how to pass variable in php? CLOSED

Question

if(isset($_REQUEST["pwd"]) && isset($_REQUEST["name"]))
{
    $password = $_REQUEST['pwd'];
    $name = $_REQUEST['name'];


            $checkUserPass = mysql_query("SELECT * FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'", $conn);
            if(mysql_num_rows($checkUserPass) == 1)
            {
                $personnelId = mysql_query("SELECT PersonnelID FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'", $conn);
                while($row = mysql_fetch_assoc($personnelId))
                {
                //echo $row['PersonnelID'];
                //flush ();
                var_dump($row);
                }
                //setcookie()
                mysql_close($conn);
                echo "<br/><br/>";
                echo "<script>alert('Logged In.')</script>";
                header("Refresh: 1; url=profile/profile.php?id="'.$row['PersonnelId'].');
                //header('Refresh: 1; url=test.php?id=$personnelId');
            }
            else
            {
                echo "<br/><br/>";
                echo "<script>alert('Wrong Password.')</script>";
                header('Refresh: 1; url=personnelselect.php');
            }
}

?> strong text

i have this code and i want pass to profile/profile.php the value of $row. how can i efficiently do it? please help

Your code is dangerously insecure. Stop using the deprecated `mysql_*` functions and start looking into SQL injection. Your password check can be bypassed with a entered password of `' OR 1=1`. — ceejayoz, Mar 09 '14 at 19:14
To add to what ceejaoz said: look into MySQLi and parameterised queries, and read both [this](http://security.stackexchange.com/questions/25684/how-can-i-explain-sql-injection-without-technical-jargon) and [this](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1). — Polynomial, Mar 09 '14 at 19:15

score 1 · Answer 1 · edited May 23 '17 at 12:05

1

You can redirect using Redirect header instead:

https://stackoverflow.com/a/768472/421752

Apparently Refresh header has quirks: PHP header("Refresh") problems

edited May 23 '17 at 12:05

Community

1
1

answered Mar 09 '14 at 19:19

Im0rtality

3,354
3
29
41

Orel Eraki · Answer 2 · 2014-03-09T19:17:16.357

You should save the result returned from the fetching.

$pId = "";
while($row = mysql_fetch_assoc($personnelId)) {
    $pId = $row['PersonnelID'];
    //flush ();
    var_dump($row);
}
//setcookie()
mysql_close($conn);
echo "<br/><br/>";
echo "<script>alert('Logged In.')</script>";
"Refresh: 1; url=profile/profile.php?id={$pId}"

Tip: As mentioned at the post Comments, you should really protect yourself against SQL-Injections and use the newer mysqli functionality.

score 0 · Answer 3 · answered Mar 09 '14 at 19:29

0

Use header Before any Html output or php echo or print Here You Have

echo "<br/><br/>";
echo "<script>alert('Logged In.')</script>";

You dont Need that if you are Directing your user to Home page :)

answered Mar 09 '14 at 19:29

M.chaudhry

641
1
6
13

how to pass variable in php? CLOSED

3 Answers3