Link error

petenyce102

I have a html login form. Now when the user logs in it displays a member area with a link thats says display your coverage. Now im having aproblem. im trying to get the username and compare it against the database. So if joe smith logs in and clicks the link he will only see his information???? the error is saying page cant be displayed becuase it isnt readin the mem id

<?
$searchtype =$HTTP_POST_VARS['name'];
$conn = mysql_connect("localhost","Admin"."Admin");
mysql_select_db("test",$conn);
$sql= "select * from info where EHPID = '".$searchtype."' ";
$result=mysqli_query($sql,$conn) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)){
$mem = $row['EHPID'];
print "<td width=\"80\">
<a href=\"info.php?EHPID=$mem \"><font size=\"2\">More Details</a></td>\n";
}
?>

thanks

AstroTeg

You're attempting to get the user name from the POST vars which if you do a phpinfo(), you'll probably find you never populate the POST vars because you're using a link. A link does NOT perform a POST. A link does a GET to the server. So you could pass the user name on the URL and retrieve it by using GET. But as you will find, that isn't secure at all (all I'd have to do is modify the URL when it comes up with someone else's name and I'm in as them).

If you wish to keep using post, you'll need to setup a form, populate the data in a hidden field(s), and have the link issue a javascript form.submit(). This is a bit clunky. Another approach would be to use cookies (not all that recommended) or sessions (a little better).