Using session variable instead of GET method

Hi all.

I am just practicing and learner to php. I am creating a page (following a youtube tutorial) to create and show users. Now i am adding links to modify and delete users (also show on that tutorial). This is my index.php file



<?php session_start();
include ‘connection.php’ ;
$query = ‘select * from people’ ;

$result = mysql_query($query);

while ($person = mysql_fetch_array($result)) {
echo $person[‘name’] ;
echo “<br />” ;
echo $person[‘description’] . “<br />”;

[B]echo "&lt;a href=\\"modify.php?id=" . $person['id'] . "\\"&gt;Modify User&lt;/a&gt;" ;
echo "&lt;span&gt; &lt;/span&gt;" ;
echo "&lt;a href=\\"delete.php?id=" . $person['id'] . "\\"&gt;Delete User&lt;/a&gt;" ;
echo "&lt;br /&gt;" ;



<h1>Create A User </h1>
<form action = “create.php” method = “post” >
Name:<input type = “text” name = “inputname” value=“” />
Description:<input type = “text” name = “inputdesc” value=“” />
<br />
<input type = “submit” name = “submit” />


Kindly see the bolded lines. If i dont want to use get method to pass the id values, how can i use session variable to do it ?

kindly guide me what i need to put in place of these bolded lines

to set a session key all you have to do is

[B]$_SESSION['uid'] = $person['id'][/B]

but this is no more secure than the above. Session data can be read and high-jacked just as easily with a url. You do how ever have a few options such as hashing, encryption or just use a hidden form field and POST with proper validation.

But sir in previous case, individual <a href> were able to identify unique users. How can i do so with session variable ?

In my above code, user jeff will have its own modify/delete link, user bob will have its own. How can i achieve the same using session ? please a piece of code will be really helpful here

Thanks alot sir

You cannot do this with sessions.

By clicking a link to modify a user, you utilise GET to tell your code which one was clicked. You’ll notice that, when you look at the HTML output, it’s written on each individual link.

When you set a session value, it’s all done on the server. Which button is clicked has nothing to do with it. It is not $_SESSION’s job to interact with the page, it’s just not the right tool for the job.

What are you trying to achieve? Using $_SESSION for something like this would surely be a step towards solving a problem, but I can assure you it’s the wrong step. What is the problem you are trying to solve?

Jake’s answer is correct sessions is not your answer to your problem. Your options really entail using a click event and ajax in Javascript/Jquery etc… and post the id and validate… or just using a basic form submit and pass the id with a hidden form field and the ID as the default value and then validate. Your really only have 2 options when passing the data from client side to server side. GET and POST.

Sounds like what you are actually after is HTTPS which will encrypt all the data when it is sent between the browser and the server.

Thanks alot all for solving my confusion. Basically what i wanted to do was, to display all the users in my database and providing the links to modify and delete them individually. For this reason i asked this.

Thanks alot again