fetch id from session and store into a different table

Question

I have made a user login-logout form using sessions. The code that i am using for session is

retailer_login_session.php

<?php
$connection = mysqli_connect("as.com", "as", "as");
$db = mysqli_select_db("as", $connection);
session_start();
$user_check=$_SESSION['login_user'];

$ses_sql=mysqli_query("select * from retailer_signup where id='$user_check'", $connection);

$row = mysqli_fetch_assoc($ses_sql);

$login_session =$row['id'];
$user_firstname = $row['firstname'];
$user_lastname = $row['lastname'];

if(!isset($login_session)){
mysqli_close($connection); 
header('Location: index.html'); 
}
?>

Eg of able for retailer_signup is

id  firstname    lastname    email                password
1   f.retailer   l.retailer  retailer@gmail.com   retailer

the home page of the user needs to display a list of items from a table named retailer_add_property. Along with the list i wish to display the id of the retailer on the users' home page and further save it to the database

Eg of table for retailer_add_property is

id  propertyname  propertytype  retailerid
1   n.property    t.property

Code that i have used to display id on the user's profile page is

<div class="form-group">
    <label class="col-lg-3 control-label">Retailer Unique ID:</label>
        <? echo $login_session;?>
</div>

The php code that helps in inserting the values of form in the database at back end is

<?php
include('retailer_login_session.php');

$con=mysqli_connect("ab.com","ab","ab","ab");
// Check connection
if (mysqli_connect_errno()) 
    {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

// escape variables for security
$propertyname = mysqli_real_escape_string($con, $_POST['propertyname']);
$propertytype = mysqli_real_escape_string($con, $_POST['propertytype']);

$sql="INSERT INTO retailer_add_property(propertyname,propertytype,retailerid) VALUES ('$propertyname','$propertytype','$login_session')";

if (!mysqli_query($con,$sql)) 
    {
        die('Error: ' . mysqli_error($con));
    }

header("Location: index.html");
mysqli_close($con);
?>

My problem is that the value of the id is neither getting displayed nor being stored in the database. Would appreciate some help regarding the problem

In retailer_login_session.php, "session_start();" in the first line. — fortune, Sep 25 '14 at 18:13
Please, [don't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). *They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation)*. See the [red box](http://uk.php.net/manual/en/function.mysql-connect.php)? Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). [This article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which. — Jay Blanchard, Sep 25 '14 at 18:16
@fortune i have started the session after the database connection in the third line — , Sep 25 '14 at 18:16
By the way, you're mixing mysql_* functions with mysqli_* ones. You don't have headers (for session_start(), connecting to the database, ecc). You are not using prepared statements. You are escaping the input (using mysqli_real_escape_string) which is fine and protects against SQL injections, but you're vulnerable to all other kinds of attacks (XSS to name one). — ItalyPaleAle, Sep 25 '14 at 18:17
http://stackoverflow.com/questions/6914275/php-session-start-with-include-files — fortune, Sep 25 '14 at 18:18
Your code structure's off. As already stated, you're mixing MySQL APIs. First you connect using `mysql_*` functions in your `retailer_login_session.php` file, then you're doing an include `include('retailer_login_session.php');` with `mysqli_*` functions including DB connections. You will need to use a single DB connection and using `mysqli_*` functions *exclusively*. Given the answer below, if you've tried it and it failed, ask yourself why. — Funk Forty Niner, Sep 25 '14 at 18:28
thanks for your suggestions, would definitely look in all the points mentioned above.. but right now i wish to learn to carry id from session — , Sep 25 '14 at 18:29
You're welcome. However, DB connection may be lost in having `mysqli_close($connection);` inside both files like that. Plus, DB connection may be fighting for one or another. I suggest you use only a single DB connection, and close the connection in the included file and not your first one. This could be a contributing factor. Add error reporting to the top of your file(s) right after your opening ` — Funk Forty Niner, Sep 25 '14 at 18:38
I think what you need to do is to loop through the results like this: `while($row = mysqli_fetch_assoc($ses_sql)){ $login_session =$row['id']; $user_firstname = $row['firstname']; $user_lastname = $row['lastname']; }` — Funk Forty Niner, Sep 25 '14 at 18:45

score 1 · Answer 1 · answered Sep 25 '14 at 18:16

1

save that id in session

$login_session =$row['id'];

store in session

$_SESSION['login_session'] =$row['id'];

AND INSERT IT LIKE THAT

$sql="INSERT INTO retailer_add_property(propertyname,propertytype,retailerid) VALUES ('$propertyname','$propertytype','".$_SESSION['login_session']."')";

and dont forget to start session on every page where you wish to use session variables

answered Sep 25 '14 