Form values not passing to self in php

Question

Rephrased Question:

I'm updating a web app from a stand alone PHP page to something that is database driven and has admin controls (old page: uoflclimbingclub.com/everestchallenge/elevationcounter/).

I'm using a form on two different pages: an admin page, and a display page. The form sends the value of a hidden input into a variable on the display page that defines a field name in an sql statement.

The returned row of data is used on the display page with a combination of CSS and PHP to display a graph. The display page is also where the data is meant to be updated.

The code executes and displays the page successfully when executed from the admin page, but fails to display the page when executed from the same page, even though the data is successfully updated in the database. Can anyone tell me what I'm doing wrong? I've searched everything I can think of and read PHP documentation to find a solution but no luck so far, I'm still looking for a solution, any help would be much appreciated.

My Code

The admin page that links to the display page: http://shemsimmons.com/uoflclimbingclub/everestchallenge/admin

Here is the code for the display page: setteam.php

    <?php 
    ob_start();

    include $_SERVER["DOCUMENT_ROOT"].'/uoflclimbingclub/everestchallenge/inc/conn/ulcc_user.php';

    $team = mysqli_real_escape_string($con, $_POST['teamname']);
    $increment = "/uoflclimbingclub/images/icons/favicon.png";
    $getElevation = "SELECT * FROM everest2014 WHERE team= '$team'";
    $result = mysqli_query($con, $getElevation);

    echo "The Team Name is:";
    echo $team;

    while($climbs = mysqli_fetch_assoc($result)){

        if(isset($_POST['update'])){

            foreach ($_POST as $key => $value){
              $$key=$value;
            }
            $updateElevation = "UPDATE everest2014 
                                SET 
                                rope1=$rope1Climbs,
                                rope2=$rope2Climbs,
                                rope3=$rope3Climbs,
                                rope4=$rope4Climbs,
                                rope5=$rope5Climbs,
                                rope6=$rope6Climbs,
                                rope7=$rope7Climbs,
                                rope8=$rope8Climbs,
                                rope9=$rope9Climbs,
                                rope10=$rope10Climbs,
                                rope11=$rope11Climbs,
                                rope12=$rope12Climbs,
                                rope13=$rope13Climbs
                                WHERE team='$team'";

            $retval = mysqli_query($con, $updateElevation);

            if(! $retval ){
              die('Could not update data: ' . mysqli_error());
            }

            header('Location: '.$_SERVER['PHP_SELF']);
            mysqli_close($conn);

        } else {
?>
<!DOCTYPE html>
<html>
<head>
<title>TEAM <?php echo $team; ?> Counter</title>
<link rel="icon" type="image/png" href="/uoflclimbingclub/images/icons/favicon.png">
<link rel="stylesheet" type="text/css" href="/uoflclimbingclub/everestchallenge/css/elevationstyle.php" />
<script type="text/javascript" src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
<script type="text/javascript" src="/uoflclimbingclub/everestchallenge/js/adder.js"></script>
<script type="text/javascript" src="/uoflclimbingclub/everestchallenge/js/jscolor/jscolor.js"></script>
<style>
.point { 
  border-bottom: 25px solid <?php echo $climbs["colour"]; ?>;
}
.shaft, #teambg{
  background: <?php echo $climbs["colour"]; ?>;
}
</style>
</head>
<body>
<?php
        include $_SERVER["DOCUMENT_ROOT"].'/uoflclimbingclub/everestchallenge/inc/everestVar.php';
        include $_SERVER["DOCUMENT_ROOT"].'/uoflclimbingclub/everestchallenge/inc/set_elevation_inc.php';
?>
</body>
</html>
<?php 

        }
    }
    mysqli_free_result($result);
?>

The everestVar.php include is just a bunch of simple arithmetic that makes the styles look pretty (div heights, convert number of rope climbs into total metres climbed, etc...)

The other include is the body html:

    <!-- Graphic of Everest -->
<img src="/uoflclimbingclub/everestchallenge/img/summit.png">
<div id="everestwrapper"><div id="everestwrap">
    <div id="everest"><img src="/uoflclimbingclub/everestchallenge/img/elevationmetre.png"><div id="metres" style="bottom:<?php echo $elevation; ?>%;"><span id="elevation"><?php echo $elevationClimbed; ?></span><img src="/uoflclimbingclub/everestchallenge/img/metres.png"></div></div>
    <div id="lightbg"></div>
    <div id="teambg" class="everestfill" style="height:<?php echo $elevation; ?>%;"></div>
</div></div>
<img src="/uoflclimbingclub/everestchallenge/img/eventname.png">
<!-- Growing Rope Arrows -->
<div id="ACC">
    <form id="climbsInput" action="/uoflclimbingclub/everestchallenge/setteam.php" method="post">

