Using session variable instead of GET method

[amer99]

Hi all.

I am just practicing and learner to php. I am creating a page (following a youtube tutorial) to create and show users. Now i am adding links to modify and delete users (also show on that tutorial). This is my index.php file

<html>

<body>


<?php session_start();
include 'connection.php' ;
$query = 'select * from people' ;

$result = mysql_query($query);

while ($person = mysql_fetch_array($result)) {
echo $person['name'] ;
echo "<br />" ;
echo $person['description'] . "<br />";

echo "<a href=\"modify.php?id=" . $person['id'] . "\">Modify User</a>" ;
echo "<span> </span>" ;
echo "<a href=\"delete.php?id=" . $person['id'] . "\">Delete User</a>" ;

echo "<br />" ;
}

?>

<h1>Create A User </h1>
<form action = "create.php" method = "post" >
Nameinput type = "text" name = "inputname" value="" />
Descriptioninput type = "text" name = "inputdesc" value="" />
<br />
<input type = "submit" name = "submit" />
</form>

</body>
</html>

Kindly see the bolded lines. If i dont want to use get method to pass the id values, how can i use session variable to do it ?

kindly guide me what i need to put in place of these bolded lines

[jgetner]

to set a session key all you have to do is

Code:

$_SESSION['uid'] = $person['id']

but this is no more secure than the above. Session data can be read and high-jacked just as easily with a url. You do how ever have a few options such as hashing, encryption or just use a hidden form field and POST with proper validation.

[amer99]

But sir in previous case, individual <a href> were able to identify unique users. How can i do so with session variable ?

In my above code, user jeff will have its own modify/delete link, user bob will have its own. How can i achieve the same using session ? please a piece of code will be really helpful here

Thanks alot sir

[Jake Arkinstall]

You cannot do this with sessions.

By clicking a link to modify a user, you utilise GET to tell your code which one was clicked. You'll notice that, when you look at the HTML output, it's written on each individual link.

When you set a session value, it's all done on the server. Which button is clicked has nothing to do with it. It is not $_SESSION's job to interact with the page, it's just not the right tool for the job.

What are you trying to achieve? Using $_SESSION for something like this would surely be a step towards solving a problem, but I can assure you it's the wrong step. What is the problem you are trying to solve?

[jgetner]

Jake's answer is correct sessions is not your answer to your problem. Your options really entail using a click event and ajax in Javascript/Jquery etc... and post the id and validate.. or just using a basic form submit and pass the id with a hidden form field and the ID as the default value and then validate. Your really only have 2 options when passing the data from client side to server side. GET and POST.

[felgall]

Sounds like what you are actually after is HTTPS which will encrypt all the data when it is sent between the browser and the server.

[amer99]

Thanks alot all for solving my confusion. Basically what i wanted to do was, to display all the users in my database and providing the links to modify and delete them individually. For this reason i asked this.

Thanks alot again