0

I have the crated the page and in the submit i call the another page. I pass the id and name in the url

my url is like

http://localhost/sfrefer/sf-refer-ap.php?id=45&cust_name=testing

in sf-refer-ap.php

i use the following code

$name= $_POST['name'];
$mobile= $_POST['mobile'];
$custname1= $_POST['cust_name'];
echo $custname1;
$sql = "INSERT INTO test1 (name,email,mobile) VALUES ('$cust_name','$email[$i]', '$mobile[$i]')";

empty value is going into database.... How to insert the id and cust_name in db

Liam
  • 27,717
  • 28
  • 128
  • 190
sakthi
  • 65
  • 1
  • 1
  • 11
  • you send GET parameters not POST. use $_GET instead of $_POST – Laurentiu Oct 13 '16 at 10:43
  • use $_GET[''] in palce of post – jhon Oct 13 '16 at 10:43
  • 3
    Learn about [SQL Injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) before fixing this – jitendrapurohit Oct 13 '16 at 10:43
  • 1
    Debug you code. It would have told you that there is nothing in `$_POST` because you are using querystrings. Also wide open to both XSS and sql injection attacks. – PeeHaa Oct 13 '16 at 10:43
  • if your submitting form data use post method it's safe and secure.. – jhon Oct 13 '16 at 10:44
  • 2
    @jhon that's a silly remark. Just changing the verb doesn't make it magically safe nor secure. – PeeHaa Oct 13 '16 at 10:44
  • @jhon No it's not?! POST is still plain text, its just *slightly* harder to view – Liam Oct 13 '16 at 10:45
  • @PeeHaa, In console nothing happen.... in my php output is Notice: Undefined index: cust_name in C:\xampp\htdocs\sfrefer\validate.php on line 12 – sakthi Oct 13 '16 at 10:46
  • @Peehaa How can i store the url value in hidden type... and i used in another file $name=$_Post['name1']; but it does not working – sakthi Oct 13 '16 at 12:07

4 Answers4

1

You have to use GET when passing data in URL, use POST only on submit. try to change your code into:

update: You should initialize your variable first and then use isset to make sure that the data was passed with the correct value.

$id= ""; 

$custname1= ""; 

if(isset($_GET['id']) && isset($_GET['cust_name'])){ 
$id= $_GET['id'];
$custname1= $_GET['cust_name'];
 echo $custname1;
}
Polar
  • 3,327
  • 4
  • 42
  • 77
1

You use GET method to pass id and cust_name. Because you passed values on url id=45&cust_name=testing

$id =  $_GET['id']; 
$name= $_GET['cust_name'];

You should be checking whether the index cust_name actually exists in the $_GET array before attempting to use it.

if(isset($_GET['cust_name'])){ $name = $_GET['cust_name']; }
Kushan
  • 10,657
  • 4
  • 37
  • 41
0

It looks like you are little bit confused. use the following

$name= $_GET['name'];
$mobile= $_GET['mobile'];
$cust_name= $_GET['cust_name'];
echo $cust_name; // cust name echoed here

if you want to save cust_name in your database table use name columns value as $cust_name

$sql = "INSERT INTO test1 (name,email,mobile) VALUES ('$cust_name','$email[$i]', '$mobile[$i]')";

if you want to save name in your database table use name columns value as $name

$sql = "INSERT INTO test1 (name,email,mobile) VALUES ('$name','$email[$i]', '$mobile[$i]')";
Nitin Pund
  • 1,082
  • 2
  • 9
  • 23
0
(isset($_POST['name']))? $name= $_POST['name'] : $name = "";
(isset($_POST['mobile']))? $mobile= $_POST['mobile'] : $mobile="";
(isset($_POST['cust_name']))? $custname1= $_POST['cust_name'] : $custname1 = ""; 
echo $custname1;

But if you want the id from your url change one of the variable to 

(isset($_POST['id']))? $id= $_POST['id'] : $id = "";

If you do echo $id you will have the id

To avoid at the minimum sql injection use mysqli_real_escape_string()

$sql = "INSERT INTO test1 (name,email,mobile) VALUES ('".mysqli_real_escape_string($con, $cust_name)."','".mysqli_real_escape_string($con, $email[$i])."', '".mysqli_real_escape_string($con, $mobile[$i])."')";

$con is your connexion for mysql maybe your variable name is different.

Pierre
  • 675
  • 1
  • 8
  • 18