deansaddigh Posted February 4, 2010 Share Posted February 4, 2010 I have this code on the add_school_form_ submit.php // Insert school details into database $query = "INSERT INTO school(school_id, name, street, town, city, county, region, postcode, country, school_facts, general_info, school_facilities) VALUES(0, '$schoolname', '$street', '$town', '$city' ,'$county', '$region', '$postcode', '$country', '$schoolfacts', '$generalinfo', '$schoolfacilities')"; $result = mysql_query($query) or die("Error adding the school"); $schoolid = mysql_insert_id(); // Return to form mysql_close($conn); //pass through the school id header("Location: image_upload.php?$schoolid"); exit(); ?> Which gets the newly created id for the school, it then redirects to a page where you can upload images for the school using the id i have passed it. This is done on this page image_upload.php <?php if (isset($_GET['$schoolid'])) { echo '$schoolid'; } ?> However its not printing out the id. any ideas Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/ Share on other sites More sharing options...
WolfRage Posted February 4, 2010 Share Posted February 4, 2010 header("Location: image_upload.php?$schoolid"); Should be: header("Location: image_upload.php?schoolid=$schoolid"); Also [color=#0000bb]if (isset($_GET[/color]['$schoolid'])) { echo '$schoolid'; } should be [color=#0000bb]if (isset($_GET[/color]['schoolid'])) { echo $_GET['schoolid']; } I hope that you are protecting agianst SQLinject and you have better not have register_globals enabled. Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/#findComment-1006805 Share on other sites More sharing options...
deansaddigh Posted February 4, 2010 Author Share Posted February 4, 2010 Thanks very much thats worked. you have me curious now i am using sql protection on these kinda things $schoolname = mysql_real_escape_string($_POST["schoolname"]); etc . but if someone hacks my admin and i am passing schoolid across the url they could put any id they want in there and then add images against that id. How can i stop that Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/#findComment-1006810 Share on other sites More sharing options...
WolfRage Posted February 4, 2010 Share Posted February 4, 2010 POST is a little more secure but the most secure option is to use sessions. Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/#findComment-1006813 Share on other sites More sharing options...
deansaddigh Posted February 4, 2010 Author Share Posted February 4, 2010 thanks ill change it up to use a session instead. thanks for your help Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/#findComment-1006817 Share on other sites More sharing options...
WolfRage Posted February 4, 2010 Share Posted February 4, 2010 No problem. Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/#findComment-1006818 Share on other sites More sharing options...
deansaddigh Posted February 4, 2010 Author Share Posted February 4, 2010 Ok so im i want to use the session to pass id. so i have this little slaver of code. $schoolid = mysql_insert_id(); //put the id in the session for security session_register('schoolid'); and on the image_upload page i have <?php echo $_SESSION['schoolid']; ?> but its not printing out anything. i have session start on every page which is included in the security.php script which checks that its admin on the admin pages Any ideas Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/#findComment-1006833 Share on other sites More sharing options...
KevinM1 Posted February 4, 2010 Share Posted February 4, 2010 Instead of using session_register(), try: $_SESSION['schoolid'] = $schoolid; Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/#findComment-1006847 Share on other sites More sharing options...
deansaddigh Posted February 4, 2010 Author Share Posted February 4, 2010 Hi and thanks unfortunately it still doesnt work with the revised code. $schoolid = mysql_insert_id(); //put the id in the session for security $_SESSION['schoolid'] = $schoolid; and then on upload images page <div id="adminwelcome"> <?php echo "<h2>Welcome: " . $_SESSION['name'].'</h2>'; ?> </div> <?php echo "<p>". $_SESSION['schoolid']."</p>"; ?> Is it because im using $_session twice? in the above code Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/#findComment-1006852 Share on other sites More sharing options...
deansaddigh Posted February 4, 2010 Author Share Posted February 4, 2010 Cheers its working now Link to comment https://forums.phpfreaks.com/topic/190922-passing-variable-across-url-not-echoing-out/#findComment-1006890 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.