Click here to Skip to main content
15,606,032 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hello Everyone! I am new and my english is bad thus also a student learning to code for my project.
I have a problem and I don't know how to get a variable from different php page. Ty guys

The code of form:

<h3>Sell Your Item</h3>
<form method='post' action='createitem.php'>
    <label>Product Name:</label>
    <input type='text' name='productname' class='form-control' required>
    <label>Product Type:</label>
    <select class="form-select" aria-label="Default select example" name='producttype' required>
        <option selected>Open this select menu</option>
        <option value="Makeup tools">Makeup tools</option>
        <option value="Makeup">Makeup</option>
        <option value="Trending clothes">Trending clothes</option>
        <option value="Woman">Women</option>
        <option value="Men">Men</option>
        <option value="Kids">Kids</option>
        <option value="Shoes">Shoes</option>
        <option value="Bags">Bags</option>
        <option value="Kitchen wares">Kitchen wares</option>
        <option value="Home appliances">Home appliances</option>
        <option value="Hello kitty items">Hello kitty items</option>
        <option value="Skincare">Skincare</option>
    <label>Product Description:</label>
    <textarea class="form-control" name="productdescription" rows="5"></textarea>
    <label>Product Price:</label>
    <input type='number' name='productprice' class='form-control' required>
    <label>Product Image:</label>
    <input type='text' name='productimg' class='form-control' placeholder="Please enter a valid image url" required>
    <input type='submit' class='btn btn-primary' name='add' id='add' value='Sell Item'>

Here is where form is inserted to sqli tables:


    include 'dbconnection.php';
			header("Location: login.php"); 
    $productname = $_POST['productname'];
    $producttype = $_POST['producttype'];
    $productdescription = $_POST['productdescription'];
	$productprice = $_POST['productprice'];
	$productimage = $_POST['productimg'];

    $query = "INSERT INTO products (productname,producttype,productdescription,productprice,productimg) VALUES

And here is where I want to insert the id:

    include "dbconnection.php";
    $query = "SELECT * FROM products where productid = 32'"; // the number 32 is the placeholder for the inserting value
    $result = mysqli_query($conn, $query);
    $checkproducts = mysqli_num_rows($result) > 0;
        while($row = mysqli_fetch_array($result)){

What I have tried:

I have tried some methods like last insert and I can't seem to make it work or maybe I
just don't really know. Sorry for inconvinience.
Richard Deeming 7-Feb-22 6:02am    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900