Jump to content

Checking data before sending


LangKampo

Recommended Posts

I'm terrible at getting my question clear, but this is my last try.
I got this which gets sent when clicking the button;
 

                    echo"Auto/Prijs<br><br><select name='autos'>";
                echo"<br><br>";
                        
                $sql = "SELECT `garage`.`id`, `car_id`, `schade`, `naam`, `prijs` FROM `garage` LEFT JOIN `cars` ON (`garage`.`car_id` = `cars`.`id`) WHERE `user_id`=".ID." ORDER BY `id` ASC LIMIT ".($page * 10).", 10";
    $sql = mysql_query($sql) or die(mysql_error());
        $i = 1;
    while($res = mysql_fetch_assoc($sql)){
        echo"
        
    
    <option value='".$res['car_id']."'>".$res['naam']."</option><br>
        ";

This is a dropdown, showing carnames instead of car_id's.
Now, the car_id is not unique, but refers to a car. The 'id' in the 'garage' table IS unique. Am I able to like call the 'id' too, and on sending check if that ID is actually the sent 'car_id'? Because, you can tamper the sent car_id and simply change it.

This happens on sending:

    if(isset($_POST['start'])){
    $prijs = $_POST['prijs'];
    $carr = $_POST['autos'];
    $sql = mysql_query("SELECT `id` FROM `automarkt` WHERE `seller_id`=".ID." LIMIT 1") or die(mysql_error());
    mysql_query("INSERT INTO `automarkt`(`seller_id`, `prijs`, `car_id`) VALUES (".ID.", ".$prijs.", ".$carr.")") or die(mysql_error());

I'm out of idea's, and can't get clear enough on what I need to do. I need to check if the sent car_id is actually in the 'user''s garage. (Trying to do it by checking the unique entry 'id' in the 'garage' table.

Link to comment
https://forums.phpfreaks.com/topic/294336-checking-data-before-sending/
Share on other sites

----------------------------------------------------------------

Fixed it by matching rows.
 

    $sql = mysql_query("SELECT `id` FROM `garage` WHERE `car_id`=".$carr." AND `user_id`=".ID) or die(mysql_error());

    } elseif(mysql_num_rows($sql) == 0){
            $msgs = bad("x");

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.