cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Sending confidential form info to a db and to the submitter

Guest
Jan 02, 2011 Jan 02, 2011

I have a volunteer application form for an airshow, it can be seen here www.hollisterairshow.com/volunteerapp.php and when the user clicks submit their info is added to a MySQL db and the user is sent to a "thank you" page, this is working fine and may be sufficient "as is". Try it if you like !!

I'd like to try and improve this a bit in two ways:

  1. Show the information the volunteer submitted on the "thank you" page and/or
  2. Give the user the option of e-mailing a copy of their info to themselves ( it includes days they expect to be available, preferred activity etc)

The information the user submits also includes personal info such as e-mail address, phone number and street address and so should not be accessible by anyone other than the submitter and the airshow administrator or me. I have a password protected secure area for the administrator to access all the info and this is working fine. The primary key for the volunteer table is a "volunteernumber" which is a numeric field that is incremented by 1 automatically when the record is written to the table.

So, my concerns are:

  1. How do I pass the volunteernumber back to the "thank you" page in such a way that it is not visible to the user ( if I used a URL parameter the user could see they were, say, volunteer number 29 and it wouldn't take a whole lot of skill to change it to another volunteer number and see someone else's info)
  2. I think I read somewhere that sending an e-mail can open me up to malicious attacks - not very likely but still possible

I'd really appreciate a pointer in the right direction. I'm using DW CS4.

Thanks,

Tony

TOPICS
Server side applications
877
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

David_Powers
LEGEND , Jan 07, 2011 Jan 07, 2011

tonybabb wrote:

- could there be a formatting issue here or have I made some other error?

To use a session variable, page needs to begin with session_start();.

Translate
replies 6 Replies 6
latest latest Jump to latest reply
David_Powers
LEGEND ,
Jan 02, 2011 Jan 02, 2011

tonybabb wrote:

How do I pass the volunteernumber back to the "thank you" page in such a way that it is not visible to the user

Use a session variable.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 05, 2011 Jan 05, 2011
In Response To David_Powers

Thanks David,

Session variables would be the way to go I think. The problem I'm having is how to set a value in the session variable, I can't use the session variable MM_Username because the user has not logged in - and will not be able to log in. All the user has done is to complete a volunteer application form and press "submit" so am I right thinking I need to change or add a second form action which will set the value in the session variable at the time the user presses "Submit"? If so, how does one do this? I'm using DW CS4 with PHP and a MySQL db. The volunteer application form can be seen here www.hollisterairshow.com/volunteerapp.php

Really appreciate your patience while I'm continuing along this very steep learning curve.

Tony

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
Jan 05, 2011 Jan 05, 2011
In Response To Deleted User

tonybabb wrote:

Session variables would be the way to go I think. The problem I'm having is how to set a value in the session variable,

Since you're storing the volunteer's details in the database, use mysql_insert_id() to get the record's primary key, and use that.

session_start();
// insert the user's details in the DB
$_SESSION['volunteer_id'] = mysql_insert_id();
// redirect to the other page

I presume that you're using Dreamweaver's server behaviors. Editing the Insert Record server behavior to add this code will prevent Dreamweaver from recognizing it, but you need to liberate yourself from the constraints of server behaviors if you want to add your own functionality to a dynamic website.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 05, 2011 Jan 05, 2011
In Response To David_Powers

David,

Thanks that's what I think I need to do to obtain the primary key and pass it to the success page. I added the code you suggested in the volunteer application page here www.hollisterairshow.com/volunteerapp.php and the section of code I inserted can be seen below with a couple of lines of code before and after it for context

    mysql_select_db($database_adminconnection, $adminconnection);
  $Result1 = mysql_query($insertSQL, $adminconnection) or die(mysql_error());
  // start of code to get the volunteer primary key
  session_start();

// insert the user's details in the DB

$_SESSION['volunteer_id'] = mysql_insert_id();

// end of code so now redirect to the other page


  $insertGoTo = "thanksvol.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
?>

Before I create a recordset using this key I thought I'd check the session variable was set correctly so I added the session variable to the bindings panel in the success page and tried to display it by dragging the session variable onto the success page using DW CS4 as shown below.

sessionvariable1.jpg

and the code generated for this is shown below

<p><?php echo $_SESSION['volunteer_id']; ?></p>

I was expecting to see a two digit number displayed and nothing appears as shown below

sessionvariable2.jpg

- could there be a formatting issue here or have I made some other error?

Thanks again for your support, I really appreciate it.

Tony

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
Jan 07, 2011 Jan 07, 2011
In Response To Deleted User

tonybabb wrote:

- could there be a formatting issue here or have I made some other error?

To use a session variable, page needs to begin with session_start();.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 07, 2011 Jan 07, 2011
LATEST
In Response To David_Powers

That fixed it. Thank you so much.

Tony

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices