-1

I'm having a problem with my PHP. I would like to send data from my page to another page. But it's all in PHP. I need to take an input value and a combobox value. And I don't know how to do it.

Here's my PHP :

<?php 
session_start();

$q = intval($_GET['q']);

$db = mysql_connect('localhost', 'root', 'root'); 
mysql_select_db('Projet',$db);



$sql2 = "select IDControle, NomControle from Controle WHERE IDUser='".$_SESSION['id']."'";
$req2 = mysql_query($sql2) or die('Erreur SQL !<br>'.$sql2.'<br>'.mysql_error());

echo'<select id="controleChoix" name="controleChoix">';

while ($data2 = mysql_fetch_array($req2)){
    echo '<option value="'.$data2['IDControle'].'">'.$data2['NomControle'].'</option>';
}

echo '</select>';
echo '<input type="hidden" name="selected_text" id="selected_text" value="" />';



$sql = "select ID, Nom, Prenom from User where Groupe ='".$q."'";
$req = mysql_query($sql) or die('Erreur SQL 2!<br>'.$sql.'<br>'.mysql_error());

echo '<ul class="list-group">';

while ($data = mysql_fetch_array($req)){

    echo '<li class="list-group-item"><strong>Nom</strong>  : '.$data['Nom'].' <br> <strong>Prénom</strong>  : '.$data['Prenom'].'<br>';
    echo '<input type="text" name="note" id="note"/> &nbsp;&nbsp;&nbsp;';
    echo '<a class="label label-success" href="ajouterNote.php?var1='.$data2['IDControle'].'&var2='.$data['ID'].'&var3='.$test.'"><i class="fa fa-fw fa-check"></i></a></li>';

}
echo '</ul>';
echo '<a class="btn btn-primary" href="#">Ajouter toutes les notes</i></a></li>';

?>

I need to send the input note.value, the select controleChoix.value and the intval q that I've received from another page.

FlorianSL
  • 89
  • 1
  • 9
  • It's not clear what you mean. How are you "sending data to another page"? Are you just looking for the `form` tag? – David Feb 08 '16 at 13:17
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Feb 08 '16 at 13:19
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Feb 08 '16 at 13:19
  • @David Yes like a form tag – FlorianSL Feb 08 '16 at 13:21
  • @JayBlanchard ok i'm going to change that, thank you – FlorianSL Feb 08 '16 at 13:22
  • 3
    I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."*. If you don't have time to do it right the first time, when will you find the time to add it later? – Jay Blanchard Feb 08 '16 at 13:22
  • @FlorianSL: Ok, then use a `form` tag? What isn't working? – David Feb 08 '16 at 13:22
  • @JayBlanchard I don't know why are you saying this because I've never said that. I'll use SESSION var. – FlorianSL Feb 08 '16 at 13:24
  • 1
    I know why @JayBlanchard is saying that. Because after decades of seeing these things, your elders (I am old) know what they are talking about. – Drew Feb 11 '16 at 15:29

1 Answers1

1

As you already seem to use SESSIONS, you could easily transfer your data from one page to another using these $_SESSION variables.

https://secure.php.net/manual/en/book.session.php

edit: Please keep in mind that this isn't secure at all. The values can easily be changed by the user. Using this you might want to validate the values first, before using.

DurtyFree
  • 79
  • 2
  • 6
  • The OP needs to *"take an input value"*. You can add input values to the session, but you're going to have to have a form take the value. – Jay Blanchard Feb 08 '16 at 13:24
  • @JayBlanchard Oh, thanks! But I guess he also wants to transfer the data to another page after taking the input. – DurtyFree Feb 08 '16 at 13:26
  • Yes I know that doing this isn't secured. But it was just a try, in order to see if it works. $_SESSION is secure right? – FlorianSL Feb 08 '16 at 13:26
  • @FlorianSL You should validate the data before using it again ( after saving it in the session variables ), because you can easily edit the session saved variables on the client side. – DurtyFree Feb 08 '16 at 13:28
  • Ok it's not a problem i'll validate the data, and the admin can also change values if there's a problem. – FlorianSL Feb 08 '16 at 13:31
  • @FlorianSL Just keep that in mind!:) Please accept my answer if it answered your question :) http://stackoverflow.com/help/someone-answers – DurtyFree Feb 08 '16 at 13:35