How to get the session name in PHP?

Question

I'm making a carpooling website with PHP mysql. Members have an account with their name and others contact details in one table and they can offer numerous travels (time, adress) that go into an other table.

When passengers are looking for travels I want that they can see the time and the address of the travel but also the name of the driver. So I though to get the name of the first table to put in the second table, without the driver has to write their name every time they add a travel.

But I don't know how to get the name. I though something like the code below (the page that recover the datas writen in the form) but it doesn't work. It will be the same when drivers want to modify their travel, I want to show only the travel where the name equals the session name.

Can you help me please?

<?php session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
<title>Covoiturage</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" media="screen" />
</head>
<body>
<div id="conteneur">


<?php
// Connexion à la base de données
try
{
    $bdd = new PDO('mysql:host=localhost;dbname=Covoit', 'root', '');
}
catch(Exception $e)
{
    die('Erreur : '.$e->getMessage());
}

if (isset($_SESSION['name']))
{

}
else
{header('Location: covoit.php');}


// Insertion
$req = $bdd->prepare('INSERT INTO Trajet (jour, heuredep, mindep, heureret, minret, commentaire)VALUES(?, ?, ?, ?, ?, ?)');
$req->execute(array(
                    $_POST['jour'],
                    $_POST['heuredep'],
                    $_POST['mindep'],
                    $_POST['heureret'],
                    $_POST['minret'],
                    $_POST['commentaire']));


$bdd->exec('UPDATE Trajet SET name = \'echo $_SESSION[\'name\'];\'');

$bdd->exec('UPDATE Trajet SET adresse = SELECT name FROM Conducteur WHERE name = $_SESSION[\'name\']');

header('Location: annoncer_merci.php');

?>


</div>
</body>
</html>`

Given that you have `'UPDATE Trajet SET name = \'echo $_SESSION[\'name\'];\''` in your code, I think this is a possible duplicate of [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Álvaro González, Dec 30 '13 at 17:47
You do know that this query: `UPDATE Trajet SET name = <>` updates every row in your `Trajet` table, don't you? — O. Jones, Dec 30 '13 at 17:50
Hum... So after what you said, would it be better to do something like : $req = $bdd->prepare("INSERT INTO Trajet (name, jour, heuredep, mindep, heureret, minret, commentaire)VALUES(".$_SESSION['name']",?, ?, ?, ?, ?, ?)"); But that doesn't work. Thank you ! — Myotis, Jan 01 '14 at 15:48

score 1 · Accepted Answer · answered Dec 30 '13 at 17:49

1

Rewrite your

$bdd->exec('UPDATE Trajet SET name = \'echo $_SESSION[\'name\'];\'');

to

$bdd->exec("UPDATE Trajet SET name = ".$_SESSION['name']);

answered Dec 30 '13 at 17:49

Shankar Narayana Damodaran

68,075
43
96
126

score 0 · Answer 2 · answered Dec 30 '13 at 17:50

0

you should have:

$bdd->exec("UPDATE Trajet SET name = ".$_SESSION['name']);

not:

$bdd->exec('UPDATE Trajet SET name = \'echo $_SESSION[\'name\'];\'');

answered Dec 30 '13 at 17:50

Orville Patterson

524
4
20

How to get the session name in PHP?

2 Answers2