2

I have a page that gets info from the database and transforms it into rows:

<?php

session_start();
$cuser = $_SESSION["username"];

$getRequests = "SELECT * FROM friends WHERE user2='$cuser' AND accepted='0'";
$query = $conn->query($getRequests);

if ($query->num_rows >= 1) {
  while($row = mysqli_fetch_assoc($query)) {
    echo "<div id=fRequest>";
    echo "<a href='#'>".$row["user1"]."</a>";
    echo "</div><br>";
    echo "<a href='#'><button>Accept</button></a>", " ", "<a href='#'><button>Ignore</button></a>";
    echo "<br><br>";
  }
} else {
    echo "You don't have any friend request :(";

}

?>

How do I pass info (from a specific row) to another page, to then run a sql script?

PS: I usually get more than 1 result from this query.

olibiaz
  • 2,551
  • 4
  • 29
  • 31
João
  • 67
  • 1
  • 7
  • In your accept or ignore anchor add an link to new page along with the id of the row. then access the row on new page using mysql query saying select * from friends where that id – Pardeep Poria May 09 '16 at 17:20
  • @Poria but how does the other pages knows the id, I need to do it in a way that other people can't change id or access it from other way other than clicking the accpet button – João May 09 '16 at 17:24
  • you will send it like accept.php?row_id= and on accept.php get the id from url using $_GET['row_id']; then pass it in your mysql query if it is numeric by checking is_numeric($_GET['row_id']) – Pardeep Poria May 09 '16 at 17:26
  • I can't do it by get method, it's unsafe for what I wanna do – João May 09 '16 at 17:31

4 Answers4

3

You could store the data in a session and use it in the other page.

For example:

while ($row = mysqli_fetch_assoc($query)) {

   /* Other code */

  $_SESSION['user1'][] = $row["user1"];

}

And then, in your other page:

echo "<pre>";
print_r($_SESSION['user1']);        
echo "</pre>";

This will give you the whole array of all user1 rows.

Indrasis Datta
  • 8,692
  • 2
  • 14
  • 32
  • But that gives me the full array, i just want one scpecific row – João May 09 '16 at 17:25
  • Which row and which data do you want to access in the other page? – Indrasis Datta May 09 '16 at 17:31
  • Sessions are probably the securest way. The information is stored only in the server, so 1 big thing not to worry about. It's cool that we all gave different solutions (get, post, sessions), upvoted ur answer. – Webeng May 09 '16 at 17:37
0

Send any parameter in href and fetch it in another page via get method, and run query by where clause by that parameter , you will be able to fetch that information

Waleed Ahmed Haris
  • 1,229
  • 11
  • 17
  • If I do it by get method, other people could just enter any value and access the database :( – João May 09 '16 at 17:29
  • @João well it's not as simple as that. There are many proper ways to use `$_GET` to do sql queries, however what worried me more about using a query string is that the information is exposed on the URL, which is why I prefered to use the `$_POST` method in my answer. – Webeng May 09 '16 at 17:32
  • Though I would definitely give a bit of an explanation on how to do this properly Waleed, cause sql injection is the main concern. – Webeng May 09 '16 at 17:33
  • by any parameter means you would make a unique id for that , or do it via session. As far as sql injection is concern use parametrized queries – Waleed Ahmed Haris May 09 '16 at 17:37
0

If you want to send them via the $_POST superglobal, you can do the following:

<?php
   //your previous php code here that obtains the values
?>

<form action="otherpage.php" method="POST" id="myForm">
  <input type="hidden" name="v1" value="<?php echo /*value you want to pass*/?>">
  <input type="hidden" name="v2" value="<?php echo /*value you want to pass*/?>">
</form>

<script type="text/javascript">
    document.getElementById('myForm').submit(); // SUBMIT FORM
</script>

You would create as many inputs as you need. This can also be done automatically with php if the amount of inputs vary.

Then on page otherpage.php you would do something similar to:

<?php
  $v1  = $_POST['v1'];
  $v2  = $_POST['v2'];
?>

You can use mysql_real_escape_string() to sanitize your input, HOWEVER, if you are using PDO Prepared statements for your following queries while binding your parameters, then escaping should not be necessary as mentioned in the following thread: what is the PDO equivalent of mysql_real_escape_string

Community
  • 1
  • 1
Webeng
  • 7,050
  • 4
  • 31
  • 59
  • @João no problem dude! Just be careful with the query you do with $v1 and $v2. Please use prepared statements and bind your parameters, just to prevent sql injection. – Webeng May 09 '16 at 17:34
0

You could copy that specific row to a temporary table and generate an md5 id. In that way you could pass a link with a coded Get that points only to that row and there is no mess around with it

edit: by temporary i mean a table that delete its own row afer accessing it once. Or after some time.

Arheisel
  • 186
  • 11