473,883 Members | 1,709 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

passing a variable from page to another page

25 New Member
Hi there, I would like to ask a question about how to pass a variable from page to page. For example, I have my first page for login and used a session with cookie and after submitting successfully and redirect my page to another page I want show statement like Hello Smith or Welcome Smith, and it doesn't work properly. Anyone knows the soulution would be appreciated. Thanks

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. if (loggedin())
  3.     {
  4.     header("Location: redirectpage.php");
  5.     exit();
  6.     }
  7. if ($_POST["login"])
  8. {
  9.     global $username;
  10.     $username = $_POST['username'];
  11.     $password = $_POST['password'];
  12.     $rememberme = $_POST['rememberme'];
  15.     if($username&&$password)
  16.     {
  18.     $login = mysql_query("SELECT * FROM usersystem where username='$username'");
  19.     while ($row = mysql_fetch_assoc($login))
  20.     {
  21.         $db_password = $row['password'];
  22.         if($password==$db_password)
  24.     else
  25.         setcookie("username", $username, time()+7200);
  26.         else if ($rememberme=="")
  27.         $_SESSION['logged_in']== $username;
  28.         $_SESSION['username'] =$_POST['username'];
  30. //userarea.php
  31.         header("Location: redirectpage.php");
  32.         exit();
  34.         }
  36.     }
  38.     }
  39.     else
  40.     die("Please enter a username and password");
  42. }
  43. ?>
This is the code for the second page that I want the name of the user to show up.

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  4. $username = $_SESSION['username'];
  6. echo $_SESSION['username'];
  10. echo "Hello ". $username ;
  11. ?>
So what's wrong with my code. Thanks again
Jan 21 '10 #1
20 3416
5,058 Recognized Expert Expert

There is a syntax error there on line 24. The if, else and else if statements don't match up.

It is generally best to always use brackets with if statements, even if they only execute on line of code. It helps to avoid problems like these.

Expand|Select|Wrap|Line Numbers
  1. // Avoid this:
  2. if(true == true)
  3.     echo "It is true!";
  4. echo "A completely unrelated line...";
  6. // Rather do this:
  7. if(true == true) {
  8.     echo "It is true!";
  9. }
  10. echo "A completely unrelated line...";
There are a couple of extra charachters required, but it makes it a whole lot clearer to read, especially if your indentations are sloppy.
Jan 21 '10 #2
25 New Member
Actually the I wrote the code and I knew that it's wrong because I picked up just for example of how to pass session variable to another page and I was asking about this. Anyway thanks a lot of passing my thread.
Jan 21 '10 #3
1,059 Top Contributor
you can try this

Expand|Select|Wrap|Line Numbers
  1. redirectpage.php?user_name=johny&user_age=100
then in redirectpage.ph p usign $_GET you can have the data. i.e
Expand|Select|Wrap|Line Numbers
  1. $name=$_GET[user_name];
  2. $age=$_GET[user_age];
Jan 22 '10 #4
25 New Member
Thanks for reply I'm really thankful to u

by the way, actually the first code that I submitted in the first topic that will be in the login screen and I can't pass the login and password in the tool bar of the browser so I'm using POST instead of get because it's much secure. I tried your code but I used POST but couldn't get the username.

So what should I do?
Jan 22 '10 #5
1,059 Top Contributor
I dont know what is your plan.

But if you try session it may help. After user log in you can save the user_name and Password using session. your php page will be able to use these session anytime if session is valide. Cookie is a solution but a very easy solution to destroy the security.

Jan 23 '10 #6
5,058 Recognized Expert Expert
OK, to answer the original question: there are a couple of methods you can use to pass things between pages.
  1. Sessions
    These are the most secure of the methods, because the actual data is stored on the server, while only a session identifier is passed to the browser (usually as a cookie). Any page on the domain can then activate the session and use the data, given that the cookie is not destroyed. This is highly recommended for storing sensitive data, such as user login information.
  2. Cookies
    Less secure and reliable than sessions, but more long-term. Whereas a session is destroyed every time the browser is closed (by default), a cookie can remain indefinitely. It is usually best not to use these to store sensitive info, only info that would not be a security threat if it fell into the wrong hands.
  3. GET parameters
    Adding variables to the URL can serve as a (very) short-term method of passing data between pages. This is usually reserved for things like passing paging information via navigation links. In general, if the same piece of data needs to be passed to more than a couple of pages, a session or a cookie is a better choice.
There are a few more possible methods, but they are generally so situational and questionable that they are hardly worth mentioning.

