Posting session data into columns in my Mysql database

Question

I am trying to update columns in my transaction table with data in sessions. I have the session data stored as follows

$session_mem_id = $_SESSION['mem_id'];
$member_data  = member_data($session_mem_id, 'mem_id', 'mem_email', 'mem_password', 'mem_address', 'mem_city', 'mem_postcode', 'mem_county', 'mem_country', 'mem_first_name', 'mem_last_name', 'password_recover', 'allow_email', 'admin', 'mem_tel');

And I use this data to update my table as follows

function createTransaction($member_data){
    // Insert into the transactions table
    $query1 = mysql_query("INSERT INTO `transactions` (mem_id, OrderDate, ship_phone, ship_address, ship_city, ship_county, ship_postcode, ship_country) VALUES('{$_SESSION['mem_id']}', NOW(), '{$member_data['mem_tel']}', '{$member_data['mem_address']}', '{$member_data['mem_city']}', '{$member_data['mem_county']}', '{$member_data['mem_postcode']}', '{$member_data['mem_country']}')") or die(mysql_error());
}

I don't get an error, however the only columns that update on my table are mem_id, orderdate and OrderId as its auto_increment. No data parses that is stored in my $member_data If I var_dump($member_data) I get the following

array(14) { ["mem_id"]=> string(2) "11" ["mem_email"]=> string(26) "j.hfbgb92@gmail.com" ["mem_password"]=> string(8) "password" ["mem_address"]=> string(16) "54 bvcbv drive" ["mem_city"]=> string(9) "Mggbone" ["mem_postcode"]=> string(8) "gb14 4gb" ["mem_county"]=> string(4) "Kent" ["mem_country"]=> string(14) "United Kingdom" ["mem_first_name"]=> string(4) "Bob" ["mem_last_name"]=> string(12) "Smith" ["password_recover"]=> string(1) "0" ["allow_email"]=> string(1) "1" ["admin"]=> string(1) "1" ["mem_tel"]=> string(11) "07900186785" }

My member_data function is function member_data($mem_id) { $data = array(); $mem_id = (int)$mem_id;

$func_num_args = func_num_args();
$func_get_args = func_get_args();

if($func_num_args > 1) {
    unset ($func_get_args[0]);

    $fields = '`' . implode('`, `', $func_get_args) . '`';
    $data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM members WHERE mem_id = '$mem_id'"));

    return $data;
}
}

You shouldn't be using mysql_query. It is deprecated. Have a look at [PHP PDO Objects](http://php.net/manual/en/pdo.prepared-statements.php) — christopher, Mar 13 '13 at 10:44
@ChrisCooney Trouble is I new to PHP and trying to learn, and the tutorials I am piecing together use mysql, so I don't know how to use PDO — jhetheringt7, Mar 13 '13 at 10:45
How does `$member_data` look like? Are you sure it is an array? Can you show it's value? — Ander2, Mar 13 '13 at 10:48
It would be good if we could see the `member_data()` function. — EM-Creations, Mar 13 '13 at 10:53
@user1064811 have you tried to print the value of $member_data inside createTransaction() ..? — alwaysLearn, Mar 13 '13 at 10:56
@user1064811 Now I'm even more confused, where is `createTransaction()` called? — EM-Creations, Mar 13 '13 at 10:57
@user1064811 When you did a `var_dump()` was that from inside the `createTransaction()` function? — EM-Creations, Mar 13 '13 at 11:04
@EM-Creations no it was outside. I've worked out that $member_data isn't parsing data into the function — jhetheringt7, Mar 13 '13 at 11:08
@user1064811 Show us how you're calling the `createTransactio()` function please. — EM-Creations, Mar 13 '13 at 11:16
As @ChrisCooney have said [don't use mysql_* functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) in new code. They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://uk.php.net/manual/en/function.mysql-connect.php)? Learn about [_prepared statements_](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which. — TNK, Mar 13 '13 at 11:31

score 1 · Answer 1 · answered Mar 13 '13 at 10:51

The problem may be that the session hasn't been started.

In which case:

session_start();

Before anything has been output will fix the issue.

Try outputting the contents of $_SESSION['mem_id'];, before storing it in the database to make sure it's set.

Furthermore, please also make sure you escape the variable before storing it in the database.

So your variable assignment should look like this:

$session_mem_id = mysql_real_escape_string($_SESSION['mem_id']);

This is a security precaution against an SQL injection attack.

I hope this helps.

mem_id is set and updates the database with the correct mem_id. Its the values that use $member_data that don't update — jhetheringt7, Mar 13 '13 at 10:56

score 0 · Answer 2 · answered Mar 13 '13 at 11:03

I would try rewriting the query like this:

  $query = sprintf("INSERT INTO `transactions` (mem_id, OrderDate, ship_phone, ship_address, ship_city, ship_county, ship_postcode, ship_country) VALUES('%s','%s','%s','%s','%s','%s','%s','%s')", $_SESSION['mem_id'], NOW(), $member_data['mem_tel'], $member_data['mem_address'], $member_data['mem_city'], $member_data['mem_county'], $member_data['mem_postcode'], $member_data['mem_country']);
  $query1 = mysql_query($query) or die(mysql_error());

You can also insert an echo after line begining with $query and check that your query statement is correct.

Posting session data into columns in my Mysql database

2 Answers2