Lost Variable

I need som help - I really cant see where I do the mistake!

I have a page that loads its content using variable ginven in an URL like:

editgallery.php?folder=big_fish&id=459

The webpage is a page where you can change the name, description etc. Click “Update” and the information is saved (this part works fine)

When clickin “Update” the user should be taken back to the old URL where thay came from like this:

galleries.php?folder=big_fish

Im using the below code to send the user back to the old URL:

header("Location: galleries.php?folder=".$folder."&id=".$id."");

But the folder variable is not saved/remembered/transfered to the new URL. When I use the above the URL looks like:

galleries.php?folder=&id=459

Means that folder variable is lost but the id is used correct. Why does the folder variable not work?

The compleate code of the site looks like:

<?
include "../config.php";
include "session.php";

if(!$_POST["submit"])
{
include "header.php";
$query = mysql_query("select name, type, folder, description , displaydate from galleries where id = '".$_GET["id"]."' ");
$row = mysql_fetch_row($query);
$name = $row[0];
$type = $row[1];
$folder = $row[2];
$description = $row[3];
$displaydate = $row[4];
?>

<form method="POST" action="<?=$_SERVER["PHP_SELF"]?>" name="myform" id="myform">
<center><table width="<?=$setting["tablewidth"]?>" class="admintable" cellpadding="<?=$setting["cellpadding"]?>">
<tr>
	<td class="adminheader" colspan="2">&nbsp;<b>Edit Gallery:</b></td>
</tr>

		<tr>	
			<td class="admincell">&nbsp;Name:</td>
			<td class="admincell">
<input type="text" name="name" value="<?=$name?>" size="40"></td>
</tr>
		<tr>	
			<td class="admincell">&nbsp;Category:</td><td class="admincell">

<?=$folder?>

</td>
</tr>
<tr valign="top">
<td class="admincell">&nbsp;Display Date:</td>
<td class="admincell" align="">
	<input style="border-style:hidden" type="text" value="<?=$displaydate?>" id="from" id="<?php echo $_REQUEST["from"]; ?>" name="displaydate" size="40">
    (yyyymmdd - Like <?=date('Ymd');?> or <?=date('Y-m-d');?>)</td>
</tr>
<tr valign="top">
<td class="admincell">&nbsp;Description:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td><td class="admincell">

<textarea id="Enter you description of the photo set here" name="description"><?=$description?></textarea></td>
<!-- http://ckeditor.com/ -->
            <script>
                CKEDITOR.replace( 'description' );
            </script>
</tr>
<tr>
<td class="admincell" colspan="2"><input type="hidden" name="id" value="<?=$_GET["id"]?>"><center>
<input type="submit" name="submit" value="Update"></center></td>
</tr>

</table></center>
</form><center>
<p>



</table></center>

<?
include "footer.php";
}
else
{

mysql_query("update galleries set name = '".$_POST["name"]."', description = '".$_POST["description"]."' , displaydate = '" . $_POST["displaydate"] . "' where id = '".$_POST["id"]."' ");

header("Location: galleries.php?folder=".$folder."&id=".$id."");
//header("Location: galleries.php?folder=".$_GET['folder']);
//header("Location: galleries.php");
}
?>

Variables are not saved between requests. You can use a session to persist data across requests, or you can grab the value from the url again using $_GET[‘folder’]

Hi Kyle,

How do I use session to persist data? Im not sure how to code that part.

If I use:

//header("Location: galleries.php?folder=".$_GET['folder']); 

it does still not use the “folder” variable from the URL. The new URL that is generated just look like

galleries.php?folder=

so the variable dont show up!

Any idea why?

Add a hidden input for the folder value to your form so you can pick it back up on POST on the processing side.

I tried to add:

<input type="hidden" name="id" value="<?=$_GET["id"]?>">
<input type="hidden" name="form" value="<?=$_GET["form"]?>">
<input type="submit" name="submit" value="Update">

is that want you meant? But it does still not Work. Other suggestion?

Not exactly. The whole point is to pass folder and id to the processing side by sending these values with hidden fields.

<input type="hidden" name="id" value="<?php echo $_GET['id'];?>">
<input type="hidden" name="folder" value="<?php echo $folder;?>"> 

Then on processing you can grab these like

$folder = (isset($_POST['folder']) ? $_POST['folder'] : '');
$id = (isset($_POST['id']) ? $_POST['id'] : '');

Then you should be able to do the header(“location:”) line

Grt, can you help wm with the below part:

$folder = (isset($_POST['folder']) ? $_POST['folder'] : '');
$id = (isset($_POST['id']) ? $_POST['id'] : '');

Where exact in the codes do I add it. I have tried different places but with no sucess

The processing section. Really the whole page should be reconfigured so processing is above <html>

}
else
{

$folder = (isset($_POST['folder']) ? $_POST['folder'] : '');
$id = (isset($_POST['id']) ? $_POST['id'] : '');
mysql_query("update galleries set name = '".$_POST["name"]."', description = '".$_POST["description"]."' , displaydate = '" . $_POST["displaydate"] . "' where id = '".$_POST["id"]."' ");

header("Location: galleries.php?folder=".$folder."&id=".$id."");
//header("Location: galleries.php?folder=".$_GET['folder']);
//header("Location: galleries.php");
}
?>

Yes, thanks - working now

Hey GertK,

There are a couple of important things to mention about this code:

mysql_query("update galleries set name = '".$_POST["name"]."', description = '".$_POST["description"]."' , displaydate = '" . $_POST["displaydate"] . "' where id = '".$_POST["id"]."' "); 

First of all, it’s a really bad idea to insert GET/POST variables directly into an SQL query, as this leaves your code wide open to SQL injection attacks. Any and all user input (or input that could potentially be tampered with by a user) should be sanitized before being inserted into the DB.

Secondly, you shouldn’t be using the mysql_* functions any more as these have been deprecated and will be removed from PHP. You should use either the mysqli or PDO extension instead, both of which offer prepared statements which will protect your code against SQL injection.

Thanks, I will try look into that too