Dynamic URL Redirecting

Php_Beginner2

Hi there,

I have a student database system and I am currently adding a simple discussion forum into it. I have no problem to add a link which connected to the forum, but having difficulty to link the forum back to the home page. The system flow is like this; Users login their account and there will be the home page which showing the main menu and their basic info. From the main menu, there is a tab for the forum. At this stage, there is no problem occur. Problem occurred when I redirecting the forum to the home page, it is an empty page which is not the original home page.

Usual home page: URL=http://localhost/Mentor Mentee System/test.php?student_id=12345
Image:
http://img269.imageshack.us/img269/8664/newpicture1pm.jpg

[After redirecting back from forum] Empty home page: URL = http://localhost/Mentor Mentee System/test.php?student_id=

Image:
http://img507.imageshack.us/img507/593/newpicturee.jpg

I need the URL to be "http://localhost/Mentor Mentee System/test.php?student_id=12345" after redirecting from forum.
What can I do to correct that? Please advice.

dalecosp

The usual course of action is to use PHP sessions; alternatively, cookies.

Here's the friendly manual.

Basically, you invoke a session at the top of any page where you need access to the session data:

session_start();
$_SESSION['student_id']=$somevar;

On the Forum pages, the link back would be something like:

session_start();
$link="http://localhost/Mentor Mentee System/test.php?student_id=".$_SESSION['student_id'];
echo "<a href='$link'>Click here</a>";

HTH,

johanafm

dalecosp;10996316 wrote:
The usual course of action is to use PHP sessions;
"System/test.php?student_id=".$_SESSION['student_id'];
echo "<a href='$link'>Click here</a>";

Which you don't actually do here. There is absolutely no reason to pass a session variable around in any way at all, since it will allready be accesible from each and every page for that session, until the session no longer exists which means that session variable will no longer be available anywhere.

Here, you give the user the option to alter their session id, which also seem to correspond to a student id in some database. Thus, if you were ever to use the user supplied query string parameter student_id, you would have to first check if it's the same as in $_SESSION (otherwise send them back to login page), which obviously means that you might just as well use the session variable to begin with.

Moreover, cookies can also be created and altered client side. Cookies are nothing more than http headers in the end. So if you hand out session ids matching student ids, it's easy to "guess" someone elses id, and keep trying it until someone is logged in.