FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » variable value gets lost
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: variable value gets lost [message #174462 is a reply to message #174459] Sun, 12 June 2011 21:17 Go to previous messageGo to previous message
Co is currently offline  Co
Messages: 75
Registered: May 2011
Karma:
Member
On 12 jun, 23:06, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> On 6/12/2011 3:13 PM, Co wrote:
>
>
>
>
>
>
>
>
>
>> Hi All,
>
>> I have a page with shows the profile of one of my users.
>> the id of the user is send to the page:  profile.php?id=3
>> It is retrieved on the page by $id = $_GET['id'].
>
>> When I click a submit button on the page to add a message
>> to the user I lose his $id.
>> How can I preserve the value of $id to add the message to the user?
>
>> $sqlName = mysql_query("SELECT * FROM myMembers WHERE
>> id='$logOptions_id' LIMIT 1") or die ("Sorry we had a mysql error!");
>
>>    while ($row = mysql_fetch_array($sqlName)) { $firstname =
>> $row["firstname"];$lastname = $row["lastname"];$username =
>> $row["username"];$userid = $row["id"];}
>
>>                            if ($userid != $id){
>>                                    $query = mysql_query("SELECT * FROM profile_comments WHERE
>> profile_id='$uid' AND user_id='$userid' AND comment='$comment'");
>>                                    $numrows = mysql_num_rows($query);
>>                                    print $numrows;
>>                                    if ($numrows == 0){
>>                                            $commdate = date("d F Y"); // 08 October, 2010
>>                                            print $commdate;
>>                                            mysql_query("INSERT INTO profile_comments VALUES ('', '$uid',
>> '$userid', '$username', '$comment', '$commdate')");
>
>> Marco
>
> You do NOT want to pass the user's id in either the form or the URL.  It
> is so easy to hack and assume the id of another user it's not even funny.
>
> Rather, pass it in the $_SESSION.
>
> Also, anything you pass is in the URL is in the $_GET array.  Variables
> in your program are not automatically set (in a secure system, anyway).
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================

Jerry,

so instead of doing profle.php?id=3
I should put it in a $_session ?
what was the code for that again?

Marco
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Why does relative include fail?
Next Topic: Codeigniter - pagination
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 14:19:19 GMT 2024

Total time taken to generate the page: 0.04546 seconds