Hi All
I am kinda new to php… I am entering in the website using student id. If student id does not exist in mysql database, it gives me error. That works fine.
But If I try to echo StudentID on 2nd page, it is not displaying anything. Second problem is I want to display student first and last name using StudentID. But it is not displaying anything using StudentID. Why? I have been trying to solve it, but no success
Following is the code for both problems -

[php]if(!$db_selected)
{
die(“Can not use”.DB_NAME.’:’.mysql_err());
}
@$Stud_ID = $_POST[‘Stud_ID’];
?>

Welcome to Undergraduate Student Main Page

why do you have @ before the variable?

You should check that the $_POST field is defined first (use the isset function).

[php]if(isset($_POST[‘Stud_ID’])) {
// You should do some validation on the ID here as well
$Stud_ID = $_POST[‘Stud_ID’];
} else {
// Do nothing or display an error
// You could also set a default value:
$Stud_ID = 0;
}[/php]

You’re also using a value directly from $_POST without validating or sanitizing it. This leaves you vulnerable to SQL injection. One solution is to use mysql_real_escape_string:

[php]if(isset($_POST[‘Stud_ID’])) {
// You should do some validation on the ID here as well
$Stud_ID = mysql_real_escape_string($_POST[‘Stud_ID’]);
} else {
// Do nothing or display an error
// You could also set a default value:
$Stud_ID = 0;
}[/php]