Reputation: 77
how to turn a php session into a usable variable
i have created a site were i have 2 tables on a database. the first page has 2 links which when clicked sends the name of the link to a php session. it then takes you to a page were its meant to view ether one of the databases based on the data that has been saved In the php session.
what i am trying to achieve is to have those links open up the table inside that file that will open up when the link is clicked. i don't want to make a new .php file for every table since i want to be able to simply add and access those tables on one document but not more then one.
that is my problem. on that document were it sends me to access the table from my database i want to access in variable (code below). the code below will explain what i need to know.
this is the code which i view the data in my table
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "myDB";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, firstname, lastname FROM tablenamehere ORDER BY id DESC LIMIT 500";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<p>". $row["firstname"]. " " . $row["lastname"] . "</p>";
}
} else {
echo "0 results";
}
$conn->close();
> the code below is were i want to have the variable that has the name of the link i clicked on the page which gets redirected to this when the link is clicked. the variable that i gather from the php session i want to appear at the tablenamehere text.
$sql = "SELECT id, firstname, lastname FROM tablenamehere ORDER BY id DESC LIMIT 500";
$result = $conn->query($sql);
the code i have so far which creates the php session but is not connected to links yet are below.
<html>
<body>
<a href="test1.php?a=newtable">Register Now!</a>
</body>
</html>
<?php
session_start();
?>
<?php
if(isset($_GET['a'])){
$_SESSION['link']=$_GET['a'];
}
echo "the veriable is " . $_SESSION['link'] . "<br>";
i only want multiple tables to open up in this one php file. thank you for helping, any questions please message below.
Upvotes: 1
Views: 117
Answers (2)
Reputation: 1680
My guess: the script that accesses the database is test1.php. The link adds already the call parameter a (=newtable):
<a href="test1.php?a=newtable">Register Now!</a>
The script test1.php could honor this $_GET parameter like you do when setting the $_SESSION parameter. The modification of your code would then look like this:
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "myDB";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Get and sanitize table name
$tablename = $conn->real_escape_string($_GET['a']);
$sql = "SELECT id, firstname, lastname FROM $tablename ORDER BY id DESC LIMIT 500";
$result = $conn->query($sql);
// ....
Notes:
- In my example I assume that all tables are handled the same way. Of course, you could differentiate code based on the value of
$tablename. - You most probably would not need a
$_SESSIONvariable. - If, for any reason you must use a
$_SESSIONvariable$_GET['a']obviously should be overwritten by$_SESSION['link']or vice-versa. For security reasons, do not forget to sanitize the input parameter
$_GET['a']!
Upvotes: 1
Reputation: 94662
If we can assume you are passing a table name as a parameter ( bit dangerous ) then you can do this
<?php
if(isset($_GET['a'])){
$_SESSION['link']=$_GET['a'];
}
$sql = "SELECT id, firstname, lastname
FROM {$_SESSION['link']}
ORDER BY id
DESC LIMIT 500";
But a better way might be to pass an indicator to the table you want to use. This way you are not passing a real table name around in the ether for people to see
if(isset($_GET['a'])){
$_SESSION['link']=$_GET['a'];
}
switch ($_SESSION['link']) {
case : 'a'
$tbl_name = 'table1';
break;
case : 'b'
$tbl_name = 'table2';
break;
default:
$tbl_name = 'default_table';
}
$sql = "SELECT id, firstname, lastname
FROM $tbl_name
ORDER BY id
DESC LIMIT 500";
Upvotes: 2
Related Questions
- How can I prevent SQL injection in PHP?
- How to move an element into another element
- How do you parse and process HTML/XML in PHP?
- How to insert an item into an array at a specific index?
- How do you use a variable in a regular expression?
- How do I expire a PHP session after 30 minutes?
- How can I do 'insert if not exists' in MySQL?
- How can I determine if a variable is 'undefined' or 'null'?
- How does PHP 'foreach' actually work?
- How do I get PHP errors to display?