As a MySQL and PHP beginner and a total novice in both programming languages im reaching our for advice and support in the issues i currently face.
Is it possible, and secure to select information from a database table based on an unknown variable value from a form process.
For example a user comes to our website and fills in some basic details to obtain a free estimation on a specific service before submitting the form to be presented with the estimation page containing the price relevant to there specifications, However on occasion we all know users are more than happy to enter (Fake or Wrong) information to prevent being spammed by companies although many of us do not do that it still does not make our end users think any different.
i want to insert the form variables to the database on submit and on the estimation page i want to be able to select the specific variables from the database relevant to the displayed fields for the estimation page.
As this is a simple form process without any signup or login required what would be the best way to select the required information stored in the row specific to that user?
My initial thoughts was to use the session id and store it to a variable and select the row from the current session id for example:
$sessionid = session_id();
$query = mysql_query("SELECT fullname FROM contacts
WHERE session_id='". mysql_real_escape_string( $sessionid )");
The reason i ask this is the fact we are basically working with unknown values so we would not be able to use a prepared id value to select from such as SELECT FROM WHERE id = 10
Could someone suggest a better or more secure way to do this or even better so maybe an alternative way to specifically determine the row i need to select that is relevant to that user.
My other suggestion was to use a unique randomly generated hash or number that can be stored in the users cookies and retrieve the data the query needs based on the cookie value?
I Appreciate any help, advice and input on this as a total novice and after looking at several videos and tutorials for beginners they all seem to use already known values for there tutorials and don't really cover a problem as such as mine.
Thank You.