SQL/PHP: Calling unique ID

Question

I have made a form page with some radio buttons, text/textarea inputs and a total amount (price) at the end. It is working/possible to input this into a table in MYSQL with a unique ID (AUTO INCREMENT at 100000).

Here is the situation:

When I submit my page i would like to automatically navigate to another page that still holds the "UNIQUE ID" and the "TOTAL AMOUNT (price)" so I could use it there to put it into another variable that i have to use for the redirection to the payment website.

I thought just to read the last entry in my database but what if 2 people are paying at the same time (no option!).

My unique ID is made into the database itself maybe that is my problem?

Is there somebody who could help me and provide me a walktrough?

Ex. My code:

if(isset($_POST['verzenden'])) {
$firstname           = htmlentities ($_POST['firstname']);
$name                = htmlentities ($_POST['name']);

$con= mysqli_connect("sqladres","username","password","databasename");

$query = 'INSERT INTO `inputorder`
(`contact_firstname`, `contact_name`)
VALUES ("'.$firstname.'","'.$name.'")';

Now I think I have to use $_SESSION to generate a session ID and also to write the amount (price) into this session and take it to the action page. But I've never used it before and really dont know how to use it in a good safe way!

What exactly did you tried? Show some code, and we can help you — Acelasi Eu, Dec 16 '13 at 11:35
i've updated my post with an example code of my basic mysql insert. — Raz3rt, Dec 16 '13 at 11:43
Side note: HTML has nothing to do with SQL. If you apply `htmlentities()` to input data you'll make it useless for anything else than displaying HTML and you'll still be open to SQL injection. — Álvaro González, Dec 16 '13 at 11:45

score 0 · Answer 1 · edited May 23 '17 at 11:49

0

see similar question to get last insert id:
How do I get the last inserted ID of a MySQL table in PHP?

To redirect with your variables you can use get method as:

header("Location:yourwebsite.com/payment.php?uniqe_id=". $uniqe_id . "&total=" . $total);

edited May 23 '17 at 11:49

Community

1
1

answered Dec 16 '13 at 11:41

efenacigiray

340
6
16

Wich of the two methodes do you advice? Working with a $_SESSION or read the last entry in MYSQL? – Raz3rt Dec 16 '13 at 12:26
You should work with session if you want to hide unique ids from customers as they can see the id when you redirect with get. But I don't think that you will have problems with two customer's inserting at the same moment so id's get conflicted. Always call get_last_id function (the one you are going to use) immediately after inserting. – efenacigiray Dec 16 '13 at 12:34

SQL/PHP: Calling unique ID

1 Answers1