Get external variable value and play in an input [duplicate]

0

I have an image upload, which has a variable called $nome_atual , where the file path is saved.

I need to get this value and play on input on another page. Is it possible?

PART OF THE UPLOAD.PHP FILE

 /* se enviar a foto, insere o nome da foto no banco de dados */
            if(move_uploaded_file($tmp,$pasta.$nome_atual)){
                mysql_query("INSERT INTO fotos (foto) VALUES (".$nome_atual.")");
                echo "<img src='fotos/".$nome_atual."' id='previsualizar' class='img-responsive'>"; //imprime a foto na tela
                echo "'http://audiosonic.com.br/novo/fotos/".$nome_atual."'";
            }else{
                echo "Falha ao enviar";
            }
        }else{
            echo "A imagem deve ser de no máximo 1MB";
        }
    }else{
        echo "Somente são aceitos arquivos do tipo Imagem";
    }
}else{
    echo "Selecione uma imagem";
    exit;
}
    
asked by anonymous 16.06.2017 / 06:05

1 answer

0

As the author of the question said that he does not have the time to explore and the right way, wants something simple and did not give enough information for a better answer, I will give a generic solution.

While this solution will not bring any security or performance risk to your application, I do not recommend that you use it for organizational purposes. In the future, if you do not do things as it is recommended that they be done, it will be almost impossible to maintain your code.

A second problem with using the method below is that if the user is having cookies disabled, there is a real chance that your application will not work as expected. But since people who disable cookies are a minority and given the reasons above, come on.

Initial Considerations

Your code in a vulnerability called SQL Injection and is using a discontinued PHP function, all there in the line where it does INSERT.

As is another matter, I will not address here. I just say it should be fixed before putting the system into production, otherwise you will have a headache.

Let's go

At the beginning of your upload.php and matricula.php files, right after opening the PHP tag, start the sessions and leave it as follows:

<?php

    session_start();

Now we are able to use the global super variable $_SESSION . The variable $_SESSION is a array . You should store your data in it in array format, never directly. Here's an example:

<?php

    session_start();

    #certo
    $_SESSION['imageUrl'] = 'Aqui você pode colocar qualquer coisa'

    #errado
    $_SESSION = 'Essa é a maneira errada de usar sessions';

The magic behind sessions is that other than a common variable, be it superglobal or not, it will always be available, even on other pages of your application, even after the user gives F5 or even close the tab and come back later (closing the browser tab is different from closing the browser).

This magic works in a logical way, after all, there is no magic. For purposes of unconsciousness, I will explain how this happens.

Brief explanation of how sessions work in PHP

When you start a session with the command session_start() , PHP by default creates a file (this can be changed if desired) and this file will be given a random name. Within this file, PHP stores a string with all the information stored in the $_SESSION variable, so when reloading the page, it goes behind that file and brings the data back into it. For this to work, it creates a cookie in the visitor's browser and this cookie stores the session ID, so if the visitor has cookies disabled it will not work. With Session ID, PHP does not generate another ID, it simply goes behind the session data already in place for that ID.

Of course this is a very basic explanation and does not address everything that could be addressed. Like I said, it's worth researching on the subject. Including, sessions are an almost obligatory feature for systems that require the user to log in.

Solution to the case

<?php

session_start();

/* se enviar a foto, insere o nome da foto no banco de dados */
            if (move_uploaded_file($tmp, $pasta . $nome_atual)) {
                $_SESSION['imageUrl'] = $pasta . $nome_atual;
                mysql_query("INSERT INTO fotos (foto) VALUES (".$nome_atual.")");
                echo "<img src='fotos/".$nome_atual."' id='previsualizar' class='img-responsive'>"; //imprime a foto na tela
                echo "'http://audiosonic.com.br/novo/fotos/".$nome_atual."'";
            } else {
                echo "Falha ao enviar";
            }
        } else {
            echo "A imagem deve ser de no máximo 1MB";
        }
    } else {
        echo "Somente são aceitos arquivos do tipo Imagem";
    }
} else {
    echo "Selecione uma imagem";
    exit;
}

On the page matricula.php, just use the variable as follows, where appropriate:

<?php

    session_start();

    echo "O caminho da imagem é {$_SESSION['imageUrl']}";

Remembering that you do not have to put this path in an input. If it is not mandatory for the client to see the path, you can leave it only in the $ _SESSION variable and use it only in PHP to register.

Tip: Always use the PHP documentation, there they have tips on using all the features of the language, including tips on sessions .

    
16.06.2017 / 21:01