Help with inserting data from url

[tomtheperson]

i have a problem inserting some data from the url to my mysql database. here is the code:

Code: Select all

<?php
include'all.php';
if(isset($_GET['text']))
{
   $text = sanitizeString($_GET['text']);
   if ($text != "")
   {
                $topic=$_GET['topic'];
      queryMysql("INSERT INTO forum VALUES(NULL,
               '$user','$topic','$text')");
   }

}
echo <<<_END
<form  method='get' action="viewtopic.php">
<textarea style="resize:none" cols="50" rows="5" name='text'></textarea><br>
<input type='submit' value='Answer'/>
</form>
_END;
?>


the $topic variable is from the URL. when i press the submit button in my form all the data goes to the database apart from the $topic variable data. I just need some help in sorting it out. Also sanitizeString is a function that makes it secure using mysql_real_escape_string.
Thanks

[NigelRen]

The value of topic might be in the URL calling the page - but you would need to add it to the URL in the form tag as well to ensure it's passed on. If you add the value - sort of like I've tried to show, then this should get passed on.

Code: Select all

<form  method='get' action="viewtopic.php?topic=topicvalue">

[tomtheperson]

Thanks for replying
I have tried that but it just returns this:

Code: Select all

http://localhost/mywebsite/viewtopic.php?text=hello