| Re: variable value gets lost [message #174462 is a reply to message #174459] |
Sun, 12 June 2011 21:17   |
Co
Messages: 75
Registered: May 2011
Karma:
|
Member |
|
|
On 12 jun, 23:06, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> On 6/12/2011 3:13 PM, Co wrote:
>
>
>
>
>
>
>
>
>
>> Hi All,
>
>> I have a page with shows the profile of one of my users.
>> the id of the user is send to the page: profile.php?id=3
>> It is retrieved on the page by $id = $_GET['id'].
>
>> When I click a submit button on the page to add a message
>> to the user I lose his $id.
>> How can I preserve the value of $id to add the message to the user?
>
>> $sqlName = mysql_query("SELECT * FROM myMembers WHERE
>> id='$logOptions_id' LIMIT 1") or die ("Sorry we had a mysql error!");
>
>> while ($row = mysql_fetch_array($sqlName)) { $firstname =
>> $row["firstname"];$lastname = $row["lastname"];$username =
>> $row["username"];$userid = $row["id"];}
>
>> if ($userid != $id){
>> $query = mysql_query("SELECT * FROM profile_comments WHERE
>> profile_id='$uid' AND user_id='$userid' AND comment='$comment'");
>> $numrows = mysql_num_rows($query);
>> print $numrows;
>> if ($numrows == 0){
>> $commdate = date("d F Y"); // 08 October, 2010
>> print $commdate;
>> mysql_query("INSERT INTO profile_comments VALUES ('', '$uid',
>> '$userid', '$username', '$comment', '$commdate')");
>
>> Marco
>
> You do NOT want to pass the user's id in either the form or the URL. It
> is so easy to hack and assume the id of another user it's not even funny.
>
> Rather, pass it in the $_SESSION.
>
> Also, anything you pass is in the URL is in the $_GET array. Variables
> in your program are not automatically set (in a secure system, anyway).
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================
Jerry,
so instead of doing profle.php?id=3
I should put it in a $_session ?
what was the code for that again?
Marco
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]