-1

I can't seem to retrieve the values of the post variables from the HTML form .. for some reason .. This is usually straightforward , but when I go to the score PHP file .. none of the form values are retrieved :(

<?php
$id = $_GET['id'];    
?>

 <form action="score.php" method ="post">
    <table border="0">
        <tr> 
            <td>
                <input type="radio" name="score" id="<?php echo $id ?>" value="2" />      
                <img style ="position:relative; left:-90;top:-20" src="./images/+2.png" /> 
            </td> 
        </tr>
        <tr>
            <td>
                <input type="radio" name="score" id="<?php echo $id ?>" value="3"/>
                <img style ="position:relative; left:-90;top:-20" src="./images/+3.png" /> 
            </td>
        </tr>                    
        <tr>
            <td>
                <input type="radio" name="score" id="<?php echo $id ?>" value="-1" /> 
                <img style ="position:relative; left:-90;top:-20" src="./images/-1.png" /> 
            </td>
        </tr>
        <tr>
            <td>
                <input type="radio" name="score" id="<?php echo $id ?>" value="-2"/>
                <img style ="position:relative; left:-90;top:-20" src="./images/-2.png" />
            </td>
        </tr> 
        <tr>
            <td>
                <input type="submit" id="mysubmit" value="Submit score"  />
            </td>
        </tr>
    </table>
</form>

Below is the score.php file ..

<?php
require('../madscore/database/connect.php');
?>
<?php
 database_connect();
$id = $_POST['id']; 
$value = $_POST['value'];  
$query = "UPDATE people SET Score= Score +".$value."WHERE ID ='".$id."'";
var_dump($query);exit;
$result = $connection->query($query);
$row_count = $result->num_rows;
var_dump($row_count);

?>
Charles
  • 50,943
  • 13
  • 104
  • 142
Guy Rwayitare
  • 73
  • 2
  • 6
  • 2
    **Your code is vulnerable to SQL injection attack.** You *really* should be using [prepared statements](http://stackoverflow.com/a/60496/623041), into which you pass your variables as parameters that do not get evaluated for SQL. If you don't know what I'm talking about, or how to fix it, read the story of [Bobby Tables](http://stackoverflow.com/q/332365/623041). – eggyal Dec 22 '12 at 22:41
  • 1
    I'll fix that .. I know .. this is just an exercise .. I need help for the POST variables that come back with no value .. – Guy Rwayitare Dec 22 '12 at 22:45
  • use either a `var_dump($_POST)` or `print_r($_POST)` to know what are the actual indeces of your `$_POST` array – ianace Dec 22 '12 at 22:58

2 Answers2

1

Could be because you use name="score" in all your form elements. Change the name elements to name="id" and name="value" and see if it works

v0d1ch
  • 2,738
  • 1
  • 22
  • 27
1

I think you should use

$value = $_POST['score'];

In stead of

$value = $_POST['value'];

As for the ID in POST: You could add an invisible input element, that holds the ID value, that has been given by GET. This way, it will be saved in POST.

<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
Nerbiz
  • 134
  • 1
  • 3