How to display $wpdb->insert_id; value on redirected page

  • I have created two pages Checkout Page & Payment Page.

    On Checkout Page I added following code:

    <?php

  if(isset($_POST['submit_now'])) {
        global $wpdb;
$wpdb->insert( 
    'wp9c_treetweet', 
    array( 
        'name' => $_POST['aname'], 
        'roll' => $_POST['aroll']
    ), 
    array( 
        '%s', 
        '%d'
    ) 
);
$lastid = $wpdb->insert_id;
wp_redirect( home_url( '/payment/' ) );
exit;
}
?>

<?php get_header(); ?>

<form action="" method="POST" id="addcourse">
<label>Student Name:<input type="text" name="aname" size="30"></label>
<label>Roll:<input type="text" name="aroll" size="30"></label>
<input type="hidden" name="insert" value="<?php echo $_SESSION[$lastid]; ?>">

<input type="submit" name="submit_now" id="addcoursesubmit" value="Submit">
</form>

    And on Payment Page I have added following code:

    <?php echo $_SESSION['aname']; ?>
<?php echo $_SESSION['aroll']; ?>
<?php echo $_SESSION['insert']; ?>

    After subbmiting the form the values of Name and Roll is getting displayed on the Payment page but the value of ‘insert’ i.e. $wpdb->insert_id; is not getting displayed.

    Plz help me out with a solution. Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator bcworkz

    (@bcworkz)

    I’m surprised you are getting anything on the payment page!

    Whatever is going on to allow what you do have probably should not be relied on. Explicitly manage your data and all should be well. On every request, first make a call to session_start(). This goes both for checkout and payment pages. Explicitly assign values to elements of $_SESSION.
    $_SESSION['insert'] = $lastid;
    I recommend you do so for every value you want available later, even if it seems to be working without doing so.

    You also need to validate and sanitize any value coming from user input that you want to save in the DB. Failure to do so will open up your site to SQL injection attacks. That would be really bad.

    Thread Starter Mineshrai

    (@mineshrai)

    @bcworkz

    Thanks for ur answer. It works.

    I have already started the session in functions.php file. Hence the other values where displaying on payment page.

    Moderator bcworkz

    (@bcworkz)

    You’re welcome. No session_start() on the payment page then? That’s curious. It’s normally required with every request. It sounds like your PHP might be configured a bit differently than the norm. There are a few “magic” methods where things happen without explicit code to do so. This might be one of them. Or another plugin has already called it so you don’t need to.

    If it’s all working for you without, then fine, it doesn’t matter. If you wish your code to be more robust where it’ll work on any server, every request needs to call session_start().

    Thread Starter Mineshrai

    (@mineshrai)

    @bcworkz

    I am using the following code in functions.php. plz tell me is there some thing wrong.

    function register_start_session() {
	if( !session_id() ) {
	session_start();
	if( isset( $_POST['aname'] ) ) {
        $_SESSION['aname'] = $_POST['aname'];	
	}
	if( isset( $_POST['aroll'] ) ) {
        $_SESSION['aroll'] = $_POST['aroll'];	
	}
	if( isset( $_POST['insert'] ) ) {
        $_SESSION['insert'] = $_POST['insert'];	
	}
    }	
}

function register_end_session() {
	session_destroy();
}

add_action( 'init', 'register_start_session', 1 );
add_action( 'wp_logout', 'register_end_session' );

    Thanks

    Moderator bcworkz

    (@bcworkz)

    Looks OK for the most part! You should perhaps assign $_SESSION = array(); before calling session_destroy(). The values in $_SESSION are otherwise still available in the current thread even though the session is destroyed. Of course the values would not be available in subsequent requests. It may not matter if they are available in the current thread, but if it does, destroying the session does not prevent access.

    It’s common to run values in $_POST through stripslashes() and to validate and sanitize the data before using it. You do not necessarily need to do so immediately, as long as it is done before storing or outputting values. IMO it’s good to do so immediately so it does not get overlooked later.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘How to display $wpdb->insert_id; value on redirected page’ is closed to new replies.

Tags