For the purposes of storing user login data, a session would be ideal. Putting the user name and ID into the session is pretty standard.

This is a pretty generic example of how that would be done.
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. // Make sure the login info was passed
  3. if(isset($_POST['name'], $_POST['password'])) 
  4. {
  5.     // Fetch the user name from POST.
  6.     // Note the use of the mysql_real_escape_string function.
  7.     // It should ALWAYS be used on data that is to be
  8.     // inserted into a SQL query.
  9.     $name = mysql_real_escape_string($_POST['name']);
  11.     // Fetch the password. Note that I hash() the password.
  12.     // This ensures the password is secure, even if
  13.     // the database itself is comprimized. You should
  14.     // ALWAYS hash passwords, and never store them as
  15.     // plain text. The above rule about the escape_string
  16.     // function does not apply here, as a hash is always 
  17.     // safe to put into a SQL query.
  18.     $pwd_hash = hash('sha1', $_POST['password']);
  20.     // Verify that the login info is valid.
  21.     // It is better to fetch the user info based on
  22.     // the username and the password, rather than to pass
  23.     // it only the username and verify the password with
  24.     // PHP. This way, if the login is invalid, the real
  25.     // password never enters your PHP code, making it more
  26.     // secure.
  27.     $sql = "SELECT `id` FROM `user` 
  28.             WHERE (`name` = '{$name}')
  29.             AND   (`password` = '{$pwd_hash}')";
  31.     $result = mysql_query($sql) or trigger_error(mysql_error(), E_ERROR);
  33.     // If a single row was returned, the user info is
  34.     // valid. If more than a single row was returned,
  35.     // odds are that something went rong, or that your
  36.     // code has somehow been comprimized. This is why
  37.     // you should validate ONLY if a single row is returned.
  38.     if(mysql_num_rows($sql) == 1) 
  39.     {
  40.         $row = mysql_fetch_assoc($sql);
  42.         // Here we start the session and enter the
  43.         // user info into it. Note that session values
  44.         // can be arrays themselves, so that you can group
  45.         // similar elements together, like I do here.
  46.         session_start();
  47.         $_SESSION['user']['id'] = $row['id'];
  48.         $_SESSION['user']['name'] = $name;
  49.     }
  50.     else
  51.     {
  52.         echo "Login failed. Please try again!";
  53.     }
  54. }
  55. else
  56. {
  57.     echo "Username and/or password were not passed.";
  58. }
  60. ?>
You can then verify a user as logged in on other pages by doing something like:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  4. // Check if the user session element exists.
  5. // If it does, we can assume the client has
  6. // already logged in. If not, we can not.
  7. if(!isset($_SESSION['user']))
  8. {
  9.     // Redirect back to the user login page.
  10.     header('Location: login.php');
  11.     exit;
  12. }
  14. // Display the rest of the user-secure content.
  15. echo "Welcome, {$_SESSION['user']['name']}!";
  16. ?>
You should NEVER store the password anywhere, especially in it's plain-text form. If you absolutely can not avoid it, you should at least hash it before doing so. Passwords are one of the more sensitive pieces of info your application will ever handle and they should be used as little as possible.

I mean, consider if a malicious user managed to inject a PHP script to your server. It would be fairly easy for him to hijack sessions and view all the session data, including the password. Limiting this to usernames and IDs makes this sort of breach a lot less damaging.
Jan 23 '10 #7
1,044 Recognized Expert Top Contributor
I disagree. The password should be stored in its hashed form. What if two users are logged into the same account at once? What if the valid user knew that someone knows his password and he needs to change it before the other user harms his account? He would then change his password. If the password was re-authenticated on every page request (as I believe it should be), then the false user would be essentially logged out.
Jan 23 '10 #8
5,058 Recognized Expert Expert
That's an extremely rare scenario, to be honest, and preventing it hardly takes priority over the security of all passwords being used. Even in it's hashed form, in the hands of a malicious user a password would be a major security concern.

