Getting Several Variables Into A Session

PHP
1

Hi All, I’ve had a look around but not sure if Im doing this all wrong. I am grabbing several id’s from the database and using a href link to submit them and update them.
I don’t want the individual ID’s displayed so figured I create a session ID for each and pull the ID’s out on the other side. I’ve used a loop to amend $loop to serviceID for each variable value and try to pull it out on the otherside.

Any help or pointers would be great

Steve

**** Create Session Variable ****
$sessionLoop=0;
$query = “SELECT serviceName, serviceID FROM tblServices WHERE clientID='”.$_SESSION[‘clientID’].“'”;
$result = mysql_query($query,$db);
while($row = mysql_fetch_array($result))
{
$sessionLoop++;
$serviceName = $row[serviceName];
$serviceID = $row[serviceID];
foreach($userData as $key => $value)
$_SESSION[$key] = $value;
$_SESSION[‘serviceID$sessionLoop’] = $serviceID;

          echo("$serviceID<a href='/clientAdmin/booking_wizard2.php?sessionLoop=$sessionLoop'>Edit</a><br>");
	}

**** Pull Session variable Out ****
if($sessionLoop!=“”)
{
echo $_SESSION[‘serviceID$sessionLoop’];
$query = “UPDATE tblServices SET serviceName=‘’ WHERE clientID='”.$_SESSION[‘clientID’].“’ AND serviceID='”.$_SESSION[‘serviceID$sessionLoop’].“'”;
mysql_query($query,$db);
}
echo $query;

2

So…out of confusion how does using a “$sessionLoop” number versus a User ID make it any more secure? When obviously, the ability to edit is listed on the page why would I care if Fred’s ID is 5? What power do I gain by knowing Fred’s ID? Once you answer those questions you can drop the complex mess and go back to something simple.

3

Yeh your right they are already logged in under there own client ID so why would they want to sabotage there own system!

Cheers