I have successfully implemented data transfer attempt from one page to another using PHP mysql_insert_id header, location method. What I did was:
I have validated it (transferring (i.e. form action) the form to the same page), I have saved it in database, and now I m trying to display the data on another page.
page1 (where original form is located)
$id = mysql_insert_id();
header('Location: page2.php?id='.$id);
and in page2
$id = $_GET['id'];
$query = "SELECT * FROM form1 WHERE id=$id";
{
// there after display of data
}
The problem I faced:
I m getting this link in the title bar
http://localhost/aaa/page2.php?id=76
now if I try to change id= 56 or 45 or any other it is changing displayed data to that id.. so any user can change it in address bar and hence will be able to see my db values..
I thought of encoding it in first place, then at second place I thought of changing it to sessions instead.
so I searched a lot on google to set it as session and I tried this
<?php
// Starting the session
session_start();
if(isset($_SESSION['id'])) //and is this use of id correct?
{ // then what?
}
thanks guys for your help
You have to explain what you are exactly trying to do ? so that we can give suggestion . Though below code will work fine. But i think no use of it.Use session_start before using the session.
Page 1:
$id = mysql_insert_id();
$_SESSION['last_id'] = $id;
header('Location: page2.php');
Page 2: $id = $_SESSION['last_id'];
$query = "SELECT * FROM form1 WHERE id=$id";
{
// there after display of data
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With