im running a php script. I want the php script to send a sql code to my database that updates the current users "ally" when a user enters MYSITE.COM/include/fire.php. But I get this error
Notice: Undefined variable: id in C:\Users\Name\Desktop\Folder\htdocs\include\Fire.php on line 14
Line 14: mysql_query("UPDATE users SET ally='3' WHERE id='{$id}'");
The whole fire.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
session_start();
$verbindung = mysql_connect("localhost","root","Palmen162");
mysql_select_db("lan");
if(isset($_SESSION['id'])) {
// do the following query
}
mysql_query("UPDATE users SET ally='3' WHERE id='{$id}'");
?>
Please help me with this error. Don't give me a link to someone with similar problem. Just help me
declare var $id and assign its value. you should be good.
It seems that variable $id is not defined in the current context. If you mean to use the session id as your users' table id, you need to use the {$_SESSION['id']} in your query instead of {$id}.
Related
I build a system in php, i have page name x.php
and in this page i create variable name $accountid and get the acocunt id from the sesstion.
now i have others varibles in php at the same page that calls to functions that in other page called functions.php, and deliver the accountid, the function return info about the account (for example the name of the user..)
is this security breach?
i mean the user can call in ajax to the function with other accountid and then he can get info about other account?
here is the code example:
<?php
include "Includs/Config.php";
if(!isset($_SESSION[get("session_name")])) {
header("Location: index.php");
}
$accountid = getAccountid($_SESSION[get("session_name")]);
$e = getECategorys($accountid);
?>
function getE($accountId){
$query = mysql_query("SELECT * FROM `x` WHERE `accountid` = $accountId");
while($result = mysql_fetch_assoc($query)){
// get the info about the account..
}
}
Yes you are right. User can get information by passing another accountId to that function.
Solution: All you can do is check session variable and passed accountId. You can put condition, If session variable (accountId) is matched with passed accountId to that function then only retrieve data otherwise gives an error.
Second solution is to achieve this thing with class base, setting private member variable of accountId.
Hope this helps.
I'm not sure, it seems you are getting accountId from the $_SESSION so this seems to be safe.
Also, users can't call php functions directly using ajax.
Actually, you shouldn't consider AJAX as something else than a simple HTTP request.
In this chunk of code it was previously designed to use the session_id. I am trying to convert from using the session_id to using a User ID that is retrieved from the database. I'm not sure what I did wrong but the function is not returning the variable. Any suggestions would be appreciated.
protected function get_user_id() {
//previous code used the session id
//#session_start();
//return session_id();
// New code to use User ID instead of session_id
// Connecting to the database
include ("../../../admin/includes/connect.php");
// Let's get the user ID from the database for use with the widget
$user_id_query = "SELECT nonadmin_user_id FROM `nonadmin_user_login` WHERE email = '$_SESSION[email]'";
$run_query = mysqli_query($conn, $user_id_query);
while($row=mysqli_fetch_array($run_query)){
// Create variable for the user's id
$nonadmin_user_id = $row['nonadmin_user_id']; }
return $nonadmin_user_id;
}
// This function needs to use the variable $nonadmin_user_id
protected function get_user_path() {
if ($this->options['user_dirs']) {
return $this->get_user_id().'/';
}
return '';
}
"Fred you're the man! It was the session. I removed the comment out from in front of the session start and now it works perfect. What baffles me on this is I was under the impression that if you start a session in a file and then include other files the included files did not require the session to be started."
The session needs to be started in order for the session array to be recognized and passed successfully in your query.
Plus, session_start(); is required to be resident inside all files using sessions.
http://php.net/manual/en/function.session-start.php
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
I am trying to read the id of a user from the database when they log in, and save it to a variable to used in other programs for later. my table for the users is such
addressBookUsers
[
userid int(11) PK AUTO_INCREMENT;
firstName;
LastName;
email
]
with some dummy data
userid username password
1 fred 12ewerefds2
2 al 343ed3fe
this is the code in which i use the username to get the user id and store into a variable
<?php
session_start();
include("dbconnect.php");
$con= new dbconnect();
$con->connect();
//create and issue the query
$id = "SELECT userid FROM addressBookUsers WHERE username = '".$_POST["username"]."'";
$userid = mysql_query($id);
while($row = mysql_fetch_array($userid)) {
$me = $row[0]}
$se=$me;
echo($se)
?>
this returns the correct user id however when i try to call $se in another php file to see if it has saved i dont get a resul
test.php
<?php
include ("userloginses.php");
echo $se;
?>
i am unsure why $se which is a int does not get passed to test.php
any help?
