How to set session variable after user clicks hyperlink

Ocean_Breeze · March 6, 2010, 9:32pm

MySQL server version 4.1.14
PHP version 4.3.11
phpMyAdmin 2.11.9.6

I’ve been helped so much already by reading other’s posts and answers to a few of my own questions on this forum. I want to start by saying thank you!

I’ve come a long way and have things working as intended…almost!

The scenario:
A client logs in. If successful, the client is sent to a page that lists their projects. The projects are listed with a hyperlink. The hyperlink contains two variables: client name and project_id

<a href="[www.website.com]' . $row['project_id'] .'&client=' .$u .'"> ' .$row['project_name'] . ' </a>

project_id is obtained from the database query and $u is the username obtained from the session variable set at login. After clicking the hyperlink, the client is taken to a page that lists the documents associated with that project.

It all works, which was a big celebration! However… I noticed that if I change the project_id number in the hyperlink, the page updates with the documents pertaining to that project, even if they don’t belong to that client! Yikes! But, if I change the client name, nothing happens. Is that because the client name was pulled from the session variable?

What I need is a way to limit each client to only viewing those projects and documents that belong to them.

I thought maybe I could set a session variable when the user clicks on the hyperlink (thereby choosing a project), but am not sure how to pull that off!

I would really appreciate any nudges in the right direction I could get. It was disappointing to think I was almost finished, only to discover this. But then, better now than when live!

Here’s my code for the projects page where the client is presented with a list of projects.

<?php
session_start(); //start the session
if (!isset($_SESSION['username'] ))
	{ header('location: index.php');
	}  else
	{	$section="client-center"; 
		include("../includes/client-section-header.inc.php"); 
		include("../includes/section-navigation.inc.php"); 	
		include("../includes/client-pagetitle.inc.php"); 
		$uploads_dir = 'http://www.peerengineering.com/admin/uploads/';
		$u = ($_SESSION['username']);
		$page_title = "$u";
require_once ('mysql_connect.php'); // Connect to the db.

//get client name
$q = 'SELECT  client_name, username FROM clients '; 	// Make the query
$r = @mysql_query ($q, $link); // Run the query.
if ($r) // ran OK,
{ while ($row = mysql_fetch_array($r, MYSQL_ASSOC)) 
	{	if ($u==$row['username']) 
	  {$cn = $row['client_name'];}
	} 			
mysql_free_result ($r); // Free up the resources.	
} // End of if ($r) - get client name
}
echo '<div id="content"> 
	<div id="subleft">';
echo "<h1>$cn</h1>"; // Page header
// Make the query:
$q = 'SELECT  project_name, username, project_id FROM projects LEFT JOIN clients ON projects.client_id = clients.client_id ORDER BY username ASC, project_name ASC'; 	
$r = @mysql_query ($q, $link); // Run the query.

if (!r) //could not run query
	{echo "could not successfully run query ($r) from database:  " . mysql_error();
	}
elseif (mysql_num_rows($r) == 0) //no data
	{echo "There are no documents in the database.";
	}
elseif ($r) // ran OK,
{ 	
	echo '<table summary="A listing of the client\\'s documents">
	<thead><tr>	
		<th scope="col" class="col_title">Project</th>
		</tr></thead>';
	while ($row = mysql_fetch_array($r, MYSQL_ASSOC)) {
	 $bg = ($bg=='#dodcbc' ? '#eff3e9' : '#dodcbc'); //switch the bg color
	  if ($u==$row['username']) 
	  {	echo '<tr bgcolor="' .$bg . '"><td><a href="[www.website.com]' . $row['project_id'] .'&client=' .$u .'"> ' .$row['project_name'] . ' </a></td></tr>';
	  }							
	} 			
	echo '</table>'; // Close the table.
	mysql_free_result ($r); // Free up the resources.	
} 
else { echo '<p class="error">The current users could not be retrieved. We apologize for any inconvenience.</p>';// Public message
		echo '<p>' . mysql_error($link) . '<br />Query: ' . $q . '</p>';// Debugging message
	
} // End of if ($r) IF.
mysql_close($link); // Close the database connection.
?>
</div>
	<div id="subright">
		<div id="sidebar">
		<p>If you have any questions about your project, please don’t hesitate to contact your project manager. We’re here to help!</p>
		</div>
	</div>
</div>
<?php
include("../includes/footer.inc.php"); 
?>
</div>
</body>
</html>

And the code for the subsequent page that lists the documents associated with that project.


