Store _POST into variable to use with Page Data

Question

I have the following form on my index.php page that sumbits to a page called live. php

index.php

<form action="live.php" method="POST" enctype="multipart/form-data">
    <td>
        <label for="event">Create Event: </label>
        <input type="text" id="event" name="event" placeholder="Event Name">
        <input type="submit" name="saveEvent" value="Add Event">
    </td>
</form>

In my live.php page I am using the sumbitted data to create a database.

live.php

if(isset($_POST['event']))
{
   $event = $_POST['event'];
   $sqlEvent = "CREATE DATABASE `$event`";
   mysqli_query($con, $sqlEvent) or die(mysqli_error($con));
}

I then use $event to echo as the title of the page.

<?php
    echo '<h1 align="center">', $event ,'</h1><br />';
?>

What happens is when I refresh the page the title disappears. What I am looking for is a way to store $_POST['event'] into a variable/session that I can use until I close the web browser or reset the variable to be empty via a button. Any help with this would be greatly appreciated.

EDIT This is what I tried to get $_SESSION to work, but had no luck

if(isset($_POST['event']))
{
   $_SESSION['event'] = $_POST['event'];
   echo $_SESSION['event'];
   $event = isset($_SESSION['event']) ? $_SESSION['event'] : "no event";
   echo $event;
   $sqlEvent = "CREATE DATABASE `$event`";
   mysqli_query($con, $sqlEvent) or die(mysqli_error($con));
}

It will echo just fine for both, but once I refresh the page I lose the data stored in $event

Horrible practice to not use prepared statements... and to allow the creation of a table or database by the Client. Your problem is happening because the `POST` has to happen to echo that `$event`. You would need to use a `$_SESSION`, at the bare minimum, to get the `$event` after the `POST`. Of course, I would use JavaScript's `XMLHttpRequest` instead of supper old form submission, as well. `session_start()`, before your headers are sent, then `$_SESSION['event'] = $event;`. — StackSlave, Apr 02 '21 at 02:24
@StackSlave I will use prepared statements once things are working properly. I do it this way to start until it works. But I have tried using $_SESSION I made an edit with the code for how I tried getting it to work. — Brent Yaron, Apr 02 '21 at 02:35
The day-to-day operation of your app should not involve schema changes. I.e., adding an event should be done by inserting a row, not by creating a new database. You absolutely do not want to put table or database creation (or naming) into the hands of your users, it's nearly impossible to manage securely. — Alex Howansky, Apr 02 '21 at 02:53
@AlexHowansky I will be the only one using it. This is for our club as a live results page. The end user will only see the the output of the tables. I just don't know what other route to take as I keep hitting road blocks. — Brent Yaron, Apr 02 '21 at 03:00
`session_start(); if(isset($_POST['event'])){ /* block of code you already made */ }elseif(isset($_SESSION['event'])){ $event = $_SESSION['event']; }` — StackSlave, Apr 02 '21 at 03:26
It is a very bad idea to use `die(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) — Dharman, Apr 02 '21 at 11:56

Store _POST into variable to use with Page Data

0 Answers0