Well guys, to ask the question is pretty simple, but myself, I'm having a problem on finding the answer, and I need this badly...
The question is:
I have the following function in (donate/index.php)
function submitted_amount() { global $db, $user, $auth, $template, $current_dir; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
include ($phpbb_root_path . 'includes/functions_user.' . $phpEx);
include ($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include_once ($phpbb_root_path . 'donate/functions_donate.' . $phpEx);
$submitted_amount = (isset($_POST['submitted_amount'])) ? true : false;
$sql = 'UPDATE ' . DONATION_TABLE . "
SET config_value = '" . $submitted_amount . "'
WHERE config_name = 'submitted_amount'";
$result = $db->sql_query($sql);
}
page_header($user->lang['DONATE_EXPLAIN'], false);
submitted_amount();
$template->set_filenames(array( 'body' => 'donate/index_body.html') );
?>
Now the file: (styles/prosilver/template/donate/index_body.html)
It has the following line
< input type='text' name='submitted_amount' id='submitted_amount' value='' size="25" tabindex="1" maxlength='9' class='inputbox_d' align="top">
< form action='{U_DONATE_CONFIRM}' method='post'>
< input type='submit' class="button1" name='submit' value='{L_SUBMIT}'>
If you need more clarifications please tell me. I showed you all possible connections between the HTML and the PHP of my code. The database column is there, so what's my problem?
first off:
$submitted_amount = (isset($_POST['submitted_amount'])) ? true : false;
shouldn't this be the value of submitted_amount? it will only ever be true or false.
quick fix would be to change true to $_POST['submitted_amount'], however you'll be leaving yourself wide open to SQL injection unless you add some variable checking somewhere in there.