Hey guys, I'm sort of new at PHP so bear with me here and I apologize for any mistakes. I'm developing a part of my site that let's the administrator(particularly one person only) edit and delete accounts. The user accounts come from a database table that is populated using the statement below:
<?php
$populateusers = "SELECT * FROM user_info";
$results = mysql_query($populateusers)
or die(mysql_error());
while ($row = mysql_fetch_array($results))
{
$id = $row['id'];
$user = $row['username'];
$email = $row['email'];
$phone = $row['phone'];
$fax = $row['fax'];
$address = $row['address'];
$city = $row['city'];
$state = $row['state'];
$zip = $row['zip'];
$datarow = array(
"id"=>$id,
"user"=>$user,
"email"=>$email,
"phone"=>$phone,
"fax"=>$fax,
"address"=>$address,
"city"=>$city,
"state"=>$state,
"zip"=>$zip);
$objclsAdminEdit->CreateTableRow($datarow);
}//end of while
?>
Datarow is simply going to be an array that holds a database value generated from the $row variable. It will be actually put into use here at the CreateTableRow. CreateTableRow function generates an html table with the populated sql data.
function CreateTableRow($datarow)
{
$_SESSION['objid'] = $datarow['id'];
$row =
<<<ROW
<tr>
<td>
<form method="post" action="frmedituser.php>
<input type= "submit" name="submit" value = "Edit">
</form>
</td>
<td>
<form method="post" action="deleteuserrecord.php">
<input type = "submit" name="submit" value = "Delete">
</form>
</td>
<td>$datarow[user]</td>
</tr>
ROW;
echo $row;
}//END OF FUNCTION
The value of datarow is simply dumped into a table and, because the createrow function is called while the sql data is being looped through, it generates different values of datarow.
Okay, now here's the problem. I want to take the user to a form editing page when he clicks the "Edit" button. The link is "frmedituser.php." The problem is getting the datarow values to the form securely. I originally did this through a $GET by sending the data straight through the urlencode, but I then realized this was a huge security issue! I tried $POST using hidden forms but also discovered that this value was not really "hidden" from anyone who can click a view, page source. So I turned to sessions, and here is where I have reached my problem.
I can send the session info to the frmedituser page, but when I try to place the value of the session into a textbox, it only gives me the last value of $datarow generated during the loop. For instance, say the administrator clicked id "4" to edit. When he is taken to the frmedituser page, the last value, let's say a 10, is generated. That is not the user id I want. How can I get this value? Sorry this is a little complicated. Any help would be tremendous and appreciated!
