post data not loop php

Question

I am quite new to PHP and I have an issue. I want to pass data from both the page I am sending it from and also from a while loop.

I want to pass both the Job_ID (which is from a separate table to the User_ID) and the User_ID when the user clicks on the "Send Job Request" link.

I do not know how to do this, I have experimented with Unions of the two tables, but nothing is working. Help would be appreciated

This is bits of my code

Jobs page

<?php
   $Job_ID = $_GET ['Job_ID'];
   $Job_ID = $_POST ['Job_ID'];
?>

<?php

   mysql_connect ('','','');

   mysql_select_db('');

   $sql = "SELECT * FROM workerlogin WHERE category='".$category."'"; 

   $records=mysql_query($sql);


?> 
<?php

   while($jobs=mysql_fetch_assoc($records)){

   echo "<tr>";                     
   echo "<td><a href='send_jobs.php?User_ID=" . $jobs['User_ID'] . "' ; >
   Send Job Request</td>";                  

?>

***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jul 11 '17 at 15:09
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Jul 11 '17 at 15:09
What does passing URL parameters have to do with a UNION? Exactly, absolutely nothing at all. If you want to pass a second parameter via GET - then _add_ a second parameter. — CBroe, Jul 11 '17 at 15:11
Trying to take the job id out of $_GET first, and then overwriting the variable with the same element from $_POST is also nonsense. If you have a situation where that parameter could be passed by either GET or POST method, then use $_REQUEST. Otherwise, use only the appropriate one, and don’t overwrite the variable on the next line. — CBroe, Jul 11 '17 at 15:12
Use both I'd in get formats and send second data same as first data... — sekaraja, Jul 11 '17 at 15:17

score 0 · Answer 1 · answered Jul 11 '17 at 15:17

Firstly, I would recommend having a look at how to "escape" user input. What would happen if a user posted a query as their job id, would it execute?

You can use mysql_real_escape_string

To find out what is being sent in the list array try var_dump($_POST);

And the same for $_GET to see what's been sent.

Final thing I think I should say, is mysql_* stuff has been deprecated. You should really look into PDO for database connections.

Good luck! J

post data not loop php

1 Answers1