jdlev Posted February 8, 2013 Share Posted February 8, 2013 Here's the deal. My user auth. carries a session variable that is a user's account number. Whenever they submit a form, I want their account number to submit with the rest of the information on the form. I assume I should use a hidden field? Can someone post an example of the coding I would use to make the hidden field equal to the session variable? One other question on session variables. Can a user see them like in their cookies or somewhere? I'd like to keep the session variable private to improve security if i could. TIA! Link to comment https://forums.phpfreaks.com/topic/274218-quick-question-about-session-variables-posting-through-php-form/ Share on other sites More sharing options...
jdlev Posted February 8, 2013 Author Share Posted February 8, 2013 Well, figured out the answer to my own question, but I'm still curious about the ability to view session variables? For anyone else wondering...you can pull in a session variable to a hidden field like so: <input type="hidden" name="loginName" id="loginName" value= "<?php echo $_SESSION['MM_loginName']; ?>" /> Link to comment https://forums.phpfreaks.com/topic/274218-quick-question-about-session-variables-posting-through-php-form/#findComment-1411065 Share on other sites More sharing options...
DaveyK Posted February 8, 2013 Share Posted February 8, 2013 Why would you post a session to a hidden field? The session will exist throughout the pages so you should just be able to use it on the other page. Also, input values can be changed using firebug, so if you would use this method, a user would be able to change the variable in that hidden input and be anyone he wants to be. Link to comment https://forums.phpfreaks.com/topic/274218-quick-question-about-session-variables-posting-through-php-form/#findComment-1411070 Share on other sites More sharing options...
jdlev Posted February 8, 2013 Author Share Posted February 8, 2013 Crap! When the user submits information in the form, it goes to a universal database of all accounts. So I send the account number session variable in with the form data to be sorted later. Any suggestions on making it more secure? I could make it so the username associated with an account HAS to match the acct number in order to run the query to update/edit/delete records I guess? Then, even if they could change their acct number in firebug, they couldn't change their username beause they wouldn't know the password to log in with? Thanks for your help daveyk Link to comment https://forums.phpfreaks.com/topic/274218-quick-question-about-session-variables-posting-through-php-form/#findComment-1411098 Share on other sites More sharing options...
DaveyK Posted February 8, 2013 Share Posted February 8, 2013 can you post the form file? Link to comment https://forums.phpfreaks.com/topic/274218-quick-question-about-session-variables-posting-through-php-form/#findComment-1411108 Share on other sites More sharing options...
jdlev Posted February 8, 2013 Author Share Posted February 8, 2013 Ok...let's head in a different direction. I'm able to view all records associated with a username, and only that username. Here's what I want to do now. I want to give the user two options. I want to allow them to select one of the records and update or delete it. How would I do that? Do I need to create a unique ID for each funeral event? I assume that's the case. Then maybe just bind the checkbox that is created dynamically to the event ID? Person clicks submit, and the browser sends them to the next page where they can update their fields? Link to comment https://forums.phpfreaks.com/topic/274218-quick-question-about-session-variables-posting-through-php-form/#findComment-1411151 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.