PHP passing query values through POST

[kitfox69]

How can you set a variable to have a value based on a query that returns single values?

<?php
$conn = odbc_connect("HOMES", "", "");
    $query = "SELECT DISTINCT sls_his_invc_no FROM sls_his where sls_his_item_id IN (SELECT item_id from item where item_vend_id = 'MONTAGE') and sls_his_prchdat_alt > 20071231";
    $result = odbc_exec($conn, $query);
    $options = '';
    while($row = odbc_fetch_array($result)){
        $options .= "\t\t<option value=\"{$row[sls_his_invc_no]}\">{$row[sls_his_invc_no]}</OPTION>\r\n";
    }
    echo  <<<HTML
<form method="post" action="getmontso.php">
    <div>
        <select name="sls_his_invc_no">
        {$options}
        </select>
        <input type="submit" name="sono" value="Get Data">
        <input type="hidden" name="montbilldate"value="$montbilldate">
        <input type="hidden" name="montcustid"value="$montcustid">
        <input type="hidden" name="montitemid"value="$montitemid">
    </div>
</FORM>
HTML;
if (isset($_POST[ 'sono' ])) {
    $sono = $_POST[ 'sls_his_invc_no' ];
}
$query1 = ("SELECT DISTINCT sls_his_invc_no AS 'SALE ORDER', sls_his_cust_id AS 'CUSTOMERID', sls_his_item_id AS 'ITEMID' from sls_his
WHERE sls_his_invc_no = '$sono'
AND sls_his_item_id IN (select item_id from item where item_vend_id = 'MONTAGE')");
$query2 = ("SELECT DISTINCT sls_his_prchdat_alt from sls_his 
WHERE sls_his_invc_no = '$sono'
AND sls_his_item_id IN (select item_id from item where item_vend_id = 'MONTAGE')");
$query3 = ("SELECT DISTINCT sls_his_cust_id from sls_his 
WHERE sls_his_invc_no = '$sono'
AND sls_his_item_id IN (select item_id from item where item_vend_id = 'MONTAGE')");
$query4 = ("SELECT DISTINCT sls_his_item_id from sls_his 
WHERE sls_his_invc_no = '$sono'
AND sls_his_item_id IN (select item_id from item where item_vend_id = 'MONTAGE')");
$result1 = odbc_exec($conn, $query1);
$montbilldate = odbc_exec($conn, $query2);
$montcustid = odbc_exec($conn, $query3);
$montitemid = odbc_exec($conn, $query4);
odbc_result_all($result1);
print('<iframe align="left"
src ="inputmont.php?montsono=' . $_POST[ 'sls_his_invc_no' ] . '&montbilldate=' . $_POST[ 'montbilldate' ] . '&montcustid=' . $_POST[ 'montcustid' ] . '&montitemid=' . $_POST[ 'montitemid' ] . '"
height="200"
width="500">
</iframe>');
?>

I can get the iframe to echo the SO NO but not the other three hidden values included with the SUBMIT button.

 

[jpadie]

your iframe looks fine to me.

but it is unclear where these variables are being derived from:
$montbilldate (etc) within the form. they appear only to be pulled out of the database after the form is created.

their POST values (used in the iframe source) will only be present when the form is actually submitted, however you are using the POST values without having tested for submission. clearly there is a logic hole here.

lastly, since you have these datapoints from the query, why are you then using the (suspect) POST values in the form?

and really finally ... a form is a bad place to store session data. or data that you wish to persist across multiple scripts. the correct place, imo, to store session data is in a session.