Session Variable in Select Statement

Question

On one page i have it to show the user who logged in username which works perfectly fine.

echo "Welcome, ".$_SESSION['username']

I wanna create a Select Statement which uses the same variable as above to pull all data for that user.

Example Username is jsmith@gmail.com

I used this to see if the coding works which it did.

$sql="SELECT * FROM $tbl_name WHERE myusername ='jsmith@gmail.com'";
$result=mysql_query($sql);

But I wanna use the variable; I tried the code below but it didn't work.

$sql="SELECT * FROM $tbl_name WHERE myusername ='$_SESSION['username']'";
$result=mysql_query($sql);

I know for sure it has to do with the SELECT statement using the variable, im not sure if i am relating to the variable correctly.

Help will be greatly appreciated.

you are missing a double quote at the end of the $sql assignment — Orangepill, Jul 08 '13 at 17:16
You are missing your closing double quote - `$sql="SELECT * FROM $tbl_name WHERE myusername ='$_SESSION['username']';` needs to be `$sql="SELECT * FROM $tbl_name WHERE myusername ='$_SESSION['username']'";` — Sean, Jul 08 '13 at 17:16

score 10 · Accepted Answer · answered Jul 08 '13 at 17:18

10

Try using

$sql="SELECT * FROM $tbl_name WHERE myusername ='{$_SESSION['username']}'";

This syntax where you use the variable replacement capacity of PHP in string is much easier to read, at-least when you have to replace multiple variables in a string.

answered Jul 08 '13 at 17:18

bansi

55,591
6
41
52

Cleaner than what I answered. – Matthew Camp Jul 08 '13 at 17:19
Beautiful. I hate messing around with dots and double-quotes. I'll use this syntax for ever more. – Benjamin Nov 07 '17 at 17:04

score 2 · Answer 2 · answered Jul 08 '13 at 17:18

Basic PHP syntax rules: When embedding an array reference in a string, you do NOT use quotes on the keys:

echo "$arr['key']";   // wrong
echo "$arr[key]";     // right
echo "{$arr['key']}"; // right

Note that the {} syntax is REQUIRED if you're embedding a multi-dimensional array:

echo "$arr[foo][bar]";

is parsed as

echo $arr['foo'];
echo '[bar]';

Adding the {} makes PHP use the entire array key sequence:

echo "{$arr['foo']['bar']}";

score 1 · Answer 3 · answered Jul 08 '13 at 17:13

1

Your returning a string of myusername = $_SESSION['username'], when you actually need whats stored in that. Remove the '' and append the variable to the string.

Something like this:

$sql= 'SELECT * FROM $tbl_name WHERE myusername = ' . $_SESSION['username'] . '';

answered Jul 08 '13 at 17:13

Matthew Camp

866
5
9

@andrewsi Yeah, sorry wasn't clear on what I was trying to say. – Matthew Camp Jul 08 '13 at 17:24

score 1 · Answer 4 · edited Jan 08 '18 at 02:04

1

$result = mysql_query("SELECT * FROM tbl_task where username =  '".$_SESSION['username']."' ORDER By DateAssigned ASC ");

edited Jan 08 '18 at 02:04

zx485

28,498
28
50
59

answered Jan 08 '18 at 01:24

Billy Frawl

11
1

There is a SQL injection problem with your answer. See: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Rodrigo5244 Jan 08 '18 at 02:04
While this code may solve the question, [including an explanation](//meta.stackexchange.com/questions/114762/explaining-entirely-code-based-answers) of how and why this solves the problem would really help to improve the quality of your post, and probably result in more up-votes. Remember that you are answering the question for readers in the future, not just the person asking now. Please edit your answer to add explanation, and give an indication of what limitations and assumptions apply. – Makyen Jan 08 '18 at 02:12

Yogaraja C A · Answer 5 · 2021-12-07T06:55:20.310

1

$sql="SELECT * FROM $tbl_name WHERE username ='".$_SESSION['username']."'";
$result=mysqli_query($sql);

Try this ........

100% it will work.

edited Dec 07 '21 at 06:55

answered Oct 09 '20 at 06:21

Yogaraja C A

11
4

Thank you for this code snippet, which might provide some limited, immediate help. A [proper explanation](https://meta.stackexchange.com/q/114762/349538) would greatly improve its long-term value by showing why this is a good solution to the problem and would make it more useful to future readers with other, similar questions. Please [edit] your answer to add some explanation, including the assumptions you’ve made. – jasie Oct 09 '20 at 07:32

score 0 · Answer 6 · answered Jul 08 '13 at 17:20

0

You have not ended your query:-

$sql="SELECT * FROM $tbl_name WHERE myusername ='$_SESSION['username']'; // double quotes missing

Even the Stackoverflow code highlighter shows it.

answered Jul 08 '13 at 17:20

Vivek Sadh

4,230
3
32
49

score 0 · Answer 7 · answered Jul 08 '13 at 17:20

0

`$sql="SELECT * FROM $tbl_name WHERE myusername ='$_SESSION[username]'";

$result=mysql_query($sql);`

Corrected code above.

There will be no quotes for username inside session.

answered Jul 08 '13 at 17:20

Session Variable in Select Statement

7 Answers7