But if this scenario is of great concern to you, a far more sensible method - surely - would be to add a "modified" timestamp to the user account that would be updated with the password. The value of that timestamp at the time when a user is logged in would then be stored with the session and checked on every reload.

There is rarely a situation where you need to store the password anywhere - outside normal login and account maintenance - and you really should avoid it wherever possible, for obvious security reasons. That is what I would generally recommend, in any case.
Jan 24 '10 #9
1,059 Top Contributor
Hi Atli,
You have comment out one of my line. Actually I am explaining it. I did tell to store data using SESSION but I didnt mean to store in storage device like hard disk. If I am not wrong session data get stored in the server and in the RAM. My understanding says Session stores run time data.

I also strongly disagree password in server's storage device.

Jan 24 '10 #10

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Paul | last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and session.use_trans_sid = 1 in my php.ini file. Index.php contains: ---------------------------------------------------------------------------- <?php ini_set("session.use_cookies", "off"); ini_set("session.use_trans_sid", "on"); session_start(); $_SESSION = ""; $_SESSION = ""; echo "<form method='POST' action='login.php'>
by: Jason Us | last post by:
Does anyone have experience with passing variables from an ASP page to a JSP page. The way it currently works in passing the SSN in the URL. This cannot be good. I thought that storing a unique session ID in a cookie and referencing the SSN from the Session ID would be the correct way to do this. But since we have two separate servers, IIS and Websphere, how do we coordinate the session ID?
by: jr | last post by:
Sorry for this very dumb question, but I've clearly got a long way to go! Can someone please help me pass an array into a function. Here's a starting point. void TheMainFunc() { // Body of code... TCHAR myArray; DoStuff(myArray);
by: opt_inf_env | last post by:
Hello, I know three ways to pass variables form one page to another. The first one is to declare and set session variable. In this case if one goes to another page (by clicking on hyperlink or pressing a button) value of a session variable will be automatically seen on the new page. The second way is to set hidden variables in the form and go to new page by execution of this form (press a button or enter), and the last way, which I...
by: Geoff Cox | last post by:
Hello, I have written before that I can pass a variable from page 1 to page 2 if I call the variable "name". Stephen Chalmers has written, >'name' is effectively a reserved word as the variable window.name is >created automatically, but is not read-only. >Use more imaginative names for variables.
by: Mike P | last post by:
When you are passing a value to another page, and will need access to it throughout the page and on any postbacks, what is the best way to store it? By making it a variable accessible to the whole page, or by putting it in the ViewState? Thanks, Mike
by: James Robertson | last post by:
I am new to the ASP and VB thing so be kind. Question I have is that I have created an ASPX web site to use as an E-Mail page. But I want to use this for a lot of users. Can I create the link on the WEB site to mail to passing a variable from the WEB site to the ASPX web site to E-Mail to? Hope I explained this correctly. This is a response from another group. There was no way for you to know it, but this is a classic asp newsgroup....
by: DaTurk | last post by:
If I call this method, and pass it a byte by ref, and initialize another byte array, set the original equal to it, and then null the reference, why is the original byte array not null as well? I thought passing by reference, your passing the address in memory. public bool DoSomething(ref byte data) { byte retVal = null; try
by: rfr | last post by:
I have a need to use a single version of a Visitor Response Feedback Form on numerous HTML documents. Rather than have numerous versions of this, one on each HTML document, it makes more sense to have ONE FORM and use it from each HTML document that needs it. But, the visitor should see a title on the form that relates to the specific page about which they are giving the feedback. And the results of the form must include what page was...
by: aelred | last post by:
I have a web page where a member can open up a chat window (child window) with another member. - From there the member can also navigate to other web pages. - From other pages in the site, they may also open up new chat windows with other members (just not the same one). - Each chat page is opened with the member name as the window name. - When I log off from the web page, I would like all the chat windows to automatically close. I...
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.