Passing <?=$variable?> to MySql, what's the answer?

Khmer42

I guys, wonder if you can give me a hand as I'm pulling my hair out!
I have a problem with a new client login script that i'm intergrating into an existing page, the script is an include that uses SESSION_START.

After the customer has successivly logged in the variables are passed from the login script like this. e.g:

$email = mysql_result($result,0,'email');

Meaning that the code to diplay the variable into the protected page is,

<?=$email?>

this works fine to display the variable in HTML, but when I remove the '<? ?>' in order to insert the variable in the MySql query, the extra = causes an error.

My problem is that I need to use this variable to connect to a different table in the database, when I try this the variable isn't passed to the MySql query.

dbConnect("hotels");
$sql = "SELECT * FROM customers WHERE
email= '$email' ";
$result = mysql_query($sql);

I've also tried email = '=$email' or email = =$email or '"=$email"' or email ='"=$email"'. :shock:

I'm sure the answer is a simple one, thanks in advance for your help!

cheese

Hi there,

If I understand what you are asking, you want to pass a variable between pages.

This can be done various ways.

if you did something like........

print "<a href=nextpage?thingtopass=" . $email . ">Click here to go somewhere that you want the variable passed to</a>";

This would then pass the variable and you would use $_GET[thingtopass] to use the variable.

You can also used the HTML input option on a form. If you don't want the user to actually see the information you can use type=hidden.

Hope this helps,

Neil.

Khmer42

Thanks cheese, sorry reading that last post back it was kind of unclear.

I have a script witch I use as an include on pages that I want password protected, the problem is the I can pass the variables I get from the login include script to script 2 (the part of the same page that is revealed if the login is successful) in HTML form but I am having trouble using the variable for a MySql query on script 2, this is the code for the script 1, notice the red highlighted sections:

<?php // accesscontrol.php
include_once 'common.php';
include_once 'db.php';

session_start();

$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

if(!isset($uid)) {
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Please Log In for Access </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
  <h1> Login Required </h1>
  <p>You must log in to access this area of the site. If you are
     not a registered user, <a href="signup.php">click here</a>
     to sign up for instant access!</p>
  <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    User ID: <input type="text" name="uid" size="8" /><br />
    Password: <input type="password" name="pwd" SIZE="8" /><br />
    <input type="submit" value="Log in" />
  </form></p>
  </body>
  </html>
  <?php
  exit;
}

$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;

dbConnect("sessions");
$sql = "SELECT * FROM user WHERE
        userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact [email]you@example.com[/email].');
}

if (mysql_num_rows($result) == 0) {
  unset($_SESSION['uid']);
  unset($_SESSION['pwd']);
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Access Denied </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
     registered user on this site. To try logging in again, click
     <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
     access, click <a href="signup.php">here</a>.</p>
  </body>
  </html>
  <?php
  exit;
}

[COLOR=Red]$email = mysql_result($result,0,'email');[/COLOR]?>

Now on script 2 I can call up the variable $email using <?=$email?>, but I can't get this variable to work with the MySql query on script 2, here's the code check the parts in red again:

<?php include 'accesscontrol.php'; 
include_once 'common.php';
include_once 'db.php';

mysql_select_db ("sessions"); 

  {
$query_bookings= "SELECT *
			FROM bookings
			WHERE email = '[COLOR=Red]$email'[/COLOR]";
$results_city = mysql_query($query_bookings) or die(mysql_error());
while ($row_bookings = mysql_fetch_array($results_bookings))
 {
     extract ($row_bookings);
	 echo "$hotel";
	 } 
	 }		
	 ?>?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title> Members Page Only </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
<body>
<p>Welcome, [COLOR=Red]<?=$email?> [/COLOR] <?=$firstname?> <?=$lastname?>! You have entered a members-only area
   of the site.</p>
 body>
</html>

There are probably other errors in the code because I have cut and pasted it from the full code to save you a mile long post, but the problem I need to resolve is passing the $email variable to the MySql query in the second script.

Thanks in advance guys!

Chris