Record users posted values with Sessions?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
JimiH
Forum Commoner
Posts: 92
Joined: Thu Jun 15, 2006 6:10 am

Record users posted values with Sessions?

Post by JimiH »

Hi

I have the following codes which posts values into a MySQL DB

Code: Select all

<?
include("conn.php");
$mode=$_GET["mode"];
if($mode=="add") {
$user=$_POST["User"];
$cat=$_POST["cat"];
            $subcat=$_POST["subcat"];            
            $time=$_POST["time"];            
            $Res=$_POST["Res"]; 
            $Date=$_POST["Missed_Date"]; 
            
            //Display data
                //print_r($_POST); echo "\n</pre>\n"; 
                    //print_r($sql); echo "\n</pre>\n"; 
         
			$sql="insert into Live(user,cat,subcat,time,Date) values('$user','$cat','$subcat','$time','$Date')";
			$result=mysql_query($sql,$connection) or die(mysql_error());
              //print_r($sql); echo "\n</pre>\n";   
			header("location: dd5.php");
			
		  } elseif($mode=="update") {
		  	$TAB1FIELD2=$_POST["TAB1FIELD2"];
			$TAB1FIELD1=$_POST["TAB1FIELD1"];
			$sql="update table1 set TAB1FIELD2='$TAB1FIELD2' where TAB1FIELD1='$TAB1FIELD1'";
			//echo $sql;
			$result=mysql_query($sql,$connection) or die(mysql_error());
			//echo $TAB1FIELD2;
            
			header("location: dd5.php");
		  }
?>

What I want to do is record the values posted by the user in ($Date) and have them passed to webpage "dd5.php"
which will use the value stored in ($Date) within a query.

Hope you can help

Thanks

Geoff
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

just in the other script make select and collect the data. you can pass some id or something via get to know what to select

fyi your code is vulnarable to sql injection
http://php.net/mysql_real_escape_string
JimiH
Forum Commoner
Posts: 92
Joined: Thu Jun 15, 2006 6:10 am

Post by JimiH »

Thanks

Sorted it using sessions

Code: Select all

$_SESSION['session_var']=$_POST["Missed_Date"];

Code: Select all

$Date = $_SESSION['session_var'];
  
$quer4=mysql_query("SELECT * From Live inner join category on cat = cat_id inner join subcategory on subcat = subcat_id WHERE Date = '$Date'");
Thank

Geoff
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

still sql injectons...just fyi
Post Reply