Jump to content

Passing variable across url not echoing out

deansaddigh

By deansaddigh
in PHP Coding Help

 Share

Recommended Posts

deansaddigh Advanced Member

deansaddigh

Posted
Posted

I have this code on the add_school_form_ submit.php

// Insert school details into database 
$query = "INSERT INTO school(school_id, name, street, town, city, county, region, postcode, country, school_facts, general_info, school_facilities)
VALUES(0, '$schoolname', '$street', '$town', '$city' ,'$county', '$region', '$postcode', '$country', '$schoolfacts', '$generalinfo', '$schoolfacilities')";
$result = mysql_query($query) 
	or die("Error adding the school");
$schoolid = mysql_insert_id();

// Return to form 
mysql_close($conn);

//pass through the school id
header("Location: image_upload.php?$schoolid");
exit();
?>

Which gets the newly created id for the school, it then redirects to a page where you can upload images for the school using the id i have passed it.

 

This is done on this page image_upload.php

 

<?php 
			if (isset($_GET['$schoolid'])) 	
			{
				echo '$schoolid';

			}

		?>

 

However its not printing out the id. any ideas

 

 

WolfRage Newbie

WolfRage

Posted
Posted 

header("Location: image_upload.php?$schoolid");

Should be:

 
header("Location: image_upload.php?schoolid=$schoolid");

Also 

 
[color=#0000bb]if (isset($_GET[/color]['$schoolid']))  { echo '$schoolid'; }

should be

 
[color=#0000bb]if (isset($_GET[/color]['schoolid']))  { echo $_GET['schoolid']; }

I hope that you are protecting agianst SQLinject and you have better not have register_globals enabled.

deansaddigh Advanced Member

deansaddigh

Posted
  • Author
Posted

Thanks very much thats worked.

you have me curious now i am using sql protection on these kinda things

 

$schoolname = mysql_real_escape_string($_POST["schoolname"]);

etc . but if someone hacks my admin and i am passing schoolid across the url they could put any id they want in there and then add images against that id.

 

How can i stop that

deansaddigh Advanced Member

deansaddigh

Posted
  • Author
Posted

Ok so im i want to use the session to pass id. so i have this little slaver of code.

 

$schoolid = mysql_insert_id();
//put the id in the  session for security
session_register('schoolid');

 

 

and on the image_upload page i have 

<?php 
		echo $_SESSION['schoolid'];
		?>

 

but its not printing out anything.

i have session start on every page which is included in the security.php script which checks that its admin on the admin pages

 

Any ideas

deansaddigh Advanced Member

deansaddigh

Posted
  • Author
Posted

Hi and thanks unfortunately it still doesnt work with the revised code.

$schoolid = mysql_insert_id();
//put the id in the  session for security
$_SESSION['schoolid'] = $schoolid;

 

and then on upload images page

<div id="adminwelcome">
		<?php


		echo "<h2>Welcome: " . $_SESSION['name'].'</h2>';
		?>
		</div>


		<?php 
		echo "<p>". $_SESSION['schoolid']."</p>";
		?>

Is it because im using $_session twice? in the above code

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.