-2

im new in php and sql please help me find away to insert a username into sql when click the logout.

heres my code:

 <?php

include('includes/mysql_connect.php');

if(isset($_POST['submit'])){

$query = mysql_query("select users from username where username = '".$_SESSION['username']."'");
mysql_query($query);

$insert_log="INSERT INTO activity_logout(username, details) VALUES('$query','Succesfully Logout!')";
mysql_query($insert_log);

}

session_start();
session_destroy();
header("location:index.php");

?>
John Conde
  • 217,595
  • 99
  • 455
  • 496
user1650576
  • 1
  • 4
  • So, what happens when you run your code? Does it do nothing? The wrong thing? Give you an error message? What is the code supposed to do? What does it actually do? Do your SQL queries get generated correctly? Do they run correctly? – andrewsi Jul 11 '14 at 16:13
  • I hope you dont allow usernames like `1' or '1'='1`, though I suspect your query's wont INSERT them anyways ;p – Lawrence Cherone Jul 11 '14 at 16:14
  • it doesnt insert the username of the client when i click the logout button. – user1650576 Jul 11 '14 at 16:15

2 Answers2

1

You don't need to do the SELECT because you already have the username, and you should be checking for the $_SESSION['username'] not if a Submit button is set.

And your open to SQL injection for usernames that are actually SQL query's, or at minimum a username with a ' in it will break your query.

<?php
session_start();
include('includes/mysql_connect.php');

if(!empty($_SESSION['username'])){
    mysql_query('INSERT INTO activity_logout 
                        (username, details) 

                 VALUES ("'.mysql_real_escape_string($_SESSION['username']).'", 
                         "Succesfully Logout!")');
}

session_destroy();
exit(header("location: ./index.php"));
?>

Obligatory suggestion, Don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Community
  • 1
  • 1
Lawrence Cherone
  • 46,049
  • 7
  • 62
  • 106
  • THANKS ALOT MATE! THANK THANK YOU! IT PERFECTLY WORKS! – user1650576 Jul 11 '14 at 16:29
  • IF I CAN ONLY GIVE YOU A +1 REP! I NEED +15 REP TO GIVE YOU 1. :( – user1650576 Jul 11 '14 at 16:31
  • no probs, no need to shout ;p just accept it with the tick, if it has helped. – Lawrence Cherone Jul 11 '14 at 16:32
  • @LozCheroneツ - would you mind not using shortened URLs? I've unshortened these same URLs a number of times now... – Michael Kohne Jul 13 '14 at 02:01
  • This is whats wrong with the PHP tag, because its so popular you write answer's and your lucky if you even get an upvote more like a downvote, then the next day you get some spelling or now link nazi making changes. But in the C tag your write a lame answer and get upvoted 30 times. – Lawrence Cherone Jul 13 '14 at 08:26
  • 1
    @MichaelKohne may i ask why not shortened URLs ? AFAIK its perfectly fine but if its not would you mind either show us related meta post or just stop editing it(may be you can if you have got time :P) – NullPoiиteя Jul 13 '14 at 08:51
  • @NullPoiиteя - There have been several discussions on Meta about this (including [this](http://meta.stackexchange.com/questions/64450/ban-url-shortening-services) one). Short URLs are more likely to break in the future (Yahoo turned theirs off not long ago), and they prevent the clicking user from seeing where they are going. They are not necessary in SO (there's no length limit) so they have lots of negative with effectively no positive. – Michael Kohne Jul 13 '14 at 13:22
  • @MichaelKohne I understand your point now, wish you originally made it ekk, ill fix my copy&paste notice for the future posts. Though its too long by 71 characters for a comment now, so ill keep the original for comments, and long version for answers ;p – Lawrence Cherone Jul 13 '14 at 16:45
-1

Try this,

<?php

include('includes/mysql_connect.php');

if(isset($_POST['submit'])){

$insert_log="INSERT INTO activity_logout(username, details) VALUES($_SESSION['username'],'Succesfully Logout!')";
mysql_query($insert_log);


}
  session_destroy();
  header("location:index.php");

?>

Please use 

session_start();

at the start, after your "login" code. Also, you should use some common file which will handle your includes files. Please refer enter link description here

Priyanka
  • 553
  • 2
  • 6
  • 13