Let's say I have the following URL:
http://test/order?id=263&name=John
A php file handles the URL and I use $_GET to take the data from the URL and bind it to a variable:
<?php
$id = $_GET['id'];
$name = $_GET['name'];
?>
As it stands now, the user is able to change the URL and subsequently the values of the variables. I want the variables to be bound once and not to be subjected to change after. Is there any way to do that with PHP?
you could actually store them in session....
1)at the very top of the page initialize the session
2) check if the value in session exists and if not create it.
at this point every further change will not be taken in consideration,
<?php
session_start();
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = [
'id' => (int) $_GET['id'], //Cast the id to int
'name' =>urldecode($_GET['name']) //url decode the name
];
}
Now you have your data stored in session and you can call it using:
$_SESSION['user']['id']
$_SESSION['user']['name']
and they will never be overwritten, if you want to be updated on every call or change it if some parameter has been passed you can add some option in the condition
if (!isset($_SESSION['user']) && $_GET['updateData') == 1) {
$_SESSION['user'] = [
'id' => (int) $_GET['id'], //Cast the id to int
'name' =>urldecode($_GET['name']) //url decode the name
];
}
<?php
start_session();
if(isset($_SESSION['name'])){
$name = $_SESSION['name'];
$id = $_SESSION['id'];
} else {
$_SESSION['id'] = $_GET['id'];
$id = $_GET['id'];
$_SESSION['name'] = $_GET['name'];
$id = $_GET['name'];
}
?>
You could try something like this.
Just save those variables in session or in some file until session is closed, if you have long session (login/logout). You can create array in session and keep there all these ids along with session ids. Hope that helps
Related
i want to store a value in to session using PHP
for example $id=10 i want to store this value in a session
i tried
$pid= session_id($id);
echo $pid;
and
$pid = $_SESSION['$id'];
but not working
at the top of page
session_start();
then to set session variable
$_SESSION['id'] = $someID;
To retrieve the value of id
$pid = $_SESSION['id'];
Further more read more about session here
Here is the right code to store the variable in PHP session:
<?php
session_start();
$id = 10;
$_SESSION["user_id"] = $id;
?>
Now to get the session data:
<?php
session_start();
echo $_SESSION["user_id"];
?>
Also, I have write a complete guide on PHP session on one of my blog: How to start a PHP session, store and accessing Session data?
Try this..
<?php
session_start();
$id = 10; //store 10 in id variable
$_SESSION['id'] = $id; // now, store $id i.e, 10 in Session variable named id.
echo $_SESSION['id']; // now, print the Session variable
I am passing the following variables from a query through a link:
<a href="middle.php?name=<?php echo $name; ?>&id=<?php echo $id1; ?>&rowid=<?php echo $rowid; ?>&record=<?php echo $record; ?>">
The variables are being passed to this page:
session_start();
//$id = ($_GET['id']);
if (isset($_GET["record"])) {
$_SESSION["record"] = $_GET["record"];
}
if (isset($_GET["id"])) {
$_SESSION["id"] = $_GET["id"];
}
if (isset($_GET["rowid"])) {
$_SESSION["rowid"] = $_GET["rowid"];
}
if (isset($_GET["name"])) {
$_SESSION["name"] = $_GET["name"];
}
if (isset($_GET["store"])) {
$_SESSION["store"] = $_GET["store"];
}
and then users are redirected to this page where Im trying to use the assign the session variables to variables in the page like this:
session_start();
$id = $_SESSION[id];
$rowid = $_SESSION[rowid];
$name = $_SESSION[name];
$record = $_SESSION[record];
The variables arent accessible as I need them to be on this page. Am I missing quotes? What is the best way to use the session variables again?
FYI they're mainly being used in other queries like this:
"SELECT * FROM mgap_orders WHERE mgap_ska_id = '" . $_SESSION['id'] . "' AND mgap_status = 0 GROUP BY mgap_ska_report_category LIMIT 5";
Am I missing quotes?
Yes. You say you're accessing them like this:
$id = $_SESSION[id];
That should be this:
$id = $_SESSION['id'];
But even more to the point, why do you need to use session here at all? The way you describe the situation is:
User makes a request with query string values in the link.
