Well guys, to ask the question is pretty simple, but myself, I’m having a problem on finding the answer, and I need this badly…
The question is:
I have the following function in (donate/index.php)
function submitted_amount()
{
global $db, $user, $auth, $template, $current_dir;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
include ($phpbb_root_path . 'includes/functions_user.' . $phpEx);
include ($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include_once ($phpbb_root_path . 'donate/functions_donate.' . $phpEx);
$submitted_amount = (isset($_POST['submitted_amount'])) ? true : false;
$sql = 'UPDATE ' . DONATION_TABLE . "
SET config_value = '" . $submitted_amount . "'
WHERE config_name = 'submitted_amount'";
$result = $db->sql_query($sql);
}
page_header($user->lang[‘DONATE_EXPLAIN’], false);
submitted_amount();
$template->set_filenames(array(
‘body’ => ‘donate/index_body.html’)
);
?>
Now the file: (styles/prosilver/template/donate/index_body.html)
It has the following line
< input type=’text’ name=’submitted_amount’ id=’submitted_amount’ value=” size=”25″ tabindex=”1″ maxlength=’9′ class=’inputbox_d’ align=”top”>
< form action='{U_DONATE_CONFIRM}’ method=’post’>
< input type=’submit’ class=”button1″ name=’submit’ value='{L_SUBMIT}’>
If you need more clarifications please tell me. I showed you all possible connections between the HTML and the PHP of my code. The database column is there, so what’s my problem?
first off:
shouldn’t this be the value of
submitted_amount? it will only ever betrueorfalse.quick fix would be to change
trueto$_POST['submitted_amount'], however you’ll be leaving yourself wide open to SQL injection unless you add some variable checking somewhere in there.