variables not carrying over

Question

I cannot figure out at all why the php here is not sending a simple variable over to the IF statement. I tried echoing the $to_who variable in the IF statement, however it comes up as nothing. As a result, the INSERT statement is inserting nothing for the first column. The $to_who var has a number until the IF statement.

$to_who = $_GET['id'];
require('connect.php');

echo $to_who;


$to_who_search = "SELECT * FROM donorstable WHERE donor_id = '$to_who'";

$to_who_raw = mysql_query($to_who_search);

$name = mysql_result($to_who_raw , 0 , 'first_name') . ' ' .  mysql_result($to_who_raw , 0 , 'last_name') ;
$email =  mysql_result($to_who_raw , 0 , 'email');


if(isset($_POST['submit1'])){
    require('connect.php');

//gets from data

$getsubject = $_POST['subject'];
$getmessage = $_POST['message'];

//Gets user's email from table

$getformsql = "SELECT * FROM donorstable WHERE donor_id = '$userid'";
$getfrom = mysql_query($getformsql);

//builds email
$to = $email;
$subject = $getsubject;
$message = $getmessage;
$from = mysql_result($getfrom , 0  , 'email');
$headers = "From:" . $from;
//mail($to,$subject,$message,$headers);
echo "Mail Sent.";

$inserstatement = "INSERT INTO messages VALUES ('$to_who' , '$from' ,'$subject', '$message' , '0' , '')";

mysql_query($inserstatement);

 }

Thanks

does it has something to do with isset($_POST['submit1'] ) , as here you are expecting the variable to be sent using POST method whereas you are trying to echo $to_who = $_GET['id']; using GET method — Satya, Oct 27 '13 at 03:22
Another thing in `$getformsql` sql you are using a `$userid` variable where does it came from ? — Jorge Campos, Oct 27 '13 at 03:23
For one thing, if your form uses `method="get"` then your POST variables won't do anything, after seeing `$to_who = $_GET['id'];` which I suspect is `method="post"` after seeing `if(isset($_POST['submit1'])){` --- so change that to `$to_who = $_POST['id'];` and see what gives. — Funk Forty Niner, Oct 27 '13 at 03:24
Your code is likely to be hacked using SQL Injection. http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php — Cfreak, Oct 27 '13 at 03:28
There is an HTML form which is set to method="post" and that is where the message and subject come from. Then the _GET is to get the id from another page using ...php?id=... @JorgeCampos the $userid is a session variable .. that is working fine .. — Ds.109, Oct 27 '13 at 03:29
And you should be using `MySQLi_` instead of `MySQL_` at the very least --- you're wide open for injection. You should be using PDO. — Funk Forty Niner, Oct 27 '13 at 03:29
@Ds.109 Why are you using `require('connect.php');` twice? You shouldn't need to do that. — Funk Forty Niner, Oct 27 '13 at 03:31
@Fred-ii- .. i used it twice in effort to find the problem, has since been removed. — Ds.109, Oct 27 '13 at 03:33
@Ds.109 Ok, I understand. Now, maybe some of your variables are defined too far down in your code and that other variables have not been defined, or mispelled. Did you double-check everything, including spelling, letter-case etc.? Named inputs also. — Funk Forty Niner, Oct 27 '13 at 03:36
The `$to_who` will have value only if you came from another page (as a querystring) but then your code after `if(isset($_POST['submit1'])){` wont work because a GET protocol was used. And if you have this Id on the form that you said the `$to_who` variable will be empty therefore your query `$to_who_raw` wont have a result unless you have something in your database with `donor_id=''` — Jorge Campos, Oct 27 '13 at 03:36
@JorgeCampos Then maybe the OP could use `$to_who = $_REQUEST['id'];` instead? and/or change all `POST` to `REQUEST` — Funk Forty Niner, Oct 27 '13 at 03:37
@Ds.109 Try putting `if(isset($_POST['submit1'])){` as your first line on top of `$to_who = $_GET['id'];` and change it to `$to_who = $_REQUEST['id'];` — Funk Forty Niner, Oct 27 '13 at 03:38
@Fred-ii- Yeah he could. But I would correct the code a little bit, because he is using this variable in a wrong place in his code. — Jorge Campos, Oct 27 '13 at 03:40
@JorgeCampos i even tried getting the variable to a variable, setting it to another variable, and then using that ... no hope so far.. — Ds.109, Oct 27 '13 at 03:41
@Ds.109 `REQUEST` is a replacement for `GET` and `POST` in cases like these. It's another superglobal when the method is uncertain. — Funk Forty Niner, Oct 27 '13 at 03:43
when you came from another page, do you have all the parameters? and $_REQUEST variable is a associative array with both $_POST and $_GET and $_COOKIE variables — Jorge Campos, Oct 27 '13 at 03:44
We need more information, how are you getting to this page? Is it a query string? Is it POST data? — Barry Chapman, Oct 27 '13 at 03:45
@Ds.109 I'm curious. `$name` and `$email` are coming in from your form, obviously. Those haven't been defined yet. Put `$name = $_POST['name'];` and `$email = $_POST['email'];` at the beginning somewhere. There seems to be missing elements. — Funk Forty Niner, Oct 27 '13 at 03:47
@Fred-ii- $name and $email are using the $to_who to query the table and pull the required information from there. — Ds.109, Oct 27 '13 at 03:50
@BarryChapman - there is a page that directs to this with the ending ...php?id=... , there is some information from the beginning that is queried from the database, then there is an html form from which the variables are posted for the email, however the "to" is still the first ID that came from the other page. — Ds.109, Oct 27 '13 at 03:51
@Ds.109 It doesn't quite work that way, they need to be "defined" from your form inputs since they are part of your form's POST. — Funk Forty Niner, Oct 27 '13 at 03:51
I was able to do the following .... I added a hidden input on my HTML form, posted that , and it worked. . . Still curious to why the variable wasn't carrying over to the if statement.. seems like a basic thing to me. — Ds.109, Oct 27 '13 at 03:52
then you should be using post, and not get. Is your
's METHOD="POST" ? — Barry Chapman, Oct 27 '13 at 03:53
@Ds.109 Most probably due to the location of your `if(isset($_POST['submit1'])){` --- nothing is set till that `if` condition starts. Everything else above I fear is discarded/denied. — Funk Forty Niner, Oct 27 '13 at 03:54

