Problems with $_GET[]

Johnb21 · 11-27-2012, 03:58 PM

I have 2 versions of this code... one WITH Sessions and one without. The one without the sessions being used works just fine but the one with sessions is having problems.

I have a url:
www.example.com/register.php?refid=1234567

I am trying to get the refid from the url and save it to a variable. I want to do this when a "Submit" button is clicked to register after filling a form out.

If I have code that says

Code:

if(isset($_POST['submit']))
{
//RUN THIS CODE
}

when I fill the form out and click submit, the page refreshes and the url becomes:

www.example.com/register.php

This works:

Code:

 if(!empty($_GET["refid"])){
     $refered_by = $_GET['refid'];
}
if(isset($_POST['submit']))
{
//RUN THIS CODE
}

but this does not:

Code:

if(isset($_POST['submit']))
{
   if(!empty($_GET["refid"])){
     $refered_by = $_GET['refid'];
   }
}

Even with the first example that DOES work... if I try to reference that $refered_by variable inside the code block that validates the submit button was clicked... it tells me that the $_GET['refid'] is undefined.

Is there any reason the ?ref=123456 is being removed from the url when the user clicks the submit/sign up button? Is this causing $_GET['refid'] to be undefined? Lastly... even if that's the case, why isn't $refered_by saving the variable if I establish it before the submit code block?

Any help will be appreciated so I can not only fix the code but also understand what is happening here.

Thyrosis · 11-27-2012, 04:29 PM

What is the action your form points to? Is the ?refid=123456 passed there as well?

Also check the source code before pressing the submit button to double check where the form is going (action).

Johnb21 · 11-27-2012, 04:57 PM

With the url: www.example.com/register.php?refid=12345

Here is my code for register.php

Code:

<?php
	require 'core.php';
	require 'connect.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="description" content=""/>
<meta name="keywords" content=""/>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<title>Register</title>
<link rel="stylesheet" href="style.css" type="text/css" media="screen" />

	<style type="text/css">
	body {

	}
	</style>
	
</head>
<body>
	
	<?php 
		if (!loggedin()){
		
			if(isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password']) && isset($_POST['verify_password']))
			{
				$firstname = $_POST['firstname'];
				$lastname = $_POST['lastname'];
				$username = $_POST['username'];
				$email = $_POST['email'];
				$password = $_POST['password'];
				$password_verified = $_POST['verify_password'];
				
				$min_pass_len=6;
				$max_pass_len = 16;
				
				$userId = uniqid();

				if(!empty($firstname)&&!empty($lastname) && !empty($username)&&!empty($email)&&!empty($password)&&!empty($password_verified)){
					
					$fullname = $firstname . ' ' . $lastname;
					
					if($password <> $password_verified){
						echo "Passwords do not match!";
					}else{
						if(strlen($password) < $min_pass_len || strlen($password) > 16){
							echo 'Your password must be between 6 and 16 characters.';
						}
						else
						{
							
							$password = md5($password);
							
							$query = "SELECT username FROM users WHERE username='$username'";
							$query_run = mysql_query($query);
							
								if(mysql_num_rows($query_run) == 1){
									echo "The username \"$username\" is taken.";
								}
								else
								{
										
										if(isset($_GET['refid'])){
											$refered_by = $_GET['refid'];
										}
										
									echo "REF BY: $refered_by";									
									
										
								}				
						}
					}
					
				}else{
					echo "All fields are required.";
				}
			}				
		?>
			
			<form action="<?php echo $_SERVER['SCRIPT_NAME'];?>" method="post">
		<p>
			<label for="firstname">First Name</label><br />
			<input type="text" name="firstname" />
		</p>
		
		<p>
			<label for="lastname">Last Name</label><br />
			<input type="text" name="lastname"  />
		</p>
		
		<p>
			<label for="username">Username</label><br />
			<input type="text" name="username" />
		</p>
		
		<p>
			<label for="email">Email</label><br />
			<input type="text" name="email"  />
		</p>
		
		<p>
			<label for="password">Password</label><br />
			<input type="password" name="password"  />
		</p>
		
		<p>
			<label for="verify_password">Verify Password</label><br />
			<input type="password" name="verify_password"  />
		</p>
		
		<p><input type="submit" name="submit" value="Register &raquo;" /><input type="reset" name="reset" value="Reset" /></p>
		
	</form>
			
	<?php
		}else if(loggedin()){
			
		}
	?>
			
		
</body>
</html>

When calling the $_GET function before the if(!loggedin()){} code, it reads it just fine. I mentioned that before though... and here is what the loggedin() function looks like in an external page (yes it is included in the register.php page):

Code:

function loggedin(){
	
		if(isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])){
			return true;	
		}else{
			return false;
		}
	}

As I stated before, when the submit button is clicked... the page is refreshed with no refid in the URL. I am not sure if that is what is causing undefined but I wouldn't think that should matter because $_GET should happen before the "refresh"

Fou-Lu · 11-27-2012, 07:35 PM

Nor will it.
Querystrings do not persist unless you specifically set them. As mentioned, if you want to pass the querystring through, you need to add that into the action attribute of the form element. You can pull that off using the $_SERVER['QUERY_STRING'] (or in a few other ways as well), or reconstruct the querystring from the $_GET or explicitly what you are requiring. But if you want to end up with the querystring in this page after submit, you must add that to the action.

Junsee · 11-27-2012, 10:27 PM

www.example.com/register.php?refid=1234567

Save to Session

PHP Code:


			
$_SESSION['Save'] = $_GET['refid'];

but always remember to initialise session code

PHP Code:


			
session_start();

so at the top of every page, that uses or passes sessions, the first things should be:

PHP Code:


			
<?php

session_start();



...

?>

EDIT:
So when there is a $_GET['refid'] use if

PHP Code:


			
if($_GET['refid']){

$_SESSION['Save'] = $_GET['refid'];

}