Geek asks and answers

Moving mysql information from one page to another in PHP

I have the following code in view.php, I would like to pass the information to edit.php without compromising security or show what is contained in the variables. edit.php has a form for editing information from a database.

    while ($row = mysql_fetch_assoc($result))
    {
        echo "<a href=\"edit_employee.php?$row[employee_id_passport]\">" . $row['first_name'] ." " . $row['surname'] . "</a>";

        echo "<br />";
    }
+3
source share
5 answers

You are already compromising security — see SQL injection strings and escape strings.

In addition, it is common practice to include other application modules that require (see functions require_once()and require()). It alone is not a security vulnerability, but it does cover all global variables, functions, and classes for this script.

, (. unset()) , , , .

, , . PHP .

EDIT:

, . encapsulation, , .

+3

, SQL- :

 $first_name = $_POST['first_name'];
 $sql_query = "SELECT  * FROM employee_master  WHERE first_name = '$first_name'";
 $result = mysql_query($sql_query, $connection);

:

 $first_name = mysql_real_escape_string( $_POST['first_name']);
 $sql_query = "SELECT  * FROM employee_master  WHERE first_name = '$first_name'";
 $result = mysql_query($sql_query, $connection);
0

(, - , ), md5 .

while($row = mysql_fetch_assoc($res))
{
echo "<a href=\"edit_employee.php?chksum=$row['md5']\">" . $row['first_name'] ." $row['surname'] . "</a>";
}

edit.php .

, dob . .

0

1: . , , . - .

2: SESSION

0
$first_name = mysql_real_escape_string( $_POST['first_name']);

session_start();
$_SESSION['loggedin'] = true;
$_SESSION['first_name'] = $first_name;

, . :

$_SESSION['surname'] = $row['surname'];


if ($_SESSION['loggedin'] == true) {
    echo "Welcome $_SESSION['first_name'] $_SESSION['surname']!";
}
0
source

More articles:


All Articles