and yes there are some html from stuff not included, but that is not related to the problem at hand
You're doing it wrong. You have sessions so use them:
$_SESSION['se'] = $me;
and then test.php would look like this:
<?php
session_start();
include ("userloginses.php");
echo $_SESSION['se'];
?>
You can refer any PHP variable like this. If you want to use preserved value of PHP variable or even any web language you must save it in to SESSION or COOKIE. In user login case, you should use SESSION variable. In your code start session and instead of $e define $_SESSION['e'] and access it any php script of your directory. Don't forget to start session using session_start() in first line of your each and every php script where you want to access this variable.
i am creating session variables to store data in an array of object. this array is assigned to sessions. I am later sending a get call to different page with an id and want to access the corresponding data from the sessions. however i am getting the data as null. here is my code
page 1:
session_start();
for ($i=0;$i<100;$i++){
$object[$i]->name = $ret_obj[$i]['name'];
$object[$i]->birthday_date = $ret_obj[$i]['birthday_date'];
$_SESSION[$i] = $object[$i];
}
var_dump of session prints the session variable correctly.
Now in the for loop i am making a call to page 2:
page2.php?pid=$i
page 2:
session_start();
$pid = $_GET['pid'];
print_r($_SESSION[$pid]);
print_r($_SESSION);
I am getting value in $_SESSION but not in $_SESSION[$pid]
You should take a look at the following post: Notice: Unknown: Skipping numeric key 1 in Unknown on line 0. To clarify, try adding a character prefix instead of just using numbers.
If your code supplied here is all of it, then you are saying:
$p13nid = $_GET['pid'];
Rather than:
$pid = $_GET['pid'];
Which would make it work for you.
can someone please help, i am trying to get the column 'privellages' (i know its spelt wrong) to update in my table 'ptb_permissions' when a link is clicked.
basically i've done this before for loads of other things and its worked fine its just this not working for some reason.
users are notified in their inbox when a user sends a request to view their pictures. and the user will have two links one to approve or one to delete the request.
if they click approve then this should update the enum colum 'privellages' from 0 to 1.
this is not working. im not getting any errors im just not getting anything happening. please can someone show me where im going wrong thanks.
Yes this is ok
contents of approve_priv_pix.php;
<?php
require_once("session.php");
require_once("functions.php");
require('_config/connection.php');
approve_pix ($_GET['picture'], $_SESSION['user_id']);
header("Location: {$_SERVER['HTTP_REFERER']}");
?>
mysql function:
function approve_pix($picture, $user) {
global $connection;
global $_SESSION;
$query = "UPDATE ptb_permissions
SET privellages='1'
WHERE id=$picture
AND to_user_id=$user";
mysql_query($query, $connection);
}
$_GET['picture'] should be $_GET['pix']
Also double check your privellages column enum values.
Yes this is ok
Here you have pix as a key, but in approve_priv_pix.php you are taking picture id from $_GET['picture']. Suppose it should be replaced with $_GET['pix']
Also, not sure why do you have <?php echo $pix['user_id']; ?> in link code. Possibly it should be something like <?php echo $pix['picture_id']; ?>
Additionally, you code is opened to sql injections. Here:
$query = "UPDATE ptb_permissions
SET privellages='1'
WHERE id=$picture
AND to_user_id=$user";
Instead of that you should better do:
$query = "UPDATE ptb_permissions
SET privellages='1'
WHERE id=" .mysql_real_escape_string($picture) . "
AND to_user_id=" .mysql_real_escape_string($user);
More details about mysql_real_escape_string. Take a look at warning message on top of that page. mysql extension is deprecated and will be remove soon. For new projects you should better use PDO or MySQLi extensions.
Another note: global $_SESSION; is not needed at all. It is accessible form any place in PHP by default.
im not getting any errors im just not getting anything happening
To see all errors you should set error_reporting to E_ALL (in your ini file or directly in code). With this option enabled you would see all notices/warnings/errors.