0

How to post values to loginchk_coustomer.php given in below code, not through Url by any other way. Is there any other way to post these value to loginchk_coustomer.php becoz it is not secure.

 <?php
include "include/connect.php";
$user_name       = $_REQUEST['user_name'];
$password        = $_REQUEST['password'];
//echo "select * from school_info where school_id='$user_name' and school_password='$password'";
$sql_query       = mysql_fetch_assoc(mysql_query("select * from school_info where school_id='$user_name' and school_password='$password'"));
$db_username     = $sql_query['db_username'];
$db_password     = $sql_query['db_password'];
$db_databasename = $sql_query['db_databasename'];

echo "<script>";
echo "self.location='member/loginchk_customer.php?db_username=$db_username&db_password=$db_password&db_databasename=$db_databasename&user_name=$user_name&password=$password'"; // Comment this line if you don't want to redirect
echo "</script>";

?>

Jack Dawson
  • 11
  • 1

1 Answers1

0

You need to create a session to store all that information.

Here's what they are - from http://php.net/manual/en/features.sessions.php:

Session support in PHP consists of a way to preserve certain data across subsequent accesses.

To start a session write at the beginning of your code:

session_start(); // needed in all pages that will use the variables below

and then after your assign the information this way:

$_SESSION['username'] = $sql_query['db_username'];
$_SESSION['password'] = $sql_query['db_password'];
$_SESSION['databasename'] = $sql_query['db_databasename'];

All the information will persist on those variables along the site until you do:

session_destroy();

I also recommend you not to redirect with javascript, but this way in PHP:

header('Location: member/loginchk_customer.php');

Possibly after checking this answer you will think about to change the way you check the login information. But that's okay. It's the way of learning.

More information about sessions: http://php.net/manual/en/book.session.php

I hope this helps.

axelbrz
  • 783
  • 1
  • 7
  • 16
  • 1
    Note: the PHP redirect code `header('Location: ...');` only works before any data has been sent. On any files that you `include` or `require` before the redirect you must not echo anything out, and you should omit the final `?>` tag. –  Jan 16 '15 at 01:07
  • 1
    Yes, thanks for the clarification. Also, Jack Dawson, if you do `header('Location: ...');` in the middle of a code -for example inside an if, for login or logout- which probably echoes something later it is normal to do a `die();` after that line to abort the execution right there -if it won't echo anything later it isn't necessary-. – axelbrz Jan 16 '15 at 01:13
  • Dear axelbrz thank for your reply. I am using this code for accessing multiple database, 1 database contain all details of client like -username passwords db_username db_password and other databases contain their data, Is it OK ? or i have follow any other procedure. – Jack Dawson Jan 16 '15 at 08:07
  • That is okay I think, anyway, try to research more about how to store passwords in a database as if they are stored in plaintext and your database is compromised your users and you will have a little big problem.. Moreover, if you find the answer useful and you think it's the correct one please let us know by marking it as the chosen one by you, not to keep this question open indefinitely, thanks. – axelbrz Jan 16 '15 at 08:31