score 1 · Answer 1 · answered Oct 27 '13 at 03:54

As I said in the comments, the $to_who will have value only if you came from another page (as a querystring) but then your code after if(isset($_POST['submit1'])){ wont work because a GET protocol was used. And if you have this Id on the form that you said the $to_who variable will be empty therefore your query $to_who_raw wont have a result unless you have something in your database with donor_id=''

And more, if you came from another page as you said in the comments you will have to have all variables that you use in $_POST as $_GET

So in order to get both protocols working as you said you have to change your code a little bit. So, it would be something like this:

require('connect.php');

$to_who = $_REQUEST['id'];

echo $to_who;

//Here I'm guessing that you have all variables send 
// by your FORM OR in a querystring like somepage.php?id=1&subject=adasdad&message=asdasdads
if( isset($_POST['submit1']) || isset($_GET['id'])  ){

$to_who_search = "SELECT * FROM donorstable WHERE donor_id = '$to_who'";
$to_who_raw = mysql_query($to_who_search);

$name = mysql_result($to_who_raw , 0 , 'first_name') . ' ' .  mysql_result($to_who_raw , 0 , 'last_name') ;
$email =  mysql_result($to_who_raw , 0 , 'email');

$getsubject = $_REQUEST['subject']; //see my previous comment
$getmessage = $_REQUEST['message']; 

$getformsql = "SELECT * FROM donorstable WHERE donor_id = '$userid'";
$getfrom = mysql_query($getformsql);

//builds email
$to = $email;
$subject = $getsubject;
$message = $getmessage;
$from = mysql_result($getfrom , 0  , 'email');
$headers = "From:" . $from;
//mail($to,$subject,$message,$headers);
echo "Mail Sent.";

$inserstatement = "INSERT INTO messages VALUES ('$to_who' , '$from' ,'$subject', '$message' , '0' , '')";

mysql_query($inserstatement);

}

Curious: How will both POST and GET work together in unison if method is "post"? `if( isset($_POST['submit1']) || isset($_GET['id']) ){` — Funk Forty Niner, Oct 27 '13 at 03:59
They don't have to work at same time, I'm testing for One or Other, As I said this would work only if he is passing all the parameters through GET or POST Inside the if I'm usign the `$_REQUEST` wich covers both — Jorge Campos, Oct 27 '13 at 04:02
Ok, I understand. Therefore the reason for the `||` - good call. — Funk Forty Niner, Oct 27 '13 at 04:03

variables not carrying over

1 Answers1