why won't it post these results?

Question

I am having trouble grabbing the values from the form once processed. I need your help.

function updateUser($table, $id) {
    if($_POST) {
     processUpdate($table, $id);
    } else {
     updateForm($table, $id);
    }
}

function processUpdate($table, $id) {

    print $table; //testing
    print $id; //testing

    $email=addslashes($HTTP_POST_VARS['email']);
    $lname=addslashes($HTTP_POST_VARS['lname']);
    $fname=addslashes($HTTP_POST_VARS['fname']);

    print $lname;

    //which table do we update
    switch($table) {
     case "maillist":
      $result = mysql_query("UPDATE $table SET email='$email', lname='$lname', fname='$fname' WHERE id='$id'") 
      or die(mysql_error());
     break;
    }
}

The function updateForm($table, $id); just outputs the form, has email, lname, fname fields. And when you process the form, the action is the same, w/ the table and id being passed thru the url, so it GET's the id and table that way, and for lname, fname, and email, it should grab it via post.

EDIT: this is what the form tag is for the updateForm function: <form method="post" action="?mode=upd&id='.$id.'&table='.$table.'">

But for some reason, it does not post the values.

Answer 1

Is the method attribute of the form set to post?

<form method = "post" action = "...">

And are all of the input's name attribute set right?

Have you looked at the html output to make sure that there were no syntax errors? Also, try using

$_POST

instead of

$HTTP_POST_VARS

Answer 2

Please make sure that you use an up-to-date tutorial for one of the latest versions of PHP5. NOT some PHP 3.x tut full of deprecated functions ;-)

That will make your life (and ours) a whole lot easier :P

By the way one more tip that will prevent you from having major SQL injections in this script: ESCAPE EVERY VARIABLE YOU ARE GOING TO PASS!!

You don't escape ID here, which is a nice huge hole to drop your db