<?php
session_start(); //start the session

if (!isset($_SESSION['username'] ))
	{ header('location: index.php');
	}  else
	{	$section="client-center"; 
		$page_title = 'Client Page';
		include("../includes/client-section-header.inc.php"); 
		include("../includes/section-navigation.inc.php"); 	
		include("../includes/client-pagetitle.inc.php"); 
		$pid = (int)$_REQUEST['proj'];
		$u = ($_SESSION['username']);
		$client = $_GET['client'];
		
require_once ('mysql_connect.php'); // Connect to the db.

//get client name
		$q = 'SELECT  client_name, username FROM clients '; 	// Make the query
		$r = @mysql_query ($q, $link); // Run the query.
		if ($r) // ran OK,
		{ while ($row = mysql_fetch_array($r, MYSQL_ASSOC)) 
			{	if ($u==$row['username']) 
			  {$cn = $row['client_name'];}
			} 			
		mysql_free_result ($r); // Free up the resources.	
		} // End of if ($r) IF get client name.

//get project name
		$q = 'SELECT  project_name, project_id FROM projects'; 	// Make the query
		$r = @mysql_query ($q, $link); // Run the query.
		if ($r) // ran OK,
		{ while ($row = mysql_fetch_array($r, MYSQL_BOTH)) 
			{	if ($pid==(int)$row['project_id']) 
			  {$pn = $row['project_name'];}
			} 	
		$proj=(int)$pid;		
		mysql_free_result ($r); // Free up the resources.	
		} // End of if ($r) IF get project name.
	} //end of if(isset($_SESSION[
?>	
	
<div id="content"> 
	<div id="content-fullwidth">
	
<?php 
echo "<h1>$cn</h1>"; // Page header	
?>

<?php
//require_once ('mysql_connect.php'); // Connect to the db.
$first=TRUE;
$q = "SELECT project_name, projects.project_id, document_name, document_type, document_size, date_uploaded, filename FROM documents LEFT JOIN projects ON documents.project_id = projects.project_id WHERE documents.project_id = '$proj' ORDER BY project_name ASC, document_name ASC, date_last_modified DESC";  	
$r = @mysql_query ($q, $link); // Run the query.
		while ($row = mysql_fetch_array($r, MYSQL_ASSOC)) {
			if ($first) {
					echo "<h2>Project Name: $pn</h2>";
					echo '<table summary="A listing of the project documents">
					<thead><tr>	
					<th scope="col" class="col_title">Title</th>
					<th scope="col" class="col_type">Type</th>
					<th scope="col" class="col_size">Size (KB)</th>
					<th scope="col" class="col_date">Date Uploaded</th>
					</tr></thead>';
					$first=FALSE;
					}//end of $first IF
			$bg = ($bg=='#dodcbc' ? '#eff3e9' : '#dodcbc'); //switch the bg color
			echo '<tr bgcolor="' .$bg . '">
					<td><a href="[www.website.com]' . $row['filename'] .'"> ' . $row['document_name'] . ' </a></td>
					<td>' . $row['document_type'] . '</td>
					<td>' . $row['document_size'] . '</td>
					<td>' . $row['date_uploaded'] . '</td>
					</tr>';	
				} 	// end of WHILE loop	
				if ($first) {
					echo '<div align="center">There are no documents for this project.</div>';}
					else {
			echo '</table>
					<p>Right-click to download the file or click to view in your browser.</p>';}
mysql_free_result ($r); // Free up the resources.	
mysql_close($link); // Close the database connection.
echo '</div></div>';
include("../includes/footer.inc.php"); 
?>
</div>
</body>
</html>

Again, thanks in advance for taking your time to help me. I really appreciate it.

system · March 6, 2010, 9:44pm

How to set session variable after user clicks hyperlink

you don’t need it.
just add another condition to your SQL query to limit project list with allowed user only.

