0

I want to store LAST_INSERT_ID() aka Case_ID and call it in another html page. How do I do this?

$query.= "insert into Picture (Case_Pic,Case_ID) 
          values ('" .addslashes($imagefile). "', LAST_INSERT_ID())" ;
Dave
  • 3,073
  • 7
  • 20
  • 33
Zesty
  • 73
  • 8
  • need some more information not clear your question – Karthi Nov 11 '16 at 07:55
  • **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. `addslashes` is insufficient. – Quentin Nov 11 '16 at 10:42

2 Answers2

0

Save it in session. Like you have id as follows:

$id = '112';
session_start();
$_SESSION['case_id'] = $id;

and then in other html page:

<?php
session_start();
//Now you can use $_SESSION['case_id'] however you want here.
?>

I hope it helps

Abhay Maurya
  • 11,819
  • 8
  • 46
  • 64
0

EDIT: Just realised that you might also need a way to get the last insert ID.

As I can see from your code, you seem to be running 2 queries and are using the last insert ID of the previous query into the next query, if I'm not mistaken.

If that's the case, you will need to separate out the queries and at the end of your case table insert query use mysqli_insert_id if you are using MySQLi (which you should).

Example code:

$query = "INSERT INTO `Case` (`Case_name`) VALUES ('".mysqli_real_escape_string($db,$case_name)."')"; $q_obj = mysqli_query($db, $query); $case_id = mysqli_insert_id($db); $query2 = "INSERT INTO `Picture` (`Case_Pic`,`Case_ID`) VALUES ('".mysqli_real_escape_string($db, $imagefile)."', '".mysqli_real_escape_string($db, $case_id)."')"; And then, you will need to pass it to the HTML page via query string parameter: header('Location:success.html?case_id='.$case_id);

And in your HTML page, use JavaScript to get the query string parameters, parse them and extract the case_id query string parameter

Kanad Godse
  • 309
  • 1
  • 6
  • 1
    its bad practice to use URL to send important data as id. It can lead to security risks. – Abhay Maurya Nov 11 '16 at 07:58
  • Agreed, but the server side code should also be coded properly and should follow best practices of sanitizing **all** variables to prevent SQL injection and then it can be used without any issues. I don't see any issue using the primary key of a table if the server side code is written properly. Do let me know if this is still wrong. – Kanad Godse Nov 11 '16 at 09:48
  • Yes, but that doesn't mean that you should not take care and use more secure way wherever you have choice. – Abhay Maurya Nov 11 '16 at 10:02
  • Since OP asked to have the variable accessible in HTML and not PHP page, I have suggested that approach. The OP has also tagged the question with cordova which most likely means he may be developing a hybrid app which could mean the page where he wants to redirect could be in his phonegap app where PHP would not work. Just trying to give an explanation for the "unsecure" method that you think I suggested. – Kanad Godse Nov 11 '16 at 10:48