pass a $result from a mysql_query in a url

**Jerry Stuckle** · Nov 12 '08, 03:45 AM

Re: pass a $result from a mysql_query in a url

JRough wrote:

I tried to pass the $result from a mysql_query in a url like this line
Header("Locatio n:clm_historyXL .php?_result=". $result);
>
but on the redirect location clm_history.php page I get an error on
this line:
$result = $_POST['_result'];
>
I need the $result on the clm_historyXL page to print a list to excel
because
of a header already being sent.
>
I could also put the result in a hidden field in a form like this as a
session
variable but I don't know why the above doesn't work in the url?
<input type ="hidden" value=".$result ." name = "_result">
>
>
thanks,

$result is only a resource - in this case, a reference to data still
stored in MySQL. The actual data will be lost when the connection is
closed (i.e at the end of the request).

If you need to pass the data, you need to first fetch the data.
Alternatively, pass information required for the query (NOT the query
itself - a huge security hole!) and re-execute the query on the next
page (the way it is usually done, especially if the result set is large).

And BTW - if you're passing the query parms, doing it in the $_SESSION
array is safer than doing it in either $_GET or $_POST.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**FutureShock** · Nov 12 '08, 04:15 AM

Re: pass a $result from a mysql_query in a url

Jerry Stuckle wrote:

JRough wrote:

>I tried to pass the $result from a mysql_query in a url like this line
>Header("Locati on:clm_historyX L.php?_result=" .$result);
>>
>but on the redirect location clm_history.php page I get an error on
>this line:
>$result = $_POST['_result'];
>>
>I need the $result on the clm_historyXL page to print a list to excel
>because
>of a header already being sent.
>>
>I could also put the result in a hidden field in a form like this as a
>session
>variable but I don't know why the above doesn't work in the url?
><input type ="hidden" value=".$result ." name = "_result">
>>
>>
>thanks,

>
$result is only a resource - in this case, a reference to data still
stored in MySQL. The actual data will be lost when the connection is
closed (i.e at the end of the request).
>
If you need to pass the data, you need to first fetch the data.
Alternatively, pass information required for the query (NOT the query
itself - a huge security hole!) and re-execute the query on the next
page (the way it is usually done, especially if the result set is large).
>
And BTW - if you're passing the query parms, doing it in the $_SESSION
array is safer than doing it in either $_GET or $_POST.
>

Question: if you use a header(location ) call, would the variable be
access with $_GET rather then $_POST?

Scotty

**Erwin Moller** · Nov 12 '08, 12:25 PM

Re: pass a $result from a mysql_query in a url

FutureShock schreef:

Jerry Stuckle wrote:

>JRough wrote:

>>I tried to pass the $result from a mysql_query in a url like this line
>>Header("Locat ion:clm_history XL.php?_result= ".$result);
>>>
>>but on the redirect location clm_history.php page I get an error on
>>this line:
>>$result = $_POST['_result'];
>>>
>>I need the $result on the clm_historyXL page to print a list to excel
>>because
>>of a header already being sent.
>>>
>>I could also put the result in a hidden field in a form like this as a
>>session
>>variable but I don't know why the above doesn't work in the url?
>><input type ="hidden" value=".$result ." name = "_result">
>>>
>>>
>>thanks,

>>
>$result is only a resource - in this case, a reference to data still
>stored in MySQL. The actual data will be lost when the connection is
>closed (i.e at the end of the request).
>>
>If you need to pass the data, you need to first fetch the data.
>Alternativel y, pass information required for the query (NOT the query
>itself - a huge security hole!) and re-execute the query on the next
>page (the way it is usually done, especially if the result set is large).
>>
>And BTW - if you're passing the query parms, doing it in the $_SESSION
>array is safer than doing it in either $_GET or $_POST.
>>

Question: if you use a header(location ) call, would the variable be
access with $_GET rather then $_POST?

yes.

