Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New to the CF scene
    Join Date
    Apr 2011
    Posts
    8
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Passing PHP variables between pages through a link

    Hi there, I am looking for some information on how to pass a user's id number between pages on my website. I need to also do this through a link because it would be the edit and delete buttons. Now, I know the standard use GET or POST or Session variables, but I am having difficulty because GET seems to be the easiest way to do it yet I know its insecure. Is there anyway to make it any more secure, i.e. if a user changes the url it will just go back to a certain page? Or is there a way to create a POST form button each time for the edit and delete buttons and have the variables passed that way? Any help would be greatly appreciated.

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,861
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    if a user changes the url it will just go back to a certain page?
    Why don't you use sessions?
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    New to the CF scene
    Join Date
    Apr 2011
    Posts
    8
    Thanks
    1
    Thanked 0 Times in 0 Posts
    How would I pass the session variable through a link?

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,339
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    You wouldn't need to.

    Session variables are available to any script on the server. They're basically an array that sits in a session file. Each visitor gets their own session and session file so the scripts only ever get the correct session data for each visitor.

    You use it the same as any other array except you need to use session_start() near the top of each script that uses sessions.

    That way you don't need to pass anything in the url or via post.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    New Coder
    Join Date
    Feb 2010
    Location
    Manchester, UK
    Posts
    69
    Thanks
    0
    Thanked 13 Times in 13 Posts
    pass user's id through session
    pass 'delete' or 'edit' through GET

  • #6
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,861
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Go through the examples provided at http://php.net/session_start, to get some idea.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    I fail to see how you consider a GET any less secure than a POST? I can send either to a server, if I know what it expects than I can push whatever I want to it. Sessions on the otherhand would require a method of obtaining other session identifiers in order for me to hijack.
    What it comes down to is really quite simple. It doesn't matter if you pass it by post or get. You can certainly chain post buttons to passthru on pages by providing a value based from a previous POSTed value. What you need to do is ensure you have proper privileges set up that prevent me from deleting a user by simply giving it a command and an id. That of course requires a login system to be implemented. If I were to give it a delete command an in id of 1, I'd expect that it will tell me I'm not privileged for the action requested (or be successful if it is).

  • #8
    New to the CF scene
    Join Date
    Apr 2011
    Posts
    8
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Okay because obviously I am not making myself clear. I know how to use session variables and have them already in the script. Here is the code that I am dealing with:

    PHP Code:
        $query "SELECT location_name, street FROM address WHERE user_id = '" $_SESSION['user_id'] . "'";
          
    $data mysqli_query($dbc$query);
          
    $address_array = array(); 
          
          while (
    $row mysqli_fetch_assoc($data)) { 
            
    array_push($address_array$row); 
        }
          
    //loop through each array to create a table with the address info
        
    echo '<table class="address_table">'
        echo 
    '<th class="table_top" colspan="5"></th>';
        foreach (
    $address_array AS $address) { 
            echo 
    '<tr>'
            foreach (
    $address AS $item) { 
                echo 
    '<td class="address">' $item '</td>'
            }
            echo 
    '<td class="edit"><a href="/settings/edit_address.php"><img src="images/edit_button.png" border="0" /></a></td>';
            echo 
    '<td class="delete"><a href="/settings/delete_address.php"><img src="images/delete_button.png" border="0" /></a></td>';
            echo 
    '</tr>'
        } 
        echo 
    '</table>'

      
    mysqli_close($dbc); 
    I need some help in getting the address_id to pass through the links, edit and delete buttons. I know I have to add the address_id to the query, however, I also dont want this to be an item in the table, I just want it passed through the links.

    Does this make it clear?

  • #9
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,339
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by acm2011 View Post
    Does this make it clear?
    If only you'd posted that code in the first place...

    PHP Code:
            echo '<td class="edit"><a href="/settings/edit_address.php?uid=__UserID__"><img src="images/edit_button.png" border="0" /></a></td>';
            echo 
    '<td class="delete"><a href="/settings/delete_address.php?uid=__UserID__"><img src="images/delete_button.png" border="0" /></a></td>'
    Replace __UserID__ with the id of the user in the DB.

    This doesn't make it any more secure though and frankly there isn't really a simple way you can make it more secure because one way or the other you still need to know which users address you're referring to.

    Then in your edit and delete address scripts you do this:
    $UserId = $_GET['uid'];

    Run it through mysql_real_escape_string and then run the query on it to get the address from the DB for your editor or to delete.

    You claim you know how to use sessions, GET and POST so i am still puzzled how you couldn't understand this and why you seem irritated about us not understanding you.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #10
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,339
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Looking back at your question up top, you could MD5 hash each users id from the database, then store each id in the session using the hash as the session key.

    Then in the URL you could use the hash instead of the actual user id.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #11
    New to the CF scene
    Join Date
    Apr 2011
    Posts
    8
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I am not irritated just frustrated. I am not looking to pass the user_id, I know I referenced that in the first post but that was just to use an example. In the code I posted above, I need to pass the address id for the particular address that I am looking to edit/delete. The edit and delete scripts will then either present a form with the addresses information already filled in, or it will do a delete query where that particular address_id is in my db.

  • #12
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,339
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Well you can easily change that can't you. I only used the userid as an example.. it's not set in stone is it but apparently you can use that as an example but not me. Ok, thats fine..

    I've given you an example of how to perform this, how to hide the id (of whatever) in the session now you have nothing to be frustrated about yet you pick fault with me for showing you how to pass an id.

    Next time i'll just use $ID_of_Whatever then (if i bother to help at all).

    No thanks needed for my time and effort..
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •