Skip to content

How to use the auto increment ID from Mysqli table to show on html pages?

I want the auto increment ID from mysqli table to show my users their ID number when they join on welcome page. I have tried mysqli_insert_id and several other methods, both OOP and Procedural. I have my function file on a seperate folder than the welcome page. Can anyone help me with a solve. Thanks. Below is the last thing I tried but it did not work.

//functions.inc.php

function createUserWaitlist($conn, $name, $email, $phoneNumber, $refer){
    $sql = "INSERT INTO waitlist (usersName, usersEmail, usersPhone, usersRefer) VALUES (?,?,?,?);";
    if (mysqli_query($conn, $sql)) {
    $last_id = mysqli_insert_id($conn);
    }
    $stmt = mysqli_stmt_init($conn);
    if(!mysqli_stmt_prepare($stmt, $sql)){
        header("location: ../waitlistRegister.html?error=failedtoregister");
        exit();
    }
    // $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);

    mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $phoneNumber, $refer);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_close($stmt);
    header("location: ../regResponse.php?name=".$_POST['name']."&userID=".$_POST[$last_id]."");
    exit();
}

//welcome page

<div class="response">
    <h2>Thank you, <?php echo $_GET['name']; ?> for joining the waitlist!
    </h2>
    <h2>Your membership ID is : <?php echo $_GET['userID']; ?></h2>
</div>
<div class="link">
        <h2>Here is your referral link: 
            http://localhost/tap-network/waitlistRegister.php?refer=<?php echo $_GET['name']; ?>
        </h2>
    </div>

//waitlist.inc.php

<?php

if(isset($_POST["submit"])){
    $name = $_POST["name"];
    $email = $_POST["email"];
    $phoneNumber = $_POST["phoneNumber"];
    $refer = $_POST['refer'];

    require_once 'dbh.inc.php';
    require_once 'functions.inc.php';

    if(emptyInputWaitlist($name, $email, $phoneNumber) !== false){
        
        header("location: ../waitlistRegister.php?error=emptyinput");
        exit();
    }

    if(invalidEmail($email) !== false){
        header("location: ../waitlistRegister.php?error=invalidemail");
        exit();
    }

    if(emailExists($conn, $email) !== false){
        header("location: ../waitlistRegister.php?error=emailtaken");
        exit();
    }

    createUserWaitlist($conn, $name, $email, $phoneNumber, $refer);
    
   

} else {
    header("location: ../waitlistRegister.php?error=tryagain");
    exit();
}

Advertisement

Answer

  1. Never output values from $_GET or $_POST (which may be tampered with by a malicious user) in a page without prior sanitization. You’re opening op the doors for Cross Site Scripting (XSS). The least you can do is use htmlspecialchars() around it.

  2. Change $_POST[$last_id] (this is looking for the ID as a key in the $_POST global) to $last_id in your redirect URL

User contributions licensed under: CC BY-SA
8 People found this is helpful