PHP: $_GET variable is not being properly read [closed]

Question

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.

Closed 9 years ago.

I have 2 php pages: editpost.php simply generates a form to edit a user review. addcomment.php, in this case is supposed to update the mysql for that post. It simply tests to see if $_GET['edit'] and the proper variables are set. For some reason it never read true. I checked 'view source' in safari for editpost.php and it looks fine.

editpost.php:

<?php 
require_once('checklogin.php');
//require_once('text_encode.php');
//die("Made it past require once");
if(isset($_SESSION['user'])&&isset($_GET['id']))
{
    //die("made it past if statement");
    $con = mysql_connect('localhost','REDACTED','REDACTED');
    mysql_select_db('dancks_db',$con);
    $q = mysql_query(sprintf("SELECT userID FROM UserTable WHERE nick='%s'",$_SESSION['user']),$con) or die(mysql_error());
    if(mysql_num_rows($q)!=1)
    {
        //die("1");
        redir();
    }
    else
    {
        $match = array(); $match2=array();
        preg_match("/[0-9]{1,5}/",$_GET['id'],$match);
        //preg_match("/[0-1]{1,1}/",$GET['type'],$match2);
        if(implode($match)!=$_GET['id'])
        {
            die("2");
            redir();
        }
        //if($_GET['id']==0)
        else
        {
            $q2 = mysql_query(sprintf("SELECT * FROM Comments WHERE CommentID='%s'",$_GET['id']),$con) or die(mysql_query());
            if(mysql_num_rows($q2)==1)
            {
                $vars = mysql_fetch_assoc($q2);
                echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
                <html xmlns=\"http://www.w3.org/1999/xhtml\">
                <head>
                <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />
                <title>Edit Post</title>
                </head>
                <body>";
                echo "<form method=\"post\" action=\"addcomment.php?type=1,edit=1\">
                <p>Rating:";
        //die("rating: ".$q2['rating']);
        for($i=1;$i<6;$i++)
        {
            echo "<label>".$i."</label><input type=\"radio\" name=\"rating\" value=\"".$i."\" ";if($vars['rating']==$i){echo "checked=\"checked\"";}echo " id=\"star".$i."\" />\n";
        }
        echo"</p>
                <p>Title:<input type=\"text\" name=\"title\" value=\"".$vars['title']."\" /></p>
                <p>Comment:<textarea rows=\"5\" cols=\"80\" name=\"review\" >".$vars['review']."</textarea></p>
                <input type=\"hidden\" name=\"commentid\" value=\"".$_GET['id']."\" />
                <input type=\"hidden\" name=\"subject\" value=\"".$vars['subject']."\" />
                <input type=\"submit\" value=\"submit review\" />
                </form>
                </body>
                </html>";
            }
            else
            {
                die("No comment found: get: ".$_GET['id']);
            }
        }
        mysql_free_result($q);
    }
}
else
{
    die("3");
    redir();
}
?>

addcomment.php:

<?php require_once('checklogin.php');
//die("type=".$_GET['type']." rating=".$_POST['rating']);
require_once('text_encode.php');
require_once('validate.php');
if(safe_isset($_GET['type'])&&safe_isset($_SESSION['user']))
{
    if( (safe_isset($_POST['rating']))&&(safe_isset($_POST['title']))&&(safe_isset($_POST['review']))&&($_GET['type']==1))
    {
        $match = array(); $match2 = array();
        preg_match("/[0-5]{1,1}/",$_POST['rating'],$match);
        preg_match("/[0-1]{1,1}/",$_GET['type'],$match2);
        if((implode($match)!=$_POST['rating'])&&(implode($match2)!=$_GET['type']))
        {
            die("type=".$_GET['type']." implode=".implode($match)." rating=".$_POST['rating']." implode=".implode($match2));
            //die("Invalid input for rating or type");
            redir();
        }
        else if( $_POST['rating']=="" || $_GET['type']=="" )
        {
            die("Rating or type reads empty string");
            redir();
        }
        else if(safe_isset($_GET['edit']))
        {
            $con = mysql_connect('localhost','REDACTED','REDACTED');
            mysql_select_db('dancks_db',$con);
            $query=sprintf("UPDATE Comments SET rating='%s', title='%s', review='%s' WHERE CommentID='%s'",
            mysql_real_escape_string($_POST['rating']),
            mysql_real_escape_string($_POST['title']),
            mysql_real_escape_string($_POST['review']),
            mysql_real_escape_string($_POST['commentid']));
            $r = mysql_query($query,$con) or die(mysql_error());
            mysql_close($con);
            die("Successful edit");
            header(sprintf("Location:http://example.com/redacted/redacted/seller.php?ID=%s",$_POST['subject']));
        }
        else
        {
            if(contains($_SERVER['HTTP_REFERER'],"editpost.php"))
            {
                die("Wrong spot");
            }
            $con = mysql_connect('localhost','REDACTED','REDACTED');
            mysql_select_db('dancks_db',$con);
            $query=sprintf("INSERT INTO Comments(nick,type,subject,rating,title,review) VALUES ('%s','%s','%s','%s','%s','%s')",
            mysql_real_escape_string($_SESSION['user']),
            mysql_real_escape_string($_GET['type']),
            mysql_real_escape_string($_POST['subject']),
            mysql_real_escape_string($_POST['rating']),
            mysql_real_escape_string($_POST['title']),
            mysql_real_escape_string($_POST['review']));
            $r = mysql_query($query,$con) or die(mysql_error());
            mysql_close($con);
            //die("successful insert");
            header(sprintf("Location:http://example.com/redacted/redacted/seller.php?ID=%s",$_POST['subject']));
        }
    }
    else
    {
        die("rating, title or review isnt set");
        redir();
    }
}
else
{
    die("type isnt set or user isnt logged in");
    redir();
}
?>

relevant extra code:

function contains($text,$match)
{
    return (preg_match("/".$match."/",$text)==1);
}
function safe_isset($text)
{
    $good = false;
    if(isset($text))
    {
        if(strlen($text)>0)
        {
            $good = true;
        }
    }
    return $good;
}

This might be something really easy that I simply overlooked. I apologize if thats the case. I'm cramming right now so I'm liable to miss things. Or perhaps ideas on if I should simply rewrite this or restructure this are welcome.

Answer 1

You're right, it is something simple. You need an & instead of ,

echo "<form method=\"post\" action=\"addcomment.php?type=1,edit=1\">
<p>Rating:";
// Should be:
echo "<form method=\"post\" action=\"addcomment.php?type=1&edit=1\">
<p>Rating:";
// -----------------------------------------------------^^^^

The way you have it, the edit value is passed, but it is passed as part of the type value, so PHP sees

$_POST['type'] == '1,edit=1'

I also note that a little later you are looking for $_GET['id'], but you have defined ID in the query string. Array keys are case sensitive, so be sure to use the correct case.

header(sprintf("Location:http://example.com/redacted/redacted/seller.php?ID=%s",$_POST['subject']));
//---------------------------------------------------------------------^^^^ upper case here....
// Access as $_GET['ID'], not $_GET['id']

Answer 2

echo "<form method=\"post\" action=\"addcomment.php?type=1,edit=1\">

should be

echo "<form method=\"post\" action=\"addcomment.php?type=1&edit=1\">

Answer 3

"<form method=\"post\" action=\"addcomment.php?type=1,edit=1\">
                <p>Rating:";

USE &

 "<form method=\"post\" action=\"addcomment.php?type=1&edit=1\">
                <p>Rating:";