ansaurus

Question

Carrying row values from MYSQL after form submission.

Answer 1

A:

In the second form you could include:

<input type='hidden' name='user_id' value='whatever' />

Jonathan Fingland 2009-06-04 02:05:15

Yeah, I saw that in the blog tutorial, but my issue is more getting the correct value (the just added user's id) into that hidden input.

Allansideas 2009-06-04 02:11:12

Answer 2

A:

I'd say you are better off with the session key in the users table; it's more secure (assuming you are doing this over https).

Storing a value in a hidden field is easy to manipulate from a security perspective. If your fields use auto increment, It's also easy to guess what the next one will be. A user could just pretend to be the next user registering and take that user's info. You are also giving info about what other user's ids are, how many users are registered for your site, etc.

Also, unless you are planning on doing something ajaxy, I'm not sure there is much of a choice; the user would click submit, get redirected to another webpage while the save is happening, the only information that could be transmitted would be url you redirect them to or session. You could pass it in the url, but it would also have the above problems.

Todd Gardner 2009-06-04 02:14:36

Thanks! I am pretty new to all this, but come to think of it, the session key will probably be useful in a whole bunch of other places, so its not so hacky after all.

Allansideas 2009-06-04 02:21:40

Answer 3

A:

In MySQL you can get the id of the last inserted row with this statement:

select LAST_INSERT_ID();

Then you can pass that value around in your forms or session for your future inserts.

Hardwareguy 2009-06-04 02:21:57

Ah yes, I was wondering about that. The issue would be that if the app started to grow really quickly would there be a chance of someone else submitting a form in the time that the query took to complete?

Allansideas 2009-06-04 02:24:30

Just stack the last_insert_id() query with the insert so they execute at the same like this:Insert into users(name) values('taco'); select last_insert_id();

Hardwareguy 2009-06-04 02:38:15

Thanks, in 30 mins on this site I have learned more than 2 hrs of googling,

Allansideas 2009-06-04 02:46:46

@Hardwareguy - That is actually not necessary. LAST_INSERT_ID is on a per-connection basis, so as long as no other queries are executed by that connect you are safe: http://dev.mysql.com/doc/refman/5.0/en/getting-unique-id.html

Todd Gardner 2009-06-04 02:50:15

Answer 4

A:

You can call

 $id = mysql_insert_id();

immediately after running the insert statement to get the last id generated by the database for the autoincrement field. This returns 0 if the statement did not generate an id. This page explains in more detail.

You can then use that id on the next form

 <input type="hidden" value="<?= $id ?>"/>

Vincent Ramdhanie 2009-06-04 02:24:22

Neat, thanks! If I run the query immediately after the insert then there is no chance that another record will have been inserted in the time it takes to execute (if two people click submit simultaneously) or does this never happen?

Allansideas 2009-06-04 02:31:07

You will need to test this assumption. It is supposed to be safe but you could get unlucky. The page that is linked in the answer has some discussion about thread safety.

Vincent Ramdhanie 2009-06-04 04:20:39

Answer 5

A:

Hi,

Well I think that first you should use Database transactions during the process. Second thing to do is to get the last inserted id inside the transaction with:

like:

$this->db->trans_start();
..(QUERIES)...
$this->db->insert_id();
..(QUERIES)...
$this->db->trans_complete();

Regards,
@pcamacho

Pedro 2009-06-04 08:13:18

ansaurus

tags:

views:

answers:

Carrying row values from MYSQL after form submission.

related questions