SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Apr 2012
    Location
    Poole, Dorset, United Kingdom
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Getting Several Variables Into A Session

    Hi All, I've had a look around but not sure if Im doing this all wrong. I am grabbing several id's from the database and using a href link to submit them and update them.
    I don't want the individual ID's displayed so figured I create a session ID for each and pull the ID's out on the other side. I've used a loop to amend $loop to serviceID for each variable value and try to pull it out on the otherside.

    Any help or pointers would be great

    Steve

    **** Create Session Variable ****
    $sessionLoop=0;
    $query = "SELECT serviceName, serviceID FROM tblServices WHERE clientID='".$_SESSION['clientID']."'";
    $result = mysql_query($query,$db);
    while($row = mysql_fetch_array($result))
    {
    $sessionLoop++;
    $serviceName = $row[serviceName];
    $serviceID = $row[serviceID];
    foreach($userData as $key => $value)
    $_SESSION[$key] = $value;
    $_SESSION['serviceID$sessionLoop'] = $serviceID;


    echo("$serviceID<a href='/clientAdmin/booking_wizard2.php?sessionLoop=$sessionLoop'>Edit</a><br>");
    }


    **** Pull Session variable Out ****
    if($sessionLoop!="")
    {
    echo $_SESSION['serviceID$sessionLoop'];
    $query = "UPDATE tblServices SET serviceName='' WHERE clientID='".$_SESSION['clientID']."' AND serviceID='".$_SESSION['serviceID$sessionLoop']."'";
    mysql_query($query,$db);
    }
    echo $query;

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    So...out of confusion how does using a "$sessionLoop" number versus a User ID make it any more secure? When obviously, the ability to edit is listed on the page why would I care if Fred's ID is 5? What power do I gain by knowing Fred's ID? Once you answer those questions you can drop the complex mess and go back to something simple.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Enthusiast
    Join Date
    Apr 2012
    Location
    Poole, Dorset, United Kingdom
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeh your right they are already logged in under there own client ID so why would they want to sabotage there own system!

    Cheers


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •