| Re: variable value gets lost [message #174465 is a reply to message #174462] |
Mon, 13 June 2011 01:24  |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 6/12/2011 5:17 PM, Co wrote:
> On 12 jun, 23:06, Jerry Stuckle<jstuck...@attglobal.net> wrote:
>> On 6/12/2011 3:13 PM, Co wrote:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>> Hi All,
>>
>>> I have a page with shows the profile of one of my users.
>>> the id of the user is send to the page: profile.php?id=3
>>> It is retrieved on the page by $id = $_GET['id'].
>>
>>> When I click a submit button on the page to add a message
>>> to the user I lose his $id.
>>> How can I preserve the value of $id to add the message to the user?
>>
>>> $sqlName = mysql_query("SELECT * FROM myMembers WHERE
>>> id='$logOptions_id' LIMIT 1") or die ("Sorry we had a mysql error!");
>>
>>> while ($row = mysql_fetch_array($sqlName)) { $firstname =
>>> $row["firstname"];$lastname = $row["lastname"];$username =
>>> $row["username"];$userid = $row["id"];}
>>
>>> if ($userid != $id){
>>> $query = mysql_query("SELECT * FROM profile_comments WHERE
>>> profile_id='$uid' AND user_id='$userid' AND comment='$comment'");
>>> $numrows = mysql_num_rows($query);
>>> print $numrows;
>>> if ($numrows == 0){
>>> $commdate = date("d F Y"); // 08 October, 2010
>>> print $commdate;
>>> mysql_query("INSERT INTO profile_comments VALUES ('', '$uid',
>>> '$userid', '$username', '$comment', '$commdate')");
>>
>>> Marco
>>
>> You do NOT want to pass the user's id in either the form or the URL. It
>> is so easy to hack and assume the id of another user it's not even funny.
>>
>> Rather, pass it in the $_SESSION.
>>
>> Also, anything you pass is in the URL is in the $_GET array. Variables
>> in your program are not automatically set (in a secure system, anyway).
>>
>
> Jerry,
>
> so instead of doing profle.php?id=3
> I should put it in a $_session ?
> what was the code for that again?
>
> Marco
Try the manual. You can find it at http://www.php.net. There are
plenty of examples.
Don't expect people to write your code for you. If you're too lazy to
try to learn how to properly code in PHP (i.e. get books, read
tutorials, etc.), then hire someone to do it for you.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]