From first script:
header("Locatio n: http://www.example.com/somescript.php? id=23");
exit;

will send that to the browser.
The browser then try to fetch the passed URL, being:

Example Domain

http://www.example.com/somescript.php?id=23

So, somescript.php will get the id via $_GET["id"]

Regards,
Erwin Moller

>
Scotty

--
"There are two ways of constructing a software design: One way is to
make it so simple that there are obviously no deficiencies, and the
other way is to make it so complicated that there are no obvious
deficiencies. The first method is far more difficult."
-- C.A.R. Hoare

**Jerry Stuckle** · Nov 12 '08, 12:45 PM

Re: pass a $result from a mysql_query in a url

FutureShock wrote:

Jerry Stuckle wrote:

>JRough wrote:

>>I tried to pass the $result from a mysql_query in a url like this line
>>Header("Locat ion:clm_history XL.php?_result= ".$result);
>>>
>>but on the redirect location clm_history.php page I get an error on
>>this line:
>>$result = $_POST['_result'];
>>>
>>I need the $result on the clm_historyXL page to print a list to excel
>>because
>>of a header already being sent.
>>>
>>I could also put the result in a hidden field in a form like this as a
>>session
>>variable but I don't know why the above doesn't work in the url?
>><input type ="hidden" value=".$result ." name = "_result">
>>>
>>>
>>thanks,

>>
>$result is only a resource - in this case, a reference to data still
>stored in MySQL. The actual data will be lost when the connection is
>closed (i.e at the end of the request).
>>
>If you need to pass the data, you need to first fetch the data.
>Alternativel y, pass information required for the query (NOT the query
>itself - a huge security hole!) and re-execute the query on the next
>page (the way it is usually done, especially if the result set is large).
>>
>And BTW - if you're passing the query parms, doing it in the $_SESSION
>array is safer than doing it in either $_GET or $_POST.
>>

Question: if you use a header(location ) call, would the variable be
access with $_GET rather then $_POST?
>
Scotty

The variable would be available. But again, it's only a resource id.
Once the MySQL connection has been closed in the first script, the
resource itself has been released.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**FutureShock** · Nov 12 '08, 02:15 PM

Re: pass a $result from a mysql_query in a url

Jerry Stuckle wrote:

FutureShock wrote:

>Jerry Stuckle wrote:

>>JRough wrote:
>>>I tried to pass the $result from a mysql_query in a url like this line
>>>Header("Loca tion:clm_histor yXL.php?_result =".$result);
>>>>
>>>but on the redirect location clm_history.php page I get an error on
>>>this line:
>>>$result = $_POST['_result'];
>>>>
>>>I need the $result on the clm_historyXL page to print a list to excel
>>>because
>>>of a header already being sent.
>>>>
>>>I could also put the result in a hidden field in a form like this as a
>>>session
>>>variable but I don't know why the above doesn't work in the url?
>>><input type ="hidden" value=".$result ." name = "_result">
>>>>
>>>>
>>>thanks,
>>>
>>$result is only a resource - in this case, a reference to data still
>>stored in MySQL. The actual data will be lost when the connection is
>>closed (i.e at the end of the request).
>>>
>>If you need to pass the data, you need to first fetch the data.
>>Alternatively , pass information required for the query (NOT the query
>>itself - a huge security hole!) and re-execute the query on the next
>>page (the way it is usually done, especially if the result set is
>>large).
>>>
>>And BTW - if you're passing the query parms, doing it in the
>>$_SESSION array is safer than doing it in either $_GET or $_POST.
>>>

>Question: if you use a header(location ) call, would the variable be
>access with $_GET rather then $_POST?
>>
>Scotty

>
The variable would be available. But again, it's only a resource id.
Once the MySQL connection has been closed in the first script, the
resource itself has been released.
>

Yeah that part I understood, but probably a mistake I would of made
eventually. :)
Just the $_POST statement did not seem right and was just curious about
using 'location' in the header() call whether it used POST of GET. Now I
am educated in both.
Thanks
Scotty

**JRough** · Nov 12 '08, 06:35 PM

Re: pass a $result from a mysql_query in a url

On Nov 11, 7:32 pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:

JRough wrote:

I tried to pass the $result from a mysql_query in a url like this line
Header("Locatio n:clm_historyXL .php?_result=". $result);

>

but on the redirect location clm_history.php page I get an error on
this line:
$result = $_POST['_result'];

>

I need the $result on the clm_historyXL page to print a list to excel
because
of a header already being sent.

