I want the auto increment ID from mysqli table to show my users their ID number when they join on welcome page. I have tried mysqli_insert_id and several other methods, both OOP and Procedural. I have my function file on a seperate folder than the welcome page. Can anyone help me with a solve. Thanks. Below is the last thing I tried but it did not work.
//functions.inc.php
function createUserWaitlist($conn, $name, $email, $phoneNumber, $refer){ $sql = "INSERT INTO waitlist (usersName, usersEmail, usersPhone, usersRefer) VALUES (?,?,?,?);"; if (mysqli_query($conn, $sql)) { $last_id = mysqli_insert_id($conn); } $stmt = mysqli_stmt_init($conn); if(!mysqli_stmt_prepare($stmt, $sql)){ header("location: ../waitlistRegister.html?error=failedtoregister"); exit(); } // $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT); mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $phoneNumber, $refer); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); header("location: ../regResponse.php?name=".$_POST['name']."&userID=".$_POST[$last_id].""); exit(); }
//welcome page
<div class="response"> <h2>Thank you, <?php echo $_GET['name']; ?> for joining the waitlist! </h2> <h2>Your membership ID is : <?php echo $_GET['userID']; ?></h2> </div> <div class="link"> <h2>Here is your referral link: http://localhost/tap-network/waitlistRegister.php?refer=<?php echo $_GET['name']; ?> </h2> </div>
//waitlist.inc.php
<?php if(isset($_POST["submit"])){ $name = $_POST["name"]; $email = $_POST["email"]; $phoneNumber = $_POST["phoneNumber"]; $refer = $_POST['refer']; require_once 'dbh.inc.php'; require_once 'functions.inc.php'; if(emptyInputWaitlist($name, $email, $phoneNumber) !== false){ header("location: ../waitlistRegister.php?error=emptyinput"); exit(); } if(invalidEmail($email) !== false){ header("location: ../waitlistRegister.php?error=invalidemail"); exit(); } if(emailExists($conn, $email) !== false){ header("location: ../waitlistRegister.php?error=emailtaken"); exit(); } createUserWaitlist($conn, $name, $email, $phoneNumber, $refer); } else { header("location: ../waitlistRegister.php?error=tryagain"); exit(); }
Advertisement
Answer
Never output values from
$_GET
or$_POST
(which may be tampered with by a malicious user) in a page without prior sanitization. You’re opening op the doors for Cross Site Scripting (XSS). The least you can do is usehtmlspecialchars()
around it.Change
$_POST[$last_id]
(this is looking for the ID as a key in the$_POST
global) to$last_id
in your redirect URL