Pass hidden variable in php page redirect

Asked

Viewed 728 times

2

I was doing a job and I need to finish my login on the login page, php redirect pro index along with a variable. In the login I made a select where returned me the nickname of the user, now I need to send this nickname to the index in order to make other queries there from this nick. how can I do this without being exposed in the url or source code?.

I’m new to the web, I don’t know how to do this.

I had made this code:

if(isset($_POST['submeter'])){
        $email = $_POST['email'];
        $pass = $_POST['senha'];
        $pass = hash('sha256', $pass);
        $stmt = $connect->prepare("SELECT loginUsuario FROM usuario WHERE email =? and senhaUsuario=?");
        $stmt->bind_param('ss',$email,$pass);
        $stmt->execute();
        $stmt->store_result();
        if($stmt->num_rows <=0){
            echo "<h3 id='erro'>E-mail ou senha incorretos!</h3>";
        }else{
            $result= $stmt->bind_result($loginUsuario);
            $stmt->fetch(); 
            setcookie("login",$email);
            header("location: index.php"); //passar $loginUsuario junto de alguma forma.
        }
    }
php database web-application login crud

  • You used a cookie setcookie("login",$email); to store this information is not better to retrieve the cookie? type $_COOKIE['login'] ? I don’t know if it’s the best way, it was based on your code.

  • This cookie command I saw on the internet, I don’t know how to use it. Can you explain to me what parameters I put in and where this cookie is "stored"? And how to retrieve it on the other page.

  • Cookie is on the client’s machine, in the browser and you can recover on the index page for example with the command echo $_COOKIE['login'];.

  • you can also use Session.

  • Can you give me an example of Session? I don’t know about security when using cookies.

1 answer

1


You can also use Session.

Obs: session_start(); is mandatory and must be the first element of your page before any html entry

 <?php 
 session_start();
 ................
 ................
 if(isset($_POST['submeter'])){
    $email = $_POST['email'];
    $pass = $_POST['senha'];
    $pass = hash('sha256', $pass);
    $stmt = $connect->prepare("SELECT loginUsuario FROM usuario WHERE email =? and senhaUsuario=?");
    $stmt->bind_param('ss',$email,$pass);
    $stmt->execute();
    $stmt->store_result();
    if($stmt->num_rows <=0){
        echo "<h3 id='erro'>E-mail ou senha incorretos!</h3>";
    }else{
        $result= $stmt->bind_result($loginUsuario);
        $stmt->fetch(); 
        setcookie("login",$email);

        //criando a session
        $_SESSION["login"]=$email;            

        header("location: index.php"); //passar $loginUsuario junto de alguma forma.
    }
}

On the index

<?php 
session_start();
$login=$_SESSION["login"];

//caso queira usar o cookie
//$login=$_COOKIE['login'];

  • Thank you. Coming home I do the tests. Do you have any of the two best performing/safe solutions for me to choose from? Could use more than one Session to pass more variables?

  • yes, as many Sesssions as needed

  • cookies has that javascript chat been disabled and stuff

  • And what’s session_start for? What’s the difference if you don’t use it? I didn’t implement it in the code.

  • if not use will not work

  • session_start() is used qd vc has a session created and wants to propagate session information... one session serves to store values in a variable, passing from one page to another its values "automatically". see more on http://br.php.net/manual/en/function.session-start.php

  • Okay. Thank you to everyone who helped.

Show 2 more comments

Browser other questions tagged php database web-application login crud

You are not signed in. Login or sign up in order to post.