How to post values to loginchk_coustomer.php given in below code, not through Url by any other way. Is there any other way to post these value to loginchk_coustomer.php becoz it is not secure.
<?php
include "include/connect.php";
$user_name = $_REQUEST['user_name'];
$password = $_REQUEST['password'];
//echo "select * from school_info where school_id='$user_name' and school_password='$password'";
$sql_query = mysql_fetch_assoc(mysql_query("select * from school_info where school_id='$user_name' and school_password='$password'"));
$db_username = $sql_query['db_username'];
$db_password = $sql_query['db_password'];
$db_databasename = $sql_query['db_databasename'];
echo "<script>";
echo "self.location='member/loginchk_customer.php?db_username=$db_username&db_password=$db_password&db_databasename=$db_databasename&user_name=$user_name&password=$password'"; // Comment this line if you don't want to redirect
echo "</script>";
?>
You need to create a session to store all that information.
Here's what they are - from http://php.net/manual/en/features.sessions.php:
Session support in PHP consists of a way to preserve certain data across subsequent accesses.
To start a session write at the beginning of your code:
session_start(); // needed in all pages that will use the variables below
and then after your assign the information this way:
$_SESSION['username'] = $sql_query['db_username'];
$_SESSION['password'] = $sql_query['db_password'];
$_SESSION['databasename'] = $sql_query['db_databasename'];
All the information will persist on those variables along the site until you do:
session_destroy();
I also recommend you not to redirect with javascript, but this way in PHP:
header('Location: member/loginchk_customer.php');
Possibly after checking this answer you will think about to change the way you check the login information. But that's okay. It's the way of learning.
More information about sessions: http://php.net/manual/en/book.session.php
I hope this helps.