In the response you forward the user to another page (presumably using the location header?).
On the last page the values need to be present.
If they're query string values, keep them as query string values in the redirect. So where you may have something like this:
header('Location: somePage.php');
you can include the values:
header('Location: somePage.php?name=' . $name');
and so on for the remainder of the values, just like you do when building the original link for the page which performs the redirect.
Also, while you don't show your data access, you do show your query which appears to be vulnerable to SQL Injection attacks. Ultimately the values you're using are coming from user input (query string) so you shouldn't directly concatenate them into SQL queries.
I have the following login script, where i do use sessions.
<?php
session_start();
if(isset($_SESSION['logged_in'])){
$id = $_SESSION['id'];
header("Location: start.php?id=$id");
exit();
}
if(isset($_POST['submit'])){
$x1 = $_POST['x1'];
$x2 = $_POST['x2'];
...
$query = $db->query("SELECT * FROM table WHERE x1='".$x1."' AND x2='".$x2."'");
if($query->num_rows === 1){
$row = $query->fetch_object();
$id = $row->id;
$_SESSION['logged_in'] = true;
$_SESSION['id'] = $id;
header("Location: start.php?id=$id");
3more queries
exit();
start.php will be just:
<?php
echo $_GET['id'];
?>
I thought $_GET['id'] would be stored on the server so that $_GET should be displayed. The fetch_object is working. I know that, because it will be displayed the right way at "id=$id" at the browser. So would someone be that friendly and could help me out. Thanks!
The $_GET superglobal is defined as part of the URL string:
http://example.org/index.php?foo=bar&baz=1
In index.php:
echo $_GET['foo']; // bar
echo $_GET['baz']; // 1
So $_GET is not stored on the server, but is passed with each HTTP request, as is $_POST, but that is passed in the HTTP headers rather than simply appened to the end of the URL.
$_GET variables are those passed via the URL, i.e. index.php?foo=bar&baz=qux (foo equals bar, baz equals qux).
These variables are not stored on the server as a part of the session, but rather only exist with that request. If you want to store information on the server as a part of the session, you should use $_SESSION instead, which will exist within the current session, regardless of the request.
I have this problem. Session does not work when I use with $_POST. If I add 63 manualy it will works across pages. I can see the output 63.
$_SESSION['name'] = 63;
echo $_SESSION['name'] ;
but this below won't work when I switch between pages. The $row['id'] output is also 63.
$cari = "SELECT id FROM dns_soa WHERE `origin` = '".$_POST['origin']."'";
$keputusan = mysql_query($cari);
$row = mysql_fetch_array($keputusan);
$_SESSION['name'] = $row['id'];
echo $_SESSION['name'] ;
When I go to 2nd pages I can see the output but when I went back to 1st pages the output is gone. Any idea?
Because when you are coming back it will again set the session variable, as this time you don't have the $_POST[origin] variable that leads to $row['id']="" and the session variable also NULL...
What you should do is..
$cari = "SELECT id FROM dns_soa WHERE `origin` = '".$_POST['origin']."'";
$keputusan = mysql_query($cari);
$row = mysql_fetch_array($keputusan);
if(!isset($_SESSION['name']))
$_SESSION['name'] = $row['id'];
echo $_SESSION['name'] ;
When you go back to the page where you have used $_POST, $_POST becomes empty, unless your browser posts it again. So the SQL query returns no result. Hence, $_SESSION['name'] becomes empty.
Also make sure you have invoked session_start on every page before using $_SESSION
I'm trying to set a session variable and use it on another page.
I have: pg1
session_start();
$_session['sessionID'] = $row['ID'];
Then on page two I have.
session_start();
$userID = $sessionID;
But when I use JC to alert this out I get nothing.
Am I doing this wrong?
Rather than:
$userID = $sessionID;
Use:
$userID = $_SESSION['sessionID']
You need to specify the $_SESSION there because that is the array you stored the value in :)
Have a look at this session tutorial if you want.
On the second page, you'll need to say
$userID = $_SESSION['sessionID'];
You need to do the following on page 2:
session_start();
$userID = $_SESSION['sessionID'];
You also need to use $_SESSION, not $_session