more session fun

gw-action.php

@@ -1,12 +1,12 @@
 <?php
 session_start();
 $playerid = $_SESSION['playerid'];
-$toonid = $_POST['playerid'];
+//$toonid = $_POST['playerid'];
 $action = $_POST['gwaction'];
 echo'<TITLE>Redirecting ...</TITLE>';
 if ($action == 1){ //insert dropped items data
 	echo '<BODY onload="document.record.submit()">';
-	echo '<FORM METHOD="POST" ACTION="gw-location.php" NAME="record"><INPUT TYPE="HIDDEN" NAME="playerid" VALUE="'. $toonid . '"><INPUT TYPE="SUBMIT" ID="clkRecord"></FORM></BODY>';
+	echo '<FORM METHOD="POST" ACTION="gw-location.php" NAME="record"><INPUT TYPE="HIDDEN" NAME="playerid" VALUE="'. $playerid . '"><INPUT TYPE="SUBMIT" ID="clkRecord"></FORM></BODY>';
 } else if ($action == 2){ //view history of dropped items
 	echo '<BODY onload="document.insert.submit()">';
 	echo '<FORM METHOD="POST" ACTION="gw-pull.php" NAME="insert"><INPUT TYPE="HIDDEN" NAME="cnameid" VALUE="' . $playerid . '"><INPUT TYPE="SUBMIT" ID="clkInsert"></FORM></BODY>';

gw-pull.php

@@ -1,9 +1,11 @@
 <TITLE>Treasure Data</TITLE>
 <BODY>
 <?php
+session_start();
 include_once 'gw-connect.php';
 $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
-$cnameid = mysqli_real_escape_string($con, $_POST['cnameid']); //need to sanitize & validate this input somehow
+//$cnameid = mysqli_real_escape_string($con, $_POST['cnameid']); //need to sanitize & validate this input somehow
+$cnameid = $_SESSION['playerid'];
 if ($con->connect_errno > 0){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');
 }