filter to assure that only legitimate variables (POSTS or GETS) are received and acted on.

Donovan · Client Joined: Oct 07, 2003 Posts: 675 Location: Ohio

Well I'm still having trouble here.

I can list the questions and can choose which question I want to edit. Within the edit question function I have a textarea where the text is located but when I try and post that to a saveQuestion function all I am getting is the $cid of that question. I cannot pass the text or title of that question.

For example:

//list questions

Code:

OpenTable();
echo "<table width=\"100%\" border=\"0\">";
echo "<tr>";
echo "<td align=\"left\" width=\"50%\"><div class=\"content\">$title</div></td>";
echo "<td align=\"center\" width=\"25%\"><div class=\"content\">$formatdate</div></td>";
echo "<td align=\"right\" width=\"25%\"><div class=\"content\"><a href=\"index.php?op=editQuestion&cid=$cid\">Edit</a></div></td>";
echo "</tr>";
echo "<input name=\"cid\" type=\"hidden\" value=\"$cid\" />";
echo "</form>";
echo "</table>";
CloseTable();

Edit Questions since $cid is not declared in listQuestion or outside any form tags I have to $_GET

Code:

function editQuestion() {
global $AllowableHTML, $db;
$cid = $_GET['cid'];

$result = $db->sql_query("SELECT * FROM comment_queue WHERE cid = '$cid'");
while ($row = $db->sql_fetchrow($result)) {

$title = stripslashes(check_html($row['title'], 'nohtml'));
$comment_text = stripslashes(check_html($row['comment_text'], 'nohtml'));
}

OpenTable();
echo "<b>Title:</b><br />"
."<input type=\"text\" name=\"title\" size=\"50\" maxlength=\"80\" value=\"$title\" /><br />";
echo "<b>Text:</b>You can use HTML to format your question.<br />"
."<textarea cols=\"50\" rows=\"15\" style=\"background:#EFEFEF\" name=\"comment_text\">$comment_text</textarea><br />";
echo "<p>If you included any URLs or html, be sure to double check them for typos.</p>"
."<p>Allowed HTML:<br />"
."</p>"
   ."<p>";
while (list($key,) = each($AllowableHTML)) echo ' <'.$key.'>';
   echo "</p>";
echo"<select name=\"op\">"
."<option value=\"deleteQuestion\">Delete Question</option>"
."<option value=\"preview\" selected=\"selected\">Preview</option>"
."<option value=\"postReply\">Post Reply</option>"
."</select>"
."<input type=\"submit\" value=\"OK\" />";
   echo"<br>";
   echo"<a href=\"index.php?op=deleteQuestion&cid=$cid\">Delete</a>";
   echo"<br>";
   echo"<a href=\"index.php?op=previewQuestion&cid=$cid\">Preview</a>";
   echo"<br>";
   echo"<a href=\"index.php?op=saveQuestion&cid=$cid\">Save</a>";
   echo"<br>";
echo "</form>";
CloseTable();
}

^
^
My list box is not working so I am using links for now.

I need to send the contents of $comment_text and $title to the saveQuestion function to update those fields.

Code:

function saveQuestion() {
global $db;
$cid = $_GET['cid'];
$title = $_POST['title'];
$comment_text = $_POST['comment_text'];
echo"$cid";
echo"<br>";
echo"$title";
echo"<br>";
echo"$comment_text";

The only thing I am able to echo out is $cid

In the editQuestion function I am using the PHP_SELF as action but Sentinal wont let me use that.

fkelly · Posted: Tue Sep 11, 2007 1:39 pm

I don't see any form tag with a method="post". In fact I just see a closing form tag and not an open one. Am I missing it? You can't post anything if your method isn't post. Furthermore you don't have an action attribute.

I'd recommend that you go entirely with posts and forget the gets. You might have one form that posts the cid and another that retrieves it and sticks the question in a textarea and then posts any edits that are done on that. I'd also recommend that you run what you have (or any amended version) thru the w3c validator. It will point out any missing tags. I also haven't seen that "while (list($key,)" syntax before. That may just be my inexperience but that comma looks suspicious to me. What's it there for?

Donovan · Client Joined: Oct 07, 2003 Posts: 675 Location: Ohio

All my forms start with method post and action .$_SERVER['PHP_SELF']

But NukeSentinal was choking on this so I left it out of the post.

The , is to separate the Allowable html "keys" in an array.

Code:

$AllowableHTML = array(
'a' => array('href' => 1, 'target' => 1, 'title' => array('minlen' => 4, 'maxlen' => 120)),
'b' => array(),
'blockquote' => array(),
'br' => array(),
'center' => array(),
'div' => array('align' => 1),
'em' => array(),
'font' => array('face' => 1, 'style' => 1, 'color' => 1, 'size' => array('minval' => 1, 'maxval' => 7)),
'h1'=>array(),
'h2'=>array(),
'h3'=>array(),
'h4'=>array(),
'h5'=>array(),
'h6'=>array(),
'hr' => array(),
'i' => array(),
'img' => array('alt' => 1, 'src' => 1, 'hspace' => 1, 'vspace' => 1, 'width' => 1, 'height' => 1, 'border' => 1, 'align' => 1),
'li' => array(),
'ol' => array(),
'p' => array('align' => 1),
'pre' => array('align' => 1),
'span' =>array('class' => 1, 'style' => array('font-family' => 1, 'color' => 1)),
'strong' => array(),
'strike'=>array(),
'sub'=>array(),
'sup'=>array(),
'table' => array('align' => 1, 'border' => 1, 'cell' => 1, 'width' => 1, 'cellspacing' => 1, 'cellpadding' => 1),
'td' => array('align' => 1, 'width' => 1, 'valign' => 1, 'height' => 1, 'rowspan' => 1, 'colspan' => 1 ),
'tr' => array('align' => 1),
'tt'=>array(),
'u' => array(),
'ul' => array(),
);

I was trying at one time to use fckeditor but never got it working. Maybe in version 2 of this project.