Page 1 of 1

Record users posted values with Sessions?

Posted: Tue Feb 06, 2007 8:18 am
by JimiH
Hi

I have the following codes which posts values into a MySQL DB

Code: Select all

<?
include("conn.php");
$mode=$_GET["mode"];
if($mode=="add") {
$user=$_POST["User"];
$cat=$_POST["cat"];
            $subcat=$_POST["subcat"];            
            $time=$_POST["time"];            
            $Res=$_POST["Res"]; 
            $Date=$_POST["Missed_Date"]; 
            
            //Display data
                //print_r($_POST); echo "\n</pre>\n"; 
                    //print_r($sql); echo "\n</pre>\n"; 
         
			$sql="insert into Live(user,cat,subcat,time,Date) values('$user','$cat','$subcat','$time','$Date')";
			$result=mysql_query($sql,$connection) or die(mysql_error());
              //print_r($sql); echo "\n</pre>\n";   
			header("location: dd5.php");
			
		  } elseif($mode=="update") {
		  	$TAB1FIELD2=$_POST["TAB1FIELD2"];
			$TAB1FIELD1=$_POST["TAB1FIELD1"];
			$sql="update table1 set TAB1FIELD2='$TAB1FIELD2' where TAB1FIELD1='$TAB1FIELD1'";
			//echo $sql;
			$result=mysql_query($sql,$connection) or die(mysql_error());
			//echo $TAB1FIELD2;
            
			header("location: dd5.php");
		  }
?>

What I want to do is record the values posted by the user in ($Date) and have them passed to webpage "dd5.php"
which will use the value stored in ($Date) within a query.

Hope you can help

Thanks

Geoff

Posted: Tue Feb 06, 2007 9:25 am
by jmut
just in the other script make select and collect the data. you can pass some id or something via get to know what to select

fyi your code is vulnarable to sql injection
http://php.net/mysql_real_escape_string

Posted: Tue Feb 06, 2007 9:45 am
by JimiH
Thanks

Sorted it using sessions

Code: Select all

$_SESSION['session_var']=$_POST["Missed_Date"];

Code: Select all

$Date = $_SESSION['session_var'];
  
$quer4=mysql_query("SELECT * From Live inner join category on cat = cat_id inner join subcategory on subcat = subcat_id WHERE Date = '$Date'");
Thank

Geoff

Posted: Tue Feb 06, 2007 12:22 pm
by jmut
still sql injectons...just fyi