>

I could also put the result in a hidden field in a form like this as a
session
variable but I don't know why the above doesn't work in the url?
<input type ="hidden" value=".$result ." name = "_result">

>

thanks,

>
$result is only a resource - in this case, a reference to data still
stored in MySQL. The actual data will be lost when the connection is
closed (i.e at the end of the request).
>
If you need to pass the data, you need to first fetch the data.
Alternatively, pass information required for the query (NOT the query
itself - a huge security hole!) and re-execute the query on the next
page (the way it is usually done, especially if the result set is large).
>
And BTW - if you're passing the query parms, doing it in the $_SESSION
array is safer than doing it in either $_GET or $_POST.
>
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attgl obal.net
=============== ===

Okay, if it is only an empty resource then it won't work so what I
need is the $result from the query so will this work? It is a button
on an included template.
Can I get the hidden value of the $result this way passed to the xl
page?
thanks,
<form action ="<?=$_SERVE R['PHP_SELF']?>" method=post>
<input type ="hidden" value=".$result ." name = "_result">
<INPUT TYPE = "image" SRC='<?=$SITEUR L."images/excel3.jpg"?>'
VALUE ="Open in Excel" ALT="Open in Excel" NAME="assign"></form>

**JRough** · Nov 12 '08, 06:55 PM

Re: pass a $result from a mysql_query in a url

On Nov 11, 7:32 pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:

JRough wrote:

I tried to pass the $result from a mysql_query in a url like this line
Header("Locatio n:clm_historyXL .php?_result=". $result);

>

but on the redirect location clm_history.php page I get an error on
this line:
$result = $_POST['_result'];

>

I need the $result on the clm_historyXL page to print a list to excel
because
of a header already being sent.

>

I could also put the result in a hidden field in a form like this as a
session
variable but I don't know why the above doesn't work in the url?
<input type ="hidden" value=".$result ." name = "_result">

>

thanks,

>
$result is only a resource - in this case, a reference to data still
stored in MySQL. The actual data will be lost when the connection is
closed (i.e at the end of the request).
>
If you need to pass the data, you need to first fetch the data.
Alternatively, pass information required for the query (NOT the query
itself - a huge security hole!) and re-execute the query on the next
page (the way it is usually done, especially if the result set is large).
>
And BTW - if you're passing the query parms, doing it in the $_SESSION
array is safer than doing it in either $_GET or $_POST.
>
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attgl obal.net
=============== ===

So you are saying that it is less memory intensive to requery the
database than to pass the result of a query?

**Jerry Stuckle** · Nov 12 '08, 07:55 PM

Re: pass a $result from a mysql_query in a url

JRough wrote:

On Nov 11, 7:32 pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:

>JRough wrote:

>>I tried to pass the $result from a mysql_query in a url like this line
>>Header("Locat ion:clm_history XL.php?_result= ".$result);
>>but on the redirect location clm_history.php page I get an error on
>>this line:
>>$result = $_POST['_result'];
>>I need the $result on the clm_historyXL page to print a list to excel
>>because
>>of a header already being sent.
>>I could also put the result in a hidden field in a form like this as a
>>session
>>variable but I don't know why the above doesn't work in the url?
>><input type ="hidden" value=".$result ." name = "_result">
>>thanks,