    <div id="medWall" class="medWall"> 

        <div id="rope1" style="height:<?php echo $rope1Up; ?>%;">
            <div class="point"><?php echo $rope1 ?>m</div>
            <div class="shaft">1</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope1Climbs" value="<?php echo $climbs["rope1"]; ?>" /></div></div>
        <div id="rope2" style="height:<?php echo $rope2Up; ?>%;">
            <div class="point"><?php echo $rope2 ?>m</div>
            <div class="shaft">2</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope2Climbs" value="<?php echo $climbs["rope2"]; ?>" /></div></div>
        <div id="rope3" style="height:<?php echo $rope3Up; ?>%;">
            <div class="point"><?php echo $rope3 ?>m</div>
            <div class="shaft">3</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope3Climbs" value="<?php echo $climbs["rope3"]; ?>" /></div></div>
        <div id="rope4" style="height:<?php echo $rope4Up; ?>%;">
            <div class="point"><?php echo $rope4 ?>m</div>
            <div class="shaft">4</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope4Climbs" value="<?php echo $climbs["rope4"]; ?>" /></div></div>
        <div id="rope5" style="height:<?php echo $rope5Up; ?>%;">
            <div class="point"><?php echo $rope5 ?>m</div>
            <div class="shaft">5</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope5Climbs" value="<?php echo $climbs["rope5"]; ?>" /></div></div>

    </div>
    <div id="longWall" class="tallWall">

        <div id="rope6" style="height:<?php echo $rope6Up; ?>%;">
            <div class="point"><?php echo $rope6 ?>m</div>
            <div class="shaft">6</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope6Climbs" value="<?php echo $climbs["rope6"]; ?>" /></div></div>
        <div id="rope7" style="height:<?php echo $rope7Up; ?>%;">
            <div class="point"><?php echo $rope7 ?>m</div>
            <div class="shaft">7</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope7Climbs" value="<?php echo $climbs["rope7"]; ?>" /></div></div>
        <div id="rope8" style="height:<?php echo $rope8Up; ?>%;">
            <div class="point"><?php echo $rope8 ?>m</div>
            <div class="shaft">8</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope8Climbs" value="<?php echo $climbs["rope8"]; ?>" /></div></div>

    </div>
    <div id="shortWall" class="shortWall">

        <div id="rope9" style="height:<?php echo $rope9Up; ?>%;">
            <div class="point"><?php echo $rope9 ?>m</div>
            <div class="shaft">9</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope9Climbs" value="<?php echo $climbs["rope9"]; ?>" /></div></div>
        <div id="rope10" style="height:<?php echo $rope10Up; ?>%;">
            <div class="point"><?php echo $rope10 ?>m</div>
            <div class="shaft">10</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope10Climbs" value="<?php echo $climbs["rope10"]; ?>" /></div></div>
        <div id="rope11" style="height:<?php echo $rope11Up; ?>%;">
            <div class="point"><?php echo $rope11 ?>m</div>
            <div class="shaft">11</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope11Climbs" value="<?php echo $climbs["rope11"]; ?>" /></div></div>
        <div id="rope12" style="height:<?php echo $rope12Up; ?>%;">
            <div class="point"><?php echo $rope12 ?>m</div>
            <div class="shaft">12</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope12Climbs" value="<?php echo $climbs["rope12"]; ?>" /></div></div>
        <div id="rope13" style="height:<?php echo $rope13Up; ?>%;">
            <div class="point"><?php echo $rope13 ?>m</div>
            <div class="shaft">13</div>
            <div class="climbCounter ropeInput"><img src="<?php echo $increment; ?>" class="addClimb" /><input type="text" class="climbs" name="rope13Climbs" value="<?php echo $climbs["rope13"]; ?>" /></div></div>

    </div>
    <?php echo "<input type='hidden' name='teamname' value='" . $climbs['team'] . "' />"; ?>
    <div style="clear:both;padding-top:80px;"><input name="update" type="submit" value="Update Elevation"/></div>
    </form>
</div><!-- End ACC -->

Original Question: I have some code that works and doesn't work. It works when executed from an external page, but doesn't work when executed from the same page.

<input type='hidden' name='name' value='value' />

The input above is passing a value to a PHP page that loads data from an SQL database. The value is stored in a variable that is used in a couple SQL statements.

