Pass value of a variable to multi pages

Anon

I need to pass the value of a variable to multi pages. I am taking the input from the user through a form and storing values in a variable $social. If this social matches with the socials in the database then the user is given links to say 5 different pages.

Now my problem is to pass the value of the variable to all these pages so that when i click the link, and the respective page opens, the social is passed to these pages and the data for that social is shown.

I cannot use something like
<a href=\"something.php?social=$social\">
because then the social will be visible in the url which i dont want for security purposes.

I can have a form for all these different pages but it is not a user friendly way to make the user enter the social whenever he goes to that particular page.

Plesae Help

Thanks
Nikhil Dighe

Anon

Let me add one more thing.

My form is only the first page wherein i take the input of his social from the user.

From then onwards all the pages are normal webpages showing the data by the use of a query. These pages are not forms. If i am not wrong that means i cannot use a "hidden input field".

jcornett

I've run into this one plenty of times. 🙂

The way I solved it (I'm sure there are multiple ways) is to pass the auto-increment field id and a MD5 hash of the number to each page. On the top of each page, just pull that ID from the database, hash the number and see if it matches the one passed in the query string.

Might sound a bit confusing, so I've included some code below:

/ This is your initial page /
$social = MD5($row[social]); // $row[social] is the number as pulled from the database
$ident = $row[id]; // This is the autonumber field from the database

echo "<a href='my_page.php?social=$social&ident=$ident'>To the page</a>\n";

===========================
/ Now the code at the top of the other pages /
// Connect to database code goes here
$result = @("SELECT ident, password from <table name> where id='$HTTP_GET_VARS[ident]'"); // Grab the info from the DB based on the ident variable
$num = @mysql_num_rows($result); // How many rows were returned??? (0 means no match)
If ($num) {
$row = @mysql_fetch_array($result); // Put the data into the $row array
$check_social = MD5($row[social]); // Create the hash to check against the one passed to the page
If ($check_social != $HTTP_GET_VARS[$social]) {
Header("Location: nice_try.php?status=go+away");
} // End of check_social
} else {
/ No rows were returned from the query /
Header("Location: nice_try.php?status=go+away");
}

Hope this helps... Feel free to e-mail with any questions.

John Cornett

jcornett

This line:
$result = @("SELECT ident, password from <table name> where id='$HTTP_GET_VARS[ident]'"); // Grab the info from the DB based on the ident variable

Should read:
$result = @("SELECT id, password from <table name> where id='$HTTP_GET_VARS[ident]'"); // Grab the info from the DB based on the ident variable

Assumes your field name is "id" for the autonumber field. 🙂

John Cornett

Anon

Hi John Cornett

Thanks a lot for the help. I used the md5 function but changed the code a little to suit my needs.

But i have just one problem. The first attempt entering a social and everything's perfect. But now when i enter a different social, it still has the previous social in its memory and doesn't take the new one.

Is there a way in php to kinda kill the variable(like clearing the memory or something) and then when redirected to the login page again, allow a different input from the user. Right now when i redirect the user to the login page and take a diff social as the input it still has the previous value in the memory. i am sending a part of my code to make things clear.

//in the login page
$id = MD5($row[social]);
and the following link given in the href tag
something.php?iden=$id\

// in the pages to follow
$id_encrp = $HTTP_GET_VARS[iden];
$checksocials = mysql_query("SELECT SSN FROM tablename");
while ($student = mysql_fetch_array($checksocials))
{
while ($match != "true"){
$social = $student["SSN"];
$check_social = MD5($row[social]);
if($id_encrp == $check_social){
$match = "true";
}
else{
//Wrong social
$match = "false";
$social = "";
}
}
}

jcornett

You can use unset to blank out a varible (or set it to '' directly as you have done), but it looks like you are parsing through ALL the SSNs to check for a match... If you also pass the auto_increment value of the table that is associated with that SSN, then you would only have to check 1 value.

This may not be a big deal if you only have a few users, but when you have a lot it probably would be better to also pass the ID (auto_increment value) of that SSN and only pull that value from the database to check against the hash also sent in the query string.

John Cornett

Anon

Hi John Cornett

Thanks for the help

Nikhil