This is my script when any registed user click on checkbox then he insert tbl1 table and we set a cookie and run events after 36 minute event will run and insert data in to another table called tbl2 my code is

<form action="course01.php" method="POST">
<input type="checkbox" name="chk1" value="701" />I am agree with the course terms and condition<br/>

<input type="submit" name="submit" value="enrolment"/>

</form>
</body>
</html>

<?php
include("config.php");
session_start();
$user=$_SESSION['sess_user'];
$checkbox1=$_POST['chk1'];
if ($_POST["submit"]=="enrolment")
{
$result = mysql_query("SELECT id,name,url FROM tbl0 WHERE id = '".$checkbox1."'");
if (!$result) {
    echo 'Could not run query: ' . mysql_error();
    exit;
}
$row = mysql_fetch_row($result);

echo $row[0]; 
echo $row[1]; // the email value
echo $row[2];

setcookie('joytestcookie','".$user."',time()+3600);
setcookie('joytestcookie2','".$row[1]."',time()+3600);
$query= "INSERT INTO tbl1 (course_id,course_name,course_url,username,entry_date) values ('".$row[0]."','".$row[1]."','".$row[2]."','".$user."',localtime())";

mysql_query($query) or die (mysql_error());

$insertquery="CREATE EVENT $_cookie['joytestcookie2']
    ON SCHEDULE  AT CURRENT_TIMESTAMP + INTERVAL 3 MINUTE
    DO
      BEGIN
       insert into tbl2 (username,course_name) select username,couse_name from course_entry where name='".$_COOKIE['joytestcookie']."';
        delete from tbl1 where name ='".$_COOKIE['joytestcookie']."';
              END";

 mysql_query($insertquery) or die (mysql_error());
echo "Record is inserted";
header("Location: z.php");  

}

?>

tbl0 is another , i find the event on mysql cookie also set on the client computer but problem is insert and delete is not work.

Hi,

the cookie will be available in the next page request, not in the current, so you cannot use setcookie and $_COOKIE in the same instance to get the brand new cookie:

Once the cookies have been set, they can be accessed on the next page load with the $_COOKIE or $HTTP_COOKIE_VARS arrays

In your case:

  1. use directly $user and $row[1]
  2. use prepared statements and avoid the MySQL API: http://php.net/manual/en/mysqlinfo.api.choosing.php

Currently, even by generating the insert query in the next page, a user could alterate the cookie to inject your query, so it is dangerous.