$name = mysqli_real_escape_string($con, $_POST['name']);
$select = "SELECT * FROM table WHERE `name`= '$name'";
$update = "UPDATE table SET (multiple fields) WHERE `name`='$name'";

It works perfect from the external page, but when I try to update the data from the same page, using the same input field then strange things happen. The value does not appear to be being passed, but somehow the database is successfully updating.

When I say it doesn't appear to be being passed I mean I've put echo statements all over my code to find where it's breaking and no where does that variable have a value, the page loads blank as if the variable had no value, the page is not displaying (content and styles depend on the database), but for some reason the data is successfully being sent. I can hit the back button on my browser and refresh the page and the data refreshes to show the updates.

I can't wrap my head around why the variable would work for the outgoing data, but not for the incoming data, and show no value. Does anyone have any initial clues as to what might be going on?

did you say the page isn't displaying? so you get a blank page for that? also could you post the html for the form. — ArtisticPhoenix, Jul 15 '14 at 21:46
Yes, I kept the code in my question as simple as possible in case there was something glaringly obvious I was doing wrong. I'll rephrase my question and be more specific. — Lei-Lonnie, Jul 16 '14 at 15:10
When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). — tadman, Jul 16 '14 at 19:16
@tadman Security is not an issue with this data, but thanks for the tip. Any ideas why the page won't display when the form is submitted from the same page? — Lei-Lonnie, Jul 16 '14 at 20:28
Security is *always* an issue. If this page is on the public internet the list of things people can do with a single injection hole is [terrifying](http://sqlmap.org/). Don't dismiss this as not important, that will only build dangerously bad habits. Do it right and you won't have any problems. Do it wrong and you may end up with a compromised server, a leaked database, and a whole lot of explaining to do. — tadman, Jul 16 '14 at 20:49
Thank you @tadman, I sincerely appreciate the expert advise, but I'm still no closer to a solution to my problem at hand. I need to fix my code before I start reinforcing it. — Lei-Lonnie, Jul 16 '14 at 21:04
Building PHP from the ground up is always troublesome and time consuming. You should consider using a [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) to give you a lot of support and better examples to work from. Using an ORM is usually a lot easier than writing custom queries. The style of coding you're using here, which is straight out of the 1990s, is notorious for being cluttered, hard to follow, and nearly impossible to maintain. There could be any of a dozen things wrong here, it's hard to tell. — tadman, Jul 16 '14 at 22:05

score 0 · Answer 1 · answered Jul 15 '14 at 21:51

0

If the page refreshes to show the updates when you hit the back button, then refreshing the page would be the solution.

To refresh the page, the following PHP code should work:

header('Location: currentURL');

answered Jul 15 '14 at 21:51

user2938543

327
1
6
12

Refreshing the page works only after the data has been sent, and I'm already using something similar in my code: header('Location: '.$_SERVER['PHP_SELF']); – Lei-Lonnie Jul 16 '14 at 14:59

score 0 · Answer 2 · answered Jul 15 '14 at 21:58

0

Check the action atributte in the form element. Make sure it is set to the name of the file you are working on.

The page is blank because there is an internal error with your php script. Until you fix the problem, nothing is going to be displayed.

Try this..

if ($_POST['submit']){
      ... code to update database here...
 }

answered Jul 15 '14 at 21:58

rob

715
2
6
20

I'm doing exactly that: `if(isset($_POST['update'])){ $updateElevation = "UPDATE everest2014 SET rope1=$rope1Climbs, etc... WHERE team='$team'"; } ` – Lei-Lonnie Jul 16 '14 at 15:04
@ShemSeger you have an extra `$` when you start the foreach .. `foreach ($_POST as $key => $value){ $$key=$value; }` . Also, use `mysqli`. `mysql` is deprecated and it will lead you to a lot of trouble. Think about SQL Inyection. – rob Jul 16 '14 at 15:10
I need the extra `$`. That foreach loop is fetching all of the input names in my form and the extra `$` is converting them into variables that I use in my SQL statement. Using mysqli throws an error for some reason... but it's not a concern, I'm not dealing with sensitive data, it's just a count of how many times a team has climbed each rope on a climbing wall during a once a year event. – Lei-Lonnie Jul 16 '14 at 16:10
Hey just wanted to say thank you, I was able to figure out what was causing that error when I used mysqli and was able to fix an earlier problem that I ended up just patching. I'm using mysqli now. I'm still getting the same result, but thanks for the tip! – Lei-Lonnie Jul 16 '14 at 16:49
@ShemSeger Glad I could help you in some way. – rob Jul 16 '14 at 17:11

Form values not passing to self in php

My Code

2 Answers2