A.Mitchell1004 A.Mitchell1004 -4 years ago 61
PHP Question

How to store a return result from an SQL statement in a PHP session variable

I was here yesterday with the same issue, but I have changed the code slightly. I am trying to fetch the user id of a user as they log in and store it as a session variable. I don't know what I'm doing wrong though, as when I try pass this session variable into another SQL INSERT statement in a different php file, it does not work. If I pass a local variable to the INSERT statement it works and inserts all values into my database. When I try pass the session variable, it does not work.

This is my login file where I declare the session variable:

<?php
session_start();

$db =mysqli_connect("localhost", "root", "", "project_website1");

if(isset($_POST['Login_Btn'])) {


$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);

$id_retrieve = mysqli_query("SELECT user_id FROM userdetails WHERE email='$email'");
$retrieved_id = mysqli_fetch_row($id_retrieve);


$password = md5($password);// Decrypt hash of password stored in database

$mySQLQuery = "SELECT * FROM userdetails WHERE email='$email' AND password='$password'";
$resultOfQuery = mysqli_query($db, $mySQLQuery);

if (mysqli_num_rows($resultOfQuery) == 1) {
$_SESSION['user_id'] = $retrieved_id[0];
header("location: User_Home_Page.html");
}else{
$_SESSION['message'] = "Login Fail";
header("location: User_Login.html");

}

}
?>


This is the file where I then try insert this session variable:

<?php
session_start();
$db =mysqli_connect("localhost", "root", "", "project_website1");
if(isset($_POST['upload_btn'])){


$user_id = $_SESSION[ 'user_id' ];
$taskTitle = mysql_real_escape_string($_POST['tasktitle']);
$taskDescription = mysql_real_escape_string($_POST['TaskDescription']);

$file = rand(1000,100000)."-".$_FILES['file_document']['name'];
$file_loc = $_FILES['file_document']['tmp_name'];
$file_size = $_FILES['file_document']['size'];
$file_type = $_FILES['file_document']['type'];
$folder="uploads/";

move_uploaded_file($file_loc,$folder.$file);

$numPages = mysql_real_escape_string($_POST['number_of_pages']);
$numWords = mysql_real_escape_string($_POST['number_of_words']);
$deadlineClaim = mysql_real_escape_string($_POST['deadline_claim']);
$deadlineComplete = mysql_real_escape_string($_POST['deadline_complete']);

$sql = "INSERT INTO task(user_id, title, description, file, file_type, file_size, pg_num, num_words, deadline_claim, deadline_completion) VALUES( '$user_id', '$taskTitle', '$taskDescription', '$file', '$file_type', '$file_size', '$numPages', '$numWords', '$deadlineClaim', '$deadlineComplete')";
mysqli_query($db, $sql);
header("location: User_Home_Page.html");

}

?>


If someone could provide a solution I would really appreciate it.

Answer Source

First you don't need 2 query because you need a query where you get user_id based on data where user must login.

So in this query first u check for email and password to match that user and if this match u will get more that 0 based on mysqli_num_rows.

When u check this and this works you use mysqli_fetch_array so you can use a data from it however you want.

You can remove error_reporting, ini_set, var_dump if its all ok, this is just for testing and to give you error if exists

Here is your code:

<?php

// turn on error reporting
error_reporting(1);
ini_set('error_reporting', E_ALL);

// start session
session_start();

// debug session
var_dump($_SESSION);

// database connection
$db = mysqli_connect("localhost", "root", "", "project_website1");

if(isset($_POST['Login_Btn']))
{

    $email = mysql_real_escape_string($_POST['email']);
    $password = mysql_real_escape_string($_POST['password']);

    // Decrypt hash of password stored in database
    $password = md5($password);

    // get all data from userdetails table
    $mySQLQuery = "SELECT * FROM userdetails WHERE email='$email' AND password='$password'";
    $resultOfQuery = mysqli_query($db, $mySQLQuery);

    // if query return more that 0 rows
    if (mysqli_num_rows($resultOfQuery) > 0)
    {
        // fetch data
        $uid = mysqli_fetch_array($resultOfQuery);

        $_SESSION['user_id'] = $uid['user_id'];
        header("location: User_Home_Page.html");
        exit();
    }
    else
    {          
        $_SESSION['message'] = "Login Fail";
        header("location: User_Login.html");
        exit();
    }

}

?>

EDIT : Don't use md5 its not secure use password_hash() and password_verify() to make yours password safe.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download