Problem with PHP; Posting Hidden Value?

StackOverflow https://stackoverflow.com/questions/2435415

  •  19-09-2019
  •  | 
  •  

Question

I have a page which basically allows an admin user to create manager user types (basically a register function. So when the values are submitted, they are stored into the DB, very very basic stuff. However, I have a hidden variable type..reasons are I have 3 different user levels and I have declared they identification as an integer (e.g. 7 = manager, 8 =user etc.)

Can someone help me out with how to correctly pass this hidden value so it stores in the database...

Here is my form:

<form id="userreg" name="userreg" method="post" action="adduser-process.php"> 
<label>Full Name:</label> <input name="fullname" size="40" id="fullname" value="<?php if (isset($_POST['fullname'])); ?>"/>
    <br />
    <label>Username:</label> <input name="username" size="40" id="username" value="<?php if (isset($_POST['username'])); ?>"/>       <br />
    <label>Password:</label> <input name="password" size="40" id="password" value="<?php if (isset($_POST['password'])); ?>"/>        <br />
    <label>Email Address:</label> <input name="emailaddress" size="40" id="emailaddress" value="<?php if (isset($_POST['emailaddress'])); ?>"/> 
    <br />
    <input name="userlevel" type="hidden" size="1" id="userlevel" value="<?php $_POST[5]; ?>" /> <br />
    <input value="Add User" class="addbtn" type="submit" /> 
    </form></div>

Next, here is the script that runs the query:

    <?php 

require_once "config.php";


 $fullname = $_POST['fullname'];
 $username = $_POST['username'];
 $password = $_POST['password'];
 $emailaddress = $_POST['emailaddress'];
 $userlevel = $_POST[5];


 $sql = "INSERT INTO users_tb VALUES('".$user_id."','".$fullname."','".$username."',MD5('".$password."'),'".$emailaddress."','".$userlevel."')";
 $result = mysql_query($sql, $connection)
  or die("MySQL Error: ".mysql_error());

 header("Location: administratorfrontview.php");
 exit();
 ?>

I'm basically trying to pass the hidden typem with a constant value of '5' just for this form, as it will not be changed...also while im here, for some reason, the 'fullname' is not stored in the DB either!!?? WTH?? all other fields are processed fine. Any help is much appreciated! Thank you.

Was it helpful?

Solution

Two things. One, $userlevel should equal $_POST['userlevel'] not 5 as POST data isn't always in that order. Two, your insert statement should be preceded with the column names (to prevent any data from going in the wrong order).

$sql = "INSERT INFO users_tb (id, name, username, password, email, userlevel) ".
       "('".$user_id."','".$fullname."','".$username."',MD5('".$password."'),'".
       $emailaddress."','".$userlevel."')";

OTHER TIPS

Your PHP for outputting the value is wrong. Use:

<?= $_POST[5]; ?>

or

<?php echo $_POST[5]; ?>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top