Php : Problems getting the current session id or mysqli_insert_id()

Question

Hi everyone I've searched everywhere the answers and nothing's satisfying the code :/

Here's my Database Table :

1   Form_ID int(11)     AUTO_INCREMENT  
2   identifiant varchar(10) 
3   Ch  varchar(6)  
4   Date    date            
5   Unite   varchar(10)     
6   Catsoin varchar(30)         
7   Soin    varchar(30)     
8   Duree   varchar(10)     
9   Debutsoin   time        
10  Finsoin     time

I make injections in my database through php Form, and my Insert works really fine. But for efficiency purpose I need to retrieve the user current Session_id

And that's were in my form I created :' $_SESSION['id']=$_POST['Identifiant'];' The problem with that use is that when a page is reloaded, the Browser creates a New session and loose by then the Session id, so this method doesn't work for me.

And that's where mysqli_insert_id() come into play. In the Database Table I've created the AUTO_INCREMENT attribute Form_ID, which is unique. So I need to use mysqli_insert_id() in order to catch the unique Form_ID that is created in the very moment when a client makes an Insert. That's were I unsuccessfully tried : file : InsertionBD.php

<?php

include('include/connexion.php');

$query = "Insert into `formulaire`";
$id = mysqli_insert_id($connexion);

IF(isset($_POST['UnitList'])... and so on


 ?>

And Tried to re-catch this inserted Id Here. The If(isset()) function reacts to a input type Button, so that when the user click on it creates a reaction in the php server side and that's in this particular situation that I need the mysqli_insert_id()** to work file :** Form.php

session_start();
include('include/config.php');
include('include/connexion.php');
$id=mysqli_insert_id($connexion);

$result = mysqli_query($connexion,"SELECT `identifiant`,`Ch`,`Date` FROM `formulaire` where 
                                    `Form_ID` = '".$id."'
                                     "); 

If(isset($_POST['SelectID']))

    {

        //$_SESSION['id'] = mysqli_insert_id($connexion); -> not working since Session reload
        echo "processing...<br/>";
        echo "ID of last inserted record is: ".mysqli_insert_id($connexion);
        while($row = mysqli_fetch_array($result)) 
        {
                 $Recupid = $row['identifiant'] ;
                $RecupCh = $row['Ch'] ;
                $RecupDate = $row['Date'];
            echo "<br><b>Votre identifiant :</b>". $Recupid. 
                 "<br><b> Le code horaire choisi :</b> ".$RecupCh.
                 "<br><b> La date de la prestation : </b>".$RecupDate. 
                 "<br><b> L'horaire de la prestation : </b>".$debut." <b>à</b> ".$fin ;
            echo "<br>";

        }
    }
 else
     {
        //I used superglobal $_Sessions before this code on this page but I did not show the code to simplify the view but session works fine 
        echo "<b>Your ID :</b>".$_SESSION['id']."<br />";
        echo "<b>Your Code horaire  :</b>".$_SESSION['Code']."<br />";
        echo "<b>Your Date  : </b>".$_SESSION['Date']."<br />";
        echo "<b>Your First Plage horaire :</b>".$_SESSION['Debut']."<br />";
        echo "<b>Your Second Plage horaire :</b>".$_SESSION['Fin']."<br />";
     }

The return value is :

processing... ID of last inserted record is: 0

So I understand is my mysqli_insert_id() function pointing to nothing? How can I take back the specific Form_ID please?

Thank you in advance for the help

in this very moment I'm using " session_id();" but the id always return the same number , even when i close/open the browser ... — Carnangel, Sep 25 '14 at 10:21
would be worth you reading http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — Ian Kenney, Sep 25 '14 at 10:23
Ok I've read it I've got to change into PDO using to make it more secure , thanks for that point ;) — Carnangel, Sep 25 '14 at 10:30
you can just use prepared statements with mysqli (2nd option in the answer) — Ian Kenney, Sep 25 '14 at 10:32
Yes I'll use this one 2.Using MySQLi: $stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); $stmt->bind_param('s', $name); $stmt->execute(); — Carnangel, Sep 25 '14 at 10:34
do you think you could clarify what the two bits of php code are - and how they relate to each other - are they in the same file? — Ian Kenney, Sep 25 '14 at 10:42
So Here are the files: Form.php, sends $_POST info to InsertionBD.php, then a header location resend the user to Form.php to make another insert, but I need to keep user id's when i came back to Form.php to easier user rewrinting in the form — Carnangel, Sep 25 '14 at 11:22

Ian Kenney · Accepted Answer · 2014-09-25T11:30:19.320

from the manual http://php.net/manual/en/mysqli.insert-id.php

The mysqli_insert_id() function returns the ID generated by a query on a table with a column having the AUTO_INCREMENT attribute. If the last query wasn't an INSERT or UPDATE statement or if the modified table does not have a column with the AUTO_INCREMENT attribute, this function will return zero.

the last query you run before using mysqli_insert_id() is a select

$result = mysqli_query($connexion,"SELECT `identifiant`,`Ch`,`Date` FROM `formulaire` where 
                                    `Form_ID` = '".$id."'
                                     ");

so the expect return would be 0

you would need to get the value of mysqli_insert_id() immediately after running you insert.

EDIT

The If(isset()) function reacts to a input type Button, so that when the user click on it creates a reaction in the php server side

Perhaps you could look at adding the id to the form that the input button submits, so that you have access to the value on the page that it posts to ?

Perhaps use a hidden field something like:

<input type="hidden" name="formulaire_id" value="<?php echo $id;?>" />

I understand the point, so I've delete the mysqli_insert_id() before the Select and only let the function after my "Insert into". Now the problem is that the code doesn't even return 0 in "ID of last inserted record is:" it only returns nothing, there is a problem when I try to use the mysqli_insert_id(), I am missing something — Carnangel, Sep 25 '14 at 10:37

score 0 · Answer 2 · answered Sep 25 '14 at 12:07

Oh my G I had to make a simple choice

The real problem was that When a User had insert in Form.php all the datas, he had a choice : To choose to redo another Form insert -> I sent him back to Form.php To end the process because he didn't need to insert anything else -> I send him to the Homepage

The problem is that when you use Sessions, if you redirect the user to the same page, in my case Form.php a new sesison is created and all the datas are then gone. So the solution : I created a second Form2.php and here are the code to reget al the datas needed : Form.php

session_start();

include('include/config.php');
include('include/connexion.php');

$_SESSION['id']=$_POST['Identifiant'];
$_SESSION['Code']=$_POST['CodeHoraire'];
$_SESSION['Date']=$_POST['the_date'];
....
?>

Then The file InsertionBD.php do a basic INSERT INTO...., in this page i redirect with a Header.Location to a redirection page in which the user choose to : Return to Homepage or do Another insertion. If he choose "another insertion" : -> User redirect to Form2.php :

<?php

session_start();



include('include/config.php');
include('include/connexion.php');

echo "Your id: ".$_SESSION['id'];
echo "<br>Your Code: " .$_SESSION['Code'];
echo "<br>Your Date: ".$_SESSION['Date'];

?>

It was a basic (stupid I have to say) story of sessions, my problem indeed was in the conception and not in the technique. I hope it helps other peoples in the situations.

I thank Ian Kenney and Andrew for their concern :)

Php : Problems getting the current session id or mysqli_insert_id()

2 Answers2