0

After a change from PHP4 to PHP5 a problem occurred, I cant find it in the migration FAQ.

<form method='post' action='galerie.php'>
<input type='hidden' name='kategorieid' value='$id'>
<input type='hidden' name='echtkategorie' value='$kategorie'>
<input type='hidden' value='' name='geaendert'>
<input name='imageField' type='image' src='../images/bearbeiten.gif' width='39' height='40' border='0' alt='Galerie &quot;$kategorie&quot; bearbeiten'>

I am calling galerie.php with some variables $id and $kategorie, but they wont appear in the galerie.php:

$_GET['id']

Won’t work in galerie.php I do $befehl="SELECT kategorie, id FROM $tabelle WHERE id='$kategorieid'"; but kategorieid is not there.

Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
user1650072
  • 1
  • 2

1 Answers1

2

You are using method="post" which means that you should be using $_POST['id'] rather than $_GET['id'].

fvgs
  • 21,412
  • 9
  • 33
  • 48
  • huh like `id = $_POST['kategorieid']`? – user1650072 Sep 08 '12 at 01:33
  • var_dump($_POST['kategorieid']); works, but how to use it in my code? – user1650072 Sep 08 '12 at 01:51
  • mysql_real_escape_string($_POST['kategorieid']); this works dont know why – user1650072 Sep 08 '12 at 01:57
  • You should use it the same way you were using $_GET['id'], but with $_POST['id']. Just keep in mind that since you are getting these variables from a form, you HAVE to sanitize them, otherwise your site will be vulnerable to SQL injection and XSS. There are plenty of explanations on how to protect against these threats. `mysql_real_escape_string()` is not enough and only protect against SQL injection. Likewise, you should be using `mysqli_real_escape_string()` which is the improved version. – fvgs Sep 08 '12 at 02:29