AlienDev · March 6, 2010, 9:51pm

Forget your session problem. Upgrade your PHP ASAP. MySQL too. Seriously, I haven’t heard of anyone using PHP 4.3 in 4+ years. You have to upgrade both of those right now.

Ocean_Breeze · March 6, 2010, 9:56pm

Wish I could!!! The client is using web hosting with a company that has these versions.

SpacePhoenix · March 6, 2010, 10:25pm

//get client name
        $q = 'SELECT  client_name, username FROM clients ';     // Make the query
        $r = @mysql_query ($q, $link); // Run the query.
        if ($r) // ran OK,
        { while ($row = mysql_fetch_array($r, MYSQL_ASSOC))
            {   if ($u==$row['username'])
              {$cn = $row['client_name'];}
            }      
        mysql_free_result ($r); // Free up the resources.   
        } // End of if ($r) IF get client name.
 
//get project name
        $q = 'SELECT  project_name, project_id FROM projects';  // Make the query
        $r = @mysql_query ($q, $link); // Run the query.
        if ($r) // ran OK,
        { while ($row = mysql_fetch_array($r, MYSQL_BOTH))
            {   if ($pid==(int)$row['project_id'])
              {$pn = $row['project_name'];}
            }  
        $proj=(int)$pid;       
        mysql_free_result ($r); // Free up the resources.   
        } // End of if ($r) IF get project name.
    } //end of if(isset($_SESSION[

If your trying to get a list of projects for a given client, have you considered using a join query? Do you have a “linking” table between the projects and clients tables which records which records what projects are associated with a client?

Ocean_Breeze · March 7, 2010, 5:54pm

Perfect!!

Now when you change the project number in the URL the projects aren’t listed. However, it does list the project name that I’ve defined outside of the query. I’m on to figure that out now. I’ll be back if I get stumped. But, as you’ve said in other posts, much better to teach me to fish than give me a fish!

Thanks so much for taking your time to help me–I appreciate it.

Cheers!

Ocean_Breeze · March 7, 2010, 6:01pm

SpacePhoenix:

//get client name
        $q = 'SELECT  client_name, username FROM clients ';     // Make the query
        $r = @mysql_query ($q, $link); // Run the query.
        if ($r) // ran OK,
        { while ($row = mysql_fetch_array($r, MYSQL_ASSOC))
            {   if ($u==$row['username'])
              {$cn = $row['client_name'];}
            }      
        mysql_free_result ($r); // Free up the resources.   
        } // End of if ($r) IF get client name.
 
//get project name
        $q = 'SELECT  project_name, project_id FROM projects';  // Make the query
        $r = @mysql_query ($q, $link); // Run the query.
        if ($r) // ran OK,
        { while ($row = mysql_fetch_array($r, MYSQL_BOTH))
            {   if ($pid==(int)$row['project_id'])
              {$pn = $row['project_name'];}
            }  
        $proj=(int)$pid;       
        mysql_free_result ($r); // Free up the resources.   
        } // End of if ($r) IF get project name.
    } //end of if(isset($_SESSION[

If your trying to get a list of projects for a given client, have you considered using a join query? Do you have a “linking” table between the projects and clients tables which records which records what projects are associated with a client?

Actually, the bit of code you quoted was only used to get the project name to use as a header. Probably not a very efficient way of doing so, but it worked for my newbie mind. I’ve since figured out that I don’t need to do it this way. I’m passing the client name variables in the session. I’m working on getting the project name another way as well.

I do use a join later on where I’m pulling the projects.

// Make the query:
$q = 'SELECT  project_name, username, project_id FROM projects LEFT JOIN clients ON projects.client_id = clients.client_id ORDER BY username ASC, project_name ASC';    
$r = @mysql_query ($q, $link); // Run the query.

The clients table has a client_id which is a foreign key in the projects table.

Thanks for taking your time to take a look at my problem. I appreciate your help.

Cheers!

Topic		Replies	Views
Set Session Variables within a Hyperlink PHP	9	19699	August 3, 2010
Passing session variable through herf PHP	10	12235	October 8, 2014
Web-application related to session PHP session	22	4439	June 21, 2019
Problems with PHP Sessions PHP	9	928	October 8, 2014
Session Help PHP	5	125	March 6, 2010

How to set session variable after user clicks hyperlink

Related topics