Do "View Source" in your browser, and see what the ACTION url is...
On Fri, February 3, 2006 11:54 am, Jason Gerfen wrote: > I am having a problem and I am not sure how to resolve it. I have a > simple drop down list form which contains colors and a menu which > contains links. > > I have two get vars as URL parameters: > ex. http://www.web.com/index.php?id=default&theme=red > > here is the HTML form: > <table width="100%" border="0" cellspacing="0"><form action="<?PHP > echo > $_SERVER['PHP_SELF']; ?>?id=<?PHP echo $arr['name']; ?>&theme=<?PHP > echo > $_GET['theme']; ?>" method="get" name="template"> > <tr> > <td width="5%" align="left"><select name="theme"> > <option name="blue" value="blue">blue</option> > <option name="green" value="green">green</option> > <option name="red" value="red">red</option> > <option name="yellow" value="yellow">yellow</option> > </select></td> > <td width="10%" align="left"><input type="submit" value="change > scheme"></td> > </tr></form> > </table> > > Here is the function that gives me the page id: > function show_args( $id ) { > global $defined; > if( empty( $id ) ) { > $conn = db( $defined['dbhost'], $defined['username'], > $defined['password'], $defined['dbname'] ); > $sql = @mysql_query( "SELECT * FROM pages WHERE name = 'default'" > )or die( "<img src=\"images/error.jpg\"> <font > face=\"arial\"><b>Error with SQL statement, details > follow:</b><br><br>Error Number: " . @mysql_errno( $conn ) . > "<br>Error Message: " . @mysql_error( $conn ) . "<br>Email > Administrator: <a > href=\"mailto:$defined[mail]\";>$defined[mail]</a></font>" ); > if( @mysql_num_rows( $sql ) != 0 ) { > while( $array = @mysql_fetch_array( $sql ) ) { > list( $page['id'], $page['name'], $page['title'], > $page['description'], $page['content'] ) = $array; > } > } else { > $page['id'] = "default"; > $page['name'] = "default"; > $page['title'] = "default home page"; > $page['description'] = "default home page"; > $page['content'] = "<img > src=\"images/error.jpg\"> <b><blink>Error: > </blink></b>It looks as if you have not defined anything in the > database, please do so.<br><b>Code: </b>001"; > } > } else { > if( chk_string( $id ) == 0 ) { > $conn = db( $defined['dbhost'], $defined['username'], > $defined['password'], $defined['dbname'] ); > $sql = @mysql_query( "SELECT * FROM pages WHERE name = \"$id\"" )or > die( "<img src=\"images/error.jpg\"> <font > face=\"arial\"><b>Error with SQL statement, details > follow:</b><br><br>Error Number: " . @mysql_errno( $conn ) . > "<br>Error Message: " . @mysql_error( $conn ) . "<br>Email > Administrator: <a > href=\"mailto:$defined[mail]\";>$defined[mail]</a></font>" ); > if( @mysql_num_rows( $sql ) != 0 ) { > while( $array = @mysql_fetch_array( $sql ) ) { > list( $page['id'], $page['name'], $page['title'], > $page['description'], $page['content'] ) = $array; > } > } else { > $page['id'] = "default"; > $page['name'] = "default"; > $page['title'] = "default home page"; > $page['description'] = "default home page"; > $page['content'] = "<img > src=\"images/error.jpg\"> <b><blink>Error: > </blink></b>It looks as if you have not defined anything in the > database, please do so.<br><b>Code: </b>002"; > } > } else { > $conn = db( $defined['dbhost'], $defined['username'], > $defined['password'], $defined['dbname'] ); > $sql = @mysql_query( "SELECT * FROM pages WHERE name = 'default'" > )or die( "<img src=\"images/error.jpg\"> <font > face=\"arial\"><b>Error with SQL statement, details > follow:</b><br><br>Error Number: " . @mysql_errno( $conn ) . > "<br>Error Message: " . @mysql_error( $conn ) . "<br>Email > Administrator: <a > href=\"mailto:$defined[mail]\";>$defined[mail]</a></font>" ); > if( @mysql_num_rows( $sql ) != 0 ) { > while( $array = @mysql_fetch_array( $sql ) ) { > list( $page['id'], $page['name'], $page['title'], > $page['description'], $page['content'] ) = $array; > } > } else { > $page['id'] = "default"; > $page['name'] = "default"; > $page['title'] = "default home page"; > $page['description'] = "default home page"; > $page['content'] = "<img > src=\"images/error.jpg\"> <b><blink>Error: > </blink></b>What exactly are you trying to do? It seems you have > either attempted a XSS, SQL Injection of Buffer Overflow to gain > illegal access to my site. Your computer information has been > recorded because I do not condone the actions you are taking on my > livelihood."; > } > } > } > @mysql_close( $conn ); > return $page; > } > > And the function which returns my menu: > function get_menu( $theme ) { > global $defined; > $conn = db( $defined['dbhost'], $defined['username'], > $defined['password'], $defined['dbname'] ); > $sql = @mysql_query( "SELECT name FROM pages" )or die( "<img > src=\"images/error.jpg\"> <font face=\"arial\"><b>Error > with SQL statement, details follow:</b><br><br>Error Number: " . > @mysql_errno( $conn ) . "<br>Error Message: " . @mysql_error( $conn ) > . "<br>Email Administrator: <a > href=\"mailto:$defined[mail]\";>$defined[mail]</a></font>" ); > if( @mysql_num_rows( $sql ) != 0 ) { > while( $array = @mysql_fetch_array( $sql ) ) { > list( $name ) = $array; > $menu .= "<a > href=\"$_SERVER[PHP_SELF]?id=$name&theme=$theme\">$name</a><br>"; > } > } else { > $menu = "<img src=\"images/error.jpg\"> <b><blink>Error: > </blink></b>You currently do not have any pages defined in the > database."; > } > @mysql_close( $conn ); > return $menu; > } > > basically I am having a problem of when I visit a link from the > menu*then try to change the template color it goes to a default error > message because the ?id=$_GET['id'] is failing on the form action > portion. Any help is appreciated. > -- > Jason Gerfen > > "the life you live ignoring who, ignoring who you're giving money to. > and you, you support the corrupt industries and companies who dont > think to care. > guilty...guilty...guilty by ignorance. > no feeling... no substance... killing... you're killing through your > ignorance." > ~ Snapcase > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
