0

please help me with this project, I have a form from a page 

<form method="post" action="../download_form138.php" >
<input type="submit" name="download" value="download" id="<?php echo $row["id"]; ?>" class="btn-xs" />
</form>

and here is a piece of my download_form138.php

// CREATE A NEW SPREADSHEET + POPULATE DATA
$sheet = $spreadsheet->getActiveSheet();
$sheet->setTitle('Form 138');
$stmt = $pdo->prepare("SELECT  * FROM q1 INNER JOIN sf1 ON q1.id = sf1.id WHERE q1.id = '".$_POST["download"]."' ");
$stmt->execute();

it does not download the data from the data base but when i change the WHERE q1.id = '".$_POST["download"]."' into WHERE q1.id = 5, it downloads the data with the same id in my database, What i want to do is that when a user click download, it downloads the data from the database with the same id.

angelo
  • 13
  • 1
  • 4
  • 1
    Run a `var_dump($_POST)` to see what's wrong – Roy Bogado Mar 05 '19 at 08:39
  • Please use `?` in your query. See https://stackoverflow.com/questions/4042843/in-php-how-does-pdo-protect-from-sql-injections-how-do-prepared-statements-wor – Adder Mar 05 '19 at 08:50

1 Answers1

1

You need to change the value, not the ID.

<form method="post" action="../download_form138.php" >
<input type="submit" name="download" value="<?php echo $row["id"]; ?>" class="btn-xs" />
</form>
Muhammad Azizol Aminuddin
  • 623
  • 5
  • 17
  • Thanks for the comment but that is not I'm looking for, I should download the data from my database that corresponds to the id of the user.. Do you have any suggestion? – angelo Mar 05 '19 at 08:45
  • Where can I get the id of the user? If you already have user id in the session. Why not just use it from the session into the sql – Muhammad Azizol Aminuddin Mar 05 '19 at 08:50