>$result is only a resource - in this case, a reference to data still
>stored in MySQL. The actual data will be lost when the connection is
>closed (i.e at the end of the request).
>>
>If you need to pass the data, you need to first fetch the data.
>Alternativel y, pass information required for the query (NOT the query
>itself - a huge security hole!) and re-execute the query on the next
>page (the way it is usually done, especially if the result set is large).
>>
>And BTW - if you're passing the query parms, doing it in the $_SESSION
>array is safer than doing it in either $_GET or $_POST.
>>
>--
>============== ====
>Remove the "x" from my email address
>Jerry Stuckle
>JDS Computer Training Corp.
>jstuck...@attg lobal.net
>============== ====

>
Okay, if it is only an empty resource then it won't work so what I
need is the $result from the query so will this work? It is a button
on an included template.
Can I get the hidden value of the $result this way passed to the xl
page?
thanks,
<form action ="<?=$_SERVE R['PHP_SELF']?>" method=post>
<input type ="hidden" value=".$result ." name = "_result">
<INPUT TYPE = "image" SRC='<?=$SITEUR L."images/excel3.jpg"?>'
VALUE ="Open in Excel" ALT="Open in Excel" NAME="assign"></form>

No, you CANNOT PASS A RESULT to another page. It is only a reference to
a resource - and that resource is gone when the database connection is
closed (i.e. mysql_close() or end of your script).

You can pass the data. Or you can pass information about the query.
But you cannot pass a result and expect it to work.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Jerry Stuckle** · Nov 12 '08, 08:05 PM

Re: pass a $result from a mysql_query in a url

JRough wrote:

On Nov 11, 7:32 pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:

>JRough wrote:

>>I tried to pass the $result from a mysql_query in a url like this line
>>Header("Locat ion:clm_history XL.php?_result= ".$result);
>>but on the redirect location clm_history.php page I get an error on
>>this line:
>>$result = $_POST['_result'];
>>I need the $result on the clm_historyXL page to print a list to excel
>>because
>>of a header already being sent.
>>I could also put the result in a hidden field in a form like this as a
>>session
>>variable but I don't know why the above doesn't work in the url?
>><input type ="hidden" value=".$result ." name = "_result">
>>thanks,

>$result is only a resource - in this case, a reference to data still
>stored in MySQL. The actual data will be lost when the connection is
>closed (i.e at the end of the request).
>>
>If you need to pass the data, you need to first fetch the data.
>Alternativel y, pass information required for the query (NOT the query
>itself - a huge security hole!) and re-execute the query on the next
>page (the way it is usually done, especially if the result set is large).
>>
>And BTW - if you're passing the query parms, doing it in the $_SESSION
>array is safer than doing it in either $_GET or $_POST.
>>
>--
>============== ====
>Remove the "x" from my email address
>Jerry Stuckle
>JDS Computer Training Corp.
>jstuck...@attg lobal.net
>============== ====

>
So you are saying that it is less memory intensive to requery the
database than to pass the result of a query?

First of all, don't get into premature optimization. If you have a
problem, then - and only then - is the time to look at optimizing your
code. Rather, code for clarity.

As for which is more "memory intensive" - there is no answer to that.
Passing it in a post variable means the data has to make 2 trips -
server to client, then back to server. If you've got 20 bytes of data,
that isn't bad. But 20MB would be terrible.

Additionally, the data could be modified by a hacker - which may or may
not be a problem for you. But it can happen (to any data coming from
the client).

The $_SESSION superglobal array is much more secure, since it never
leaves the server. But serializing and deserializing large amounts of
data here also can be slow.

Finally, if you do pass the data, one way or another, what's to say the
data hasn't been changed? The user might have gone to get a cup of
coffee, for instance, and then come back and continued. In the
meantime, someone else changed the data he was looking at. So when he
gets to the next page, the data is old.

For these reasons and more, when you're working with a database, it's
often better just to fetch the data on the new page. And if the query
is the same (and follows pretty closely in time), the data is probably
still going to be in the database cache, so retrieval will be quite fast.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

pass a $result from a mysql_query in a url

pass a $result from a mysql_query in a url

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment