0

I've got a profile page that shows a users current account number in an input field. The user can change this account number and submit the form to update the database with their new account number.

What I need to do is get the initial account number, as well as the new submitted account number so I can use them in another script that runs on the same page.

$user = Am_Di::getInstance()->auth->getUser();

$oldnum = $user->accountnumber;
$newnum = $_GET['accountnumber'];

$client2 = $api->findClient( mlApi::LICENSE_ACCOUNT, $oldnum );


$client = array( 'account_no' => $newnum, 'real_demo' => '1', 'comment' => 'test2' );

$api->updateClient( mlApi::LICENSE_ACCOUNT, $client2[_index], $client );
user1659043
  • 75
  • 9
  • What exactly is your problem here? Can you be precise? –  Jun 19 '13 at 05:48
  • 2
    If I have understood the question well, then you should use a hidden type input with value of initial account number. Then even if the use enters the new account number, the initial one will also be available on the submitted page. – Fallen Jun 19 '13 at 05:49

1 Answers1

1

If you want to keep a value saved for future use there is two common ways (could be other ways) of handling it.

  1. Save it in the session
  2. Rendering as a hidden form element in the user form and read it back from the client.

The latter has a 100% security problem because a malicious user can change this id before the next request comes. To demonstrate how 

<input type='hidden' name='account_id' value='<?php echo $account?>' />
<input type='text' name='account_id_text' value='<?php echo $account?>' />

This method use is highly discouraged.

The first method, using the session is the safest mechanism of all.

To utilize that 

 $_SESSION['account_id'] = $account_id;
 //render the view here

I hope this answers your question.

DevZer0
  • 13,433
  • 7
  • 27
  • 51