LangKampo Posted February 3, 2015 Share Posted February 3, 2015 I'm terrible at getting my question clear, but this is my last try.I got this which gets sent when clicking the button; echo"Auto/Prijs<br><br><select name='autos'>"; echo"<br><br>"; $sql = "SELECT `garage`.`id`, `car_id`, `schade`, `naam`, `prijs` FROM `garage` LEFT JOIN `cars` ON (`garage`.`car_id` = `cars`.`id`) WHERE `user_id`=".ID." ORDER BY `id` ASC LIMIT ".($page * 10).", 10"; $sql = mysql_query($sql) or die(mysql_error()); $i = 1; while($res = mysql_fetch_assoc($sql)){ echo" <option value='".$res['car_id']."'>".$res['naam']."</option><br> "; This is a dropdown, showing carnames instead of car_id's.Now, the car_id is not unique, but refers to a car. The 'id' in the 'garage' table IS unique. Am I able to like call the 'id' too, and on sending check if that ID is actually the sent 'car_id'? Because, you can tamper the sent car_id and simply change it.This happens on sending: if(isset($_POST['start'])){ $prijs = $_POST['prijs']; $carr = $_POST['autos']; $sql = mysql_query("SELECT `id` FROM `automarkt` WHERE `seller_id`=".ID." LIMIT 1") or die(mysql_error()); mysql_query("INSERT INTO `automarkt`(`seller_id`, `prijs`, `car_id`) VALUES (".ID.", ".$prijs.", ".$carr.")") or die(mysql_error()); I'm out of idea's, and can't get clear enough on what I need to do. I need to check if the sent car_id is actually in the 'user''s garage. (Trying to do it by checking the unique entry 'id' in the 'garage' table. Quote Link to comment https://forums.phpfreaks.com/topic/294336-checking-data-before-sending/ Share on other sites More sharing options...
LangKampo Posted February 3, 2015 Author Share Posted February 3, 2015 (edited) ---------------------------------------------------------------- Fixed it by matching rows. $sql = mysql_query("SELECT `id` FROM `garage` WHERE `car_id`=".$carr." AND `user_id`=".ID) or die(mysql_error()); } elseif(mysql_num_rows($sql) == 0){ $msgs = bad("x"); Edited February 3, 2015 by LangKampo Quote Link to comment https://forums.phpfreaks.com/topic/294336-checking-data-before-sending/#findComment-1504732 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.