Assuming that your row id's are unique then just save it as a session variable and use it for your SQL update. Keep in mind that session data goes away after a while.

JAG

I appologize for not undertandfing completely. Ive been reading about session ids and have somewhat of an understanding of it. How exactly would i add it as a variable? If you can give me a bar bones example of what ur talking about i will pick up on int

The usual way to do what you want is is to store the first page data
in the session without saving it to the DB then save all of the data
when the second page is submitted. Here is a minimal example:

Page1.php

<?php
session_start();
$_SESSION['name'] = $_GET['name'];

page2.php

<?php
session_start();
$name = $_SESSION['name'];
$age = $_GET['age'];
print "name: $page1, age: $age";

I think you ask how to put that db id into session:

$sql = "INSERT INTO table (firstname, lastname, ...
mysql_query($sql) or die("SQL: $sql<br />".mysql_error());

$_SESSION['last_insert_id'] = mysql_insert_id [de.php.net]();

then on 2nd form update:
$data1 = mysql_real_escape_string($_POST['data1']);//filter the code before putting it into the db!
$sql = "UPDATE table SET data1='$data1' WHERE id='".(int)$_SESSION['last_insert_id']."'";

(int)$variable will project the variable to integer values only, otherwise will output 0.
So 1 -> 1, 29real -> 29, '198' -> 0 (because first is a quote)
and as there is no row 0, then it will work fine - no row will be updated.

Hope this helps
Regards

Michal

Michael,

It seemed to work great with my test pages. I wanted to know how to include more than 1 variable in the code below

$LastName = mysql_real_escape_string($_POST['LastName']);

$sql = "UPDATE $table SET LastName='$LastName' WHERE id='".(int)$_SESSION['last_insert_id']."'";

We have 6 or 7 different variables to update with. Currently the only 1 is LastName. Would i be able to do something like this?
(FirstName='$FirstName'),(LastName='$LastName')

$FirstName = mysql_real_escape_string($_POST['FirstName']);
$LastName= mysql_real_escape_string($_POST['LastName']);

$sql = "UPDATE mapp SET (FirstName='$FirstName'),(LastName='$LastName') WHERE id='".(int)$_SESSION['last_insert_id']."'";

UPDATE [dev.mysql.com] is a bit different.

$sql = "UPDATE mapp SET FirstName='$FirstName', LastName='$LastName' WHERE id='".(int)$_SESSION['last_insert_id']."'";

Glad it helped
Michal

Worked like a charm. Thanks!

Question though,

I it setup to use sessions, but for some reason the session id is not in the URL. Im assuming its using cookies...Is there a way to specify or hardcode whether it uses cookies or URL

I it setup to use sessions, but for some reason the session id is not in the URL. Im assuming its using cookies...Is there a way to specify or hardcode whether it uses cookies or URL

I'm not sure that you can specify a session to be a GET. But if you don't allow a write to the session directory it is supposed to change to a GET automatically.

BTW - The session data is stored in a file on the server and the session id is really just a cookie assigned to the user.

JAG

True, but is there a way to set it up so that the session id is displayed in the URL?

Anybody, is there a way to set it up so that the session id is displayed in the URL?

You can look into use_trans_sid [us2.php.net]:

URL based session management has additional security risks compared to cookie based session management. Users may send a URL that contains an active session ID to their friends by email or users may save a URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.

Isn't there a way to control a time-out of sessions, for example after lets say after 5 min or so?

As in cookie_lifetime [us2.php.net] or gc_maxlifetime [us2.php.net]?

or you can time them out manually in your auth check function/script

store a timestamp in the session and calculate time since last refresh
and then what eelix posted can take care of them after.