I am trying to read the id of a user from the database when they log in, and save it to a variable to used in other programs for later. my table for the users is such
addressBookUsers
[
userid int(11) PK AUTO_INCREMENT;
firstName;
LastName;
email
]
with some dummy data
userid username password
1 fred 12ewerefds2
2 al 343ed3fe
this is the code in which i use the username to get the user id and store into a variable
<?php
session_start();
include("dbconnect.php");
$con= new dbconnect();
$con->connect();
//create and issue the query
$id = "SELECT userid FROM addressBookUsers WHERE username = '".$_POST["username"]."'";
$userid = mysql_query($id);
while($row = mysql_fetch_array($userid)) {
$me = $row[0]}
$se=$me;
echo($se)
?>
this returns the correct user id however when i try to call $se in another php file to see if it has saved i dont get a resul
test.php
<?php
include ("userloginses.php");
echo $se;
?>
i am unsure why $se which is a int does not get passed to test.php
any help?
and yes there are some html from stuff not included, but that is not related to the problem at hand
You're doing it wrong. You have sessions so use them:
$_SESSION['se'] = $me;
and then test.php would look like this:
<?php
session_start();
include ("userloginses.php");
echo $_SESSION['se'];
?>
You can refer any PHP variable like this. If you want to use preserved value of PHP variable or even any web language you must save it in to SESSION or COOKIE. In user login case, you should use SESSION variable. In your code start session and instead of $e define $_SESSION['e'] and access it any php script of your directory. Don't forget to start session using session_start() in first line of your each and every php script where you want to access this variable.
Related
I have a Moodle site and i would like to create a mysql trigger using the id of the logged user.
Is it possible to use php to set a custom mysql session variable ( User-Defined Variable).
My goal is to get the id of the logged user and put il in a mysql global variable in order to use that information in a mysql trigger.
Something like: SET #utilisateur = $USER->id;
I was thinking of adding a line of that kind at the end of the file index.php to catch the id of the logged user but i don't know the exact syntax
$query .= "SET #utilisateur = $USER->id;"; doesn't work
Thanks in advance for your help
I build a system in php, i have page name x.php
and in this page i create variable name $accountid and get the acocunt id from the sesstion.
now i have others varibles in php at the same page that calls to functions that in other page called functions.php, and deliver the accountid, the function return info about the account (for example the name of the user..)
is this security breach?
i mean the user can call in ajax to the function with other accountid and then he can get info about other account?
here is the code example:
<?php
include "Includs/Config.php";
if(!isset($_SESSION[get("session_name")])) {
header("Location: index.php");
}
$accountid = getAccountid($_SESSION[get("session_name")]);
$e = getECategorys($accountid);
?>
function getE($accountId){
$query = mysql_query("SELECT * FROM `x` WHERE `accountid` = $accountId");
while($result = mysql_fetch_assoc($query)){
// get the info about the account..
}
}
Yes you are right. User can get information by passing another accountId to that function.
Solution: All you can do is check session variable and passed accountId. You can put condition, If session variable (accountId) is matched with passed accountId to that function then only retrieve data otherwise gives an error.
Second solution is to achieve this thing with class base, setting private member variable of accountId.
Hope this helps.
I'm not sure, it seems you are getting accountId from the $_SESSION so this seems to be safe.
Also, users can't call php functions directly using ajax.
Actually, you shouldn't consider AJAX as something else than a simple HTTP request.
In this chunk of code it was previously designed to use the session_id. I am trying to convert from using the session_id to using a User ID that is retrieved from the database. I'm not sure what I did wrong but the function is not returning the variable. Any suggestions would be appreciated.
protected function get_user_id() {
//previous code used the session id
//#session_start();
//return session_id();
// New code to use User ID instead of session_id
// Connecting to the database
include ("../../../admin/includes/connect.php");
// Let's get the user ID from the database for use with the widget
$user_id_query = "SELECT nonadmin_user_id FROM `nonadmin_user_login` WHERE email = '$_SESSION[email]'";
$run_query = mysqli_query($conn, $user_id_query);
while($row=mysqli_fetch_array($run_query)){
// Create variable for the user's id
$nonadmin_user_id = $row['nonadmin_user_id']; }
return $nonadmin_user_id;
}
// This function needs to use the variable $nonadmin_user_id
protected function get_user_path() {
if ($this->options['user_dirs']) {
return $this->get_user_id().'/';
}
return '';
}
"Fred you're the man! It was the session. I removed the comment out from in front of the session start and now it works perfect. What baffles me on this is I was under the impression that if you start a session in a file and then include other files the included files did not require the session to be started."
The session needs to be started in order for the session array to be recognized and passed successfully in your query.
Plus, session_start(); is required to be resident inside all files using sessions.
http://php.net/manual/en/function.session-start.php
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
im running a php script. I want the php script to send a sql code to my database that updates the current users "ally" when a user enters MYSITE.COM/include/fire.php. But I get this error
Notice: Undefined variable: id in C:\Users\Name\Desktop\Folder\htdocs\include\Fire.php on line 14
Line 14: mysql_query("UPDATE users SET ally='3' WHERE id='{$id}'");
The whole fire.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
session_start();
$verbindung = mysql_connect("localhost","root","Palmen162");
mysql_select_db("lan");
if(isset($_SESSION['id'])) {
// do the following query
}
mysql_query("UPDATE users SET ally='3' WHERE id='{$id}'");
?>
Please help me with this error. Don't give me a link to someone with similar problem. Just help me
declare var $id and assign its value. you should be good.
It seems that variable $id is not defined in the current context. If you mean to use the session id as your users' table id, you need to use the {$_SESSION['id']} in your query instead of {$id}.
i am creating session variables to store data in an array of object. this array is assigned to sessions. I am later sending a get call to different page with an id and want to access the corresponding data from the sessions. however i am getting the data as null. here is my code
page 1:
session_start();
for ($i=0;$i<100;$i++){
$object[$i]->name = $ret_obj[$i]['name'];
$object[$i]->birthday_date = $ret_obj[$i]['birthday_date'];
$_SESSION[$i] = $object[$i];
}
var_dump of session prints the session variable correctly.
Now in the for loop i am making a call to page 2:
page2.php?pid=$i
page 2:
session_start();
$pid = $_GET['pid'];
print_r($_SESSION[$pid]);
print_r($_SESSION);
I am getting value in $_SESSION but not in $_SESSION[$pid]
You should take a look at the following post: Notice: Unknown: Skipping numeric key 1 in Unknown on line 0. To clarify, try adding a character prefix instead of just using numbers.
If your code supplied here is all of it, then you are saying:
$p13nid = $_GET['pid'];
Rather than:
$pid = $_GET['pid'];
Which would make it work for you.