LangKampo Posted February 3, 2015 Share Posted February 3, 2015 I'm terrible at getting my question clear, but this is my last try.I got this which gets sent when clicking the button; echo"Auto/Prijs<br><br><select name='autos'>"; echo"<br><br>"; $sql = "SELECT `garage`.`id`, `car_id`, `schade`, `naam`, `prijs` FROM `garage` LEFT JOIN `cars` ON (`garage`.`car_id` = `cars`.`id`) WHERE `user_id`=".ID." ORDER BY `id` ASC LIMIT ".($page * 10).", 10"; $sql = mysql_query($sql) or die(mysql_error()); $i = 1; while($res = mysql_fetch_assoc($sql)){ echo" <option value='".$res['car_id']."'>".$res['naam']."</option><br> "; This is a dropdown, showing carnames instead of car_id's.Now, the car_id is not unique, but refers to a car. The 'id' in the 'garage' table IS unique. Am I able to like call the 'id' too, and on sending check if that ID is actually the sent 'car_id'? Because, you can tamper the sent car_id and simply change it.This happens on sending: if(isset($_POST['start'])){ $prijs = $_POST['prijs']; $carr = $_POST['autos']; $sql = mysql_query("SELECT `id` FROM `automarkt` WHERE `seller_id`=".ID." LIMIT 1") or die(mysql_error()); mysql_query("INSERT INTO `automarkt`(`seller_id`, `prijs`, `car_id`) VALUES (".ID.", ".$prijs.", ".$carr.")") or die(mysql_error()); I'm out of idea's, and can't get clear enough on what I need to do. I need to check if the sent car_id is actually in the 'user''s garage. (Trying to do it by checking the unique entry 'id' in the 'garage' table. Link to comment https://forums.phpfreaks.com/topic/294336-checking-data-before-sending/ Share on other sites More sharing options...
LangKampo Posted February 3, 2015 Author Share Posted February 3, 2015 ---------------------------------------------------------------- Fixed it by matching rows. $sql = mysql_query("SELECT `id` FROM `garage` WHERE `car_id`=".$carr." AND `user_id`=".ID) or die(mysql_error()); } elseif(mysql_num_rows($sql) == 0){ $msgs = bad("x"); Link to comment https://forums.phpfreaks.com/topic/294336-checking-data-before-sending/#findComment-1504732 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.