Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

converting an script from PHP mysql_insert_id header, location method to PHP session method

I have successfully implemented data transfer attempt from one page to another using PHP mysql_insert_id header, location method. What I did was:

I have validated it (transferring (i.e. form action) the form to the same page), I have saved it in database, and now I m trying to display the data on another page.

page1 (where original form is located)

$id =  mysql_insert_id();
header('Location: page2.php?id='.$id);

and in page2

$id = $_GET['id'];
$query  = "SELECT * FROM form1 WHERE id=$id";
{
 // there after display of data
}

The problem I faced:

I m getting this link in the title bar

http://localhost/aaa/page2.php?id=76

now if I try to change id= 56 or 45 or any other it is changing displayed data to that id.. so any user can change it in address bar and hence will be able to see my db values..

I thought of encoding it in first place, then at second place I thought of changing it to sessions instead.

so I searched a lot on google to set it as session and I tried this

<?php 
// Starting the session 
session_start();

if(isset($_SESSION['id'])) //and is this use of id correct?
{ // then what?
}

thanks guys for your help

like image 865
aks Avatar asked Jun 28 '26 18:06

aks


1 Answers

You have to explain what you are exactly trying to do ? so that we can give suggestion . Though below code will work fine. But i think no use of it.Use session_start before using the session.

Page 1:

$id =  mysql_insert_id();
$_SESSION['last_id'] = $id;
header('Location: page2.php');

Page 2: $id = $_SESSION['last_id'];

 $query  = "SELECT * FROM form1 WHERE id=$id";
  {
// there after display of data
  } 
like image 89
Samy Avatar answered Jul 01 '26 09:07

Samy