CODEWITHSUNDEEP
phpmysql
Springheeled Jack
Springheeled Jack

Reputation: 199

Sending a variable from HTML form

I have a form that has an action sent to create_user.php

The create_user.php deals with the information and INSERT into a mysql table and a header("Location: ../../register/register-2.php"); is sent.

$insertSQL = sprintf("INSERT INTO di_ssenisub (timestamp,
         username,
         password) 

         VALUES (NOW(), %s, %s)",

        GetSQLValueString($username_entry, "text"), 
        GetSQLValueString($hashPass, "text"));

        if (mysqli_query($link, $insertSQL)) {
            header("Location: ../../register/register-2.php");

        } else {
            echo "Error: " . $insertSQL . "<br>" . mysqli_error($link);
        }

        mysqli_close($link);




    }

I want the variables sent to the register-2.php page aswell so I can call everything back from the database table like so.

    require '../scripts/php/db_connect.php';

    $username_check = $_POST['username_entry'];

    if($result = $link->query("SELECT * FROM di_ssenisub WHERE username = '$username_check'")) {

        if($count = $result->num_rows) {

        $rows = $result->fetch_assoc();

    }

}

echo $rows['username'];
echo $rows['password'];
echo $rows['id'];
echo $rows['timestamp'];

The problem is sending the variable to the next page. Can anyone help?

Upvotes: 1

Views: 57

Answers (4)

Quim Calpe
Quim Calpe

Reputation: 124

This could do the trick:

function redirect_post($uri, array $post_data)
{
    $options = [
        'http' => [
            'method' => 'POST',
            'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
            'content' => $post_data
        ]
    ];
    $context = stream_context_create($data)
    return file_get_contents($uri, false, $context);;
}

Warning: Escape yout $username_check = $_POST['username_entry']; on register-2.php

Upvotes: 0

nomistic
nomistic

Reputation: 2952

To send the values to the next page, you have a couple of options. The easiest way is to send the variables through the URL and use $_GET[''] to pick them up on the next page.

for instance, something like this:

echo '<a href = "page2script.php?id='. $rows['id'] . '">next page</a>';

(or you can embed this in your header script instead of a link, which is what you seem to be doing)

and then get it on the next page like so: $id = $_GET['id'];

However a better and much more secure way would be to put those variables into a session, and then you could grab them like so (this is MUCH MUCH safer, as putting ids and user information into GET variables is fairly dangerous and could enable a malicious user (or even just about anyone who was curious) to access another person's data.

$id = $_SESSION['id'];

etc... for all of your variables

Upvotes: 0

Lelio Faieta
Lelio Faieta

Reputation: 6663

if (mysqli_query($link, $insertSQL)) {
    header("Location: ../../register/register-2.php?user=$username_entry&pass=$ashpass");

Change the url this way and then in the register-2 page add:

if(isset($_GET(user)){
    $username_entry = $_GET['username_entry'];
}else{
    $username_entry = '';
}
if(isset($_GET(pass)){
    $hashpass = $_GET['pass'];
}else{
    $hashpass = '';
}

even if I wouldn't send the password to the next page.

Upvotes: 0

Chip Dean
Chip Dean

Reputation: 4302

You can use Sessions to securely store variables on the server between pages.

On the first page:

    session_start();
    $_SESSION['username'] = $username_entry;

And on the second:

session_start();
$username = $_SESSION['username'];

I hope that helps!

Upvotes: 1

Related Questions