Add variable to db_query function call sql statement

[thall89553]

This may be a bit tricky to explain but I'll do my best. I have ONE forum which is located at www.1stautorepair.com/forum.

I am going to have hundreds of other website all connecting into this forum and based upon a shopid variable the header will display differently For example look at these:

http://www.1stautorepair.com/forum/index.php?shop=1

http://www.1stautorepair.com/forum/index.php?shop=2

http://www.1stautorepair.com/forum/index.php?shop=3

You will see each shop (1,2,3) will show a different header with distinct urls and banner, etc.

So what is the problem then? Well this is fine for getting into the forum, but on every subsequent link on the forum they all use index.php  Without passing a variable I get an error.

Ideally what I would like is a set up someone enters the forum at say shop=3  I would like a session variable set for 3 and then in my db2_query set it according to that session variable. Now I have it set up as such:

Code Select Expand


$shopid = $_GET['shop'];
$sql_row = mysql_fetch_array(db2_query("SELECT * from Directory where id = ".$shopid, __FILE__, __LINE__));


[Elmacik]

I am not sure but your query may allow SQL injections to your database which may harm your data and system.

About your question; I am not really experienced with sessions  much.

[Rudolf]

Welll then set up a SESSION variable
Something like

Code Select Expand


        //making sure the $shop variable is legit
$shop = 1;
if (isset($_SESSION['shop']))
$shop = (int) $_SESSION['shop'];
if (isset($_REQUEST['shop']))
$_SESSION['shop'] = $shop = (int) $_REQUEST['shop'];
...

$sql_row = mysql_fetch_array(db2_query("SELECT * from Directory where id = ".$shopid, __FILE__, __LINE__));


It might seem complicated but it's quite simple. It's 100% foolproof and there's no way for an SQL injection.
The code will set and use the SESSION variable, if it's not set, or use the existing one. New links overwrite the old SESSION value.
The query is safe. The only bad thing that can happen is an empty recordset.

[thall89553]

Thanks, the question for me becomes WHERE to put this code. In my forum there are a few index pages, one under the forum directory, one under templates, one under the specific templates, etc. I have put my 2nd db connection in the file called index.template.php themes/default directory. It catches the incoming variable the first time the forum is loaded but then as I go from page to page I need to retain that shop id for that sql statement. Another alternative would be to initialize several session ids for such things as address and contact informaton for each shop. Again I am going to have "n" number of sites connecting to this one forum. Once someone comes from a shop (such as 22 or 34 55) the top part of the forum will retain their banner, their address, and most importantly the nav bar will have links pointing back to their shop id.

[Rudolf]

I'm not sure the structure of your site, but the most logical part would be to put the variable init code in the index file of the forum [somwhere in the smf_main() function] setting as a global variable [using the $context array], then call the query anywhere you need to (in the Sources files) using that variable.

You could have a table with the information on the different shops, and get it using the ID of the shop. So you would only need the shopid as a session variable.