FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » variable value gets lost
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
variable value gets lost [message #174451] Sun, 12 June 2011 19:13 Go to next message
Co is currently offline  Co
Messages: 75
Registered: May 2011
Karma: 0
Member
Hi All,

I have a page with shows the profile of one of my users.
the id of the user is send to the page: profile.php?id=3
It is retrieved on the page by $id = $_GET['id'].

When I click a submit button on the page to add a message
to the user I lose his $id.
How can I preserve the value of $id to add the message to the user?

$sqlName = mysql_query("SELECT * FROM myMembers WHERE
id='$logOptions_id' LIMIT 1") or die ("Sorry we had a mysql error!");

while ($row = mysql_fetch_array($sqlName)) { $firstname =
$row["firstname"];$lastname = $row["lastname"];$username =
$row["username"];$userid = $row["id"];}

if ($userid != $id){
$query = mysql_query("SELECT * FROM profile_comments WHERE
profile_id='$uid' AND user_id='$userid' AND comment='$comment'");
$numrows = mysql_num_rows($query);
print $numrows;
if ($numrows == 0){
$commdate = date("d F Y"); // 08 October, 2010
print $commdate;
mysql_query("INSERT INTO profile_comments VALUES ('', '$uid',
'$userid', '$username', '$comment', '$commdate')");

Marco
Re: variable value gets lost [message #174452 is a reply to message #174451] Sun, 12 June 2011 19:43 Go to previous messageGo to next message
Mathieu Maes is currently offline  Mathieu Maes
Messages: 5
Registered: May 2011
Karma: 0
Junior Member
On 12 jun, 21:13, Co <vonclausow...@gmail.com> wrote:
> Hi All,
>
> I have a page with shows the profile of one of my users.
> the id of the user is send to the page:  profile.php?id=3
> It is retrieved on the page by $id = $_GET['id'].
>
> When I click a submit button on the page to add a message
> to the user I lose his $id.
> How can I preserve the value of $id to add the message to the user?
>
> $sqlName = mysql_query("SELECT * FROM myMembers WHERE
> id='$logOptions_id' LIMIT 1") or die ("Sorry we had a mysql error!");
>
>         while ($row = mysql_fetch_array($sqlName)) { $firstname =
> $row["firstname"];$lastname = $row["lastname"];$username =
> $row["username"];$userid = $row["id"];}
>
>                                 if ($userid != $id){
>                                         $query = mysql_query("SELECT * FROM profile_comments WHERE
> profile_id='$uid' AND user_id='$userid' AND comment='$comment'");
>                                         $numrows = mysql_num_rows($query);
>                                         print $numrows;
>                                         if ($numrows == 0){
>                                                 $commdate = date("d F Y"); // 08 October, 2010
>                                                 print $commdate;
>                                                 mysql_query("INSERT INTO profile_comments VALUES ('', '$uid',
> '$userid', '$username', '$comment', '$commdate')");
>
> Marco

Hi Marco,

Since you haven't provided the HTML code from your form, I will assume
the following:
<form method="post" action="profile.php">
....
<input type="submit" />
</form>

Look at the first line where I provide the form "action". If you click
the submit button, the data will be sent to profile.php which does not
contain your user ID (?id=9000).

I guess the best solution is to add the user ID inside the form as a
hidden input:
<form>
<input type="hidden" name="id" value="<?php echo $id;?>" />
</form>

As a result, the User ID is being sent with your form, and can be read
as follows:
<?php
$id = $_POST['id']; //Assuming you're using POST method
?>

I should warn you that the ID is exposed to the user, which can be
manipulated. If there are certain security limitations (i.e. only be
able to post comments to a certain group of users), you must validate
$_POST['id'] to make sure the user is allowed to post using that ID!!

Kind regards,
Mathew
Re: variable value gets lost [message #174459 is a reply to message #174451] Sun, 12 June 2011 21:06 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 6/12/2011 3:13 PM, Co wrote:
> Hi All,
>
> I have a page with shows the profile of one of my users.
> the id of the user is send to the page: profile.php?id=3
> It is retrieved on the page by $id = $_GET['id'].
>
> When I click a submit button on the page to add a message
> to the user I lose his $id.
> How can I preserve the value of $id to add the message to the user?
>
> $sqlName = mysql_query("SELECT * FROM myMembers WHERE
> id='$logOptions_id' LIMIT 1") or die ("Sorry we had a mysql error!");
>
> while ($row = mysql_fetch_array($sqlName)) { $firstname =
> $row["firstname"];$lastname = $row["lastname"];$username =
> $row["username"];$userid = $row["id"];}
>
> if ($userid != $id){
> $query = mysql_query("SELECT * FROM profile_comments WHERE
> profile_id='$uid' AND user_id='$userid' AND comment='$comment'");
> $numrows = mysql_num_rows($query);
> print $numrows;
> if ($numrows == 0){
> $commdate = date("d F Y"); // 08 October, 2010
> print $commdate;
> mysql_query("INSERT INTO profile_comments VALUES ('', '$uid',
> '$userid', '$username', '$comment', '$commdate')");
>
> Marco

You do NOT want to pass the user's id in either the form or the URL. It
is so easy to hack and assume the id of another user it's not even funny.

Rather, pass it in the $_SESSION.

Also, anything you pass is in the URL is in the $_GET array. Variables
in your program are not automatically set (in a secure system, anyway).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: variable value gets lost [message #174462 is a reply to message #174459] Sun, 12 June 2011 21:17 Go to previous messageGo to next message
Co is currently offline  Co
Messages: 75
Registered: May 2011
Karma: 0
Member
On 12 jun, 23:06, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> On 6/12/2011 3:13 PM, Co wrote:
>
>
>
>
>
>
>
>
>
>> Hi All,
>
>> I have a page with shows the profile of one of my users.
>> the id of the user is send to the page:  profile.php?id=3
>> It is retrieved on the page by $id = $_GET['id'].
>
>> When I click a submit button on the page to add a message
>> to the user I lose his $id.
>> How can I preserve the value of $id to add the message to the user?
>
>> $sqlName = mysql_query("SELECT * FROM myMembers WHERE
>> id='$logOptions_id' LIMIT 1") or die ("Sorry we had a mysql error!");
>
>>    while ($row = mysql_fetch_array($sqlName)) { $firstname =
>> $row["firstname"];$lastname = $row["lastname"];$username =
>> $row["username"];$userid = $row["id"];}
>
>>                            if ($userid != $id){
>>                                    $query = mysql_query("SELECT * FROM profile_comments WHERE
>> profile_id='$uid' AND user_id='$userid' AND comment='$comment'");
>>                                    $numrows = mysql_num_rows($query);
>>                                    print $numrows;
>>                                    if ($numrows == 0){
>>                                            $commdate = date("d F Y"); // 08 October, 2010
>>                                            print $commdate;
>>                                            mysql_query("INSERT INTO profile_comments VALUES ('', '$uid',
>> '$userid', '$username', '$comment', '$commdate')");
>
>> Marco
>
> You do NOT want to pass the user's id in either the form or the URL.  It
> is so easy to hack and assume the id of another user it's not even funny.
>
> Rather, pass it in the $_SESSION.
>
> Also, anything you pass is in the URL is in the $_GET array.  Variables
> in your program are not automatically set (in a secure system, anyway).
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================

Jerry,

so instead of doing profle.php?id=3
I should put it in a $_session ?
what was the code for that again?

Marco
Re: variable value gets lost [message #174464 is a reply to message #174462] Mon, 13 June 2011 00:56 Go to previous messageGo to next message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
Senior Member
On Sun, 12 Jun 2011 14:17:57 -0700, Co wrote:

> so instead of doing profle.php?id=3
> I should put it in a $_session ?
> what was the code for that again?

http://lmgtfy.com/?q=php+session

Rgds

Denis McMahon
Re: variable value gets lost [message #174465 is a reply to message #174462] Mon, 13 June 2011 01:24 Go to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 6/12/2011 5:17 PM, Co wrote:
> On 12 jun, 23:06, Jerry Stuckle<jstuck...@attglobal.net> wrote:
>> On 6/12/2011 3:13 PM, Co wrote:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>> Hi All,
>>
>>> I have a page with shows the profile of one of my users.
>>> the id of the user is send to the page: profile.php?id=3
>>> It is retrieved on the page by $id = $_GET['id'].
>>
>>> When I click a submit button on the page to add a message
>>> to the user I lose his $id.
>>> How can I preserve the value of $id to add the message to the user?
>>
>>> $sqlName = mysql_query("SELECT * FROM myMembers WHERE
>>> id='$logOptions_id' LIMIT 1") or die ("Sorry we had a mysql error!");
>>
>>> while ($row = mysql_fetch_array($sqlName)) { $firstname =
>>> $row["firstname"];$lastname = $row["lastname"];$username =
>>> $row["username"];$userid = $row["id"];}
>>
>>> if ($userid != $id){
>>> $query = mysql_query("SELECT * FROM profile_comments WHERE
>>> profile_id='$uid' AND user_id='$userid' AND comment='$comment'");
>>> $numrows = mysql_num_rows($query);
>>> print $numrows;
>>> if ($numrows == 0){
>>> $commdate = date("d F Y"); // 08 October, 2010
>>> print $commdate;
>>> mysql_query("INSERT INTO profile_comments VALUES ('', '$uid',
>>> '$userid', '$username', '$comment', '$commdate')");
>>
>>> Marco
>>
>> You do NOT want to pass the user's id in either the form or the URL. It
>> is so easy to hack and assume the id of another user it's not even funny.
>>
>> Rather, pass it in the $_SESSION.
>>
>> Also, anything you pass is in the URL is in the $_GET array. Variables
>> in your program are not automatically set (in a secure system, anyway).
>>
>
> Jerry,
>
> so instead of doing profle.php?id=3
> I should put it in a $_session ?
> what was the code for that again?
>
> Marco

Try the manual. You can find it at http://www.php.net. There are
plenty of examples.

Don't expect people to write your code for you. If you're too lazy to
try to learn how to properly code in PHP (i.e. get books, read
tutorials, etc.), then hire someone to do it for you.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Why does relative include fail?
Next Topic: Codeigniter - pagination
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 03:44:20 GMT 2024

Total time taken to generate the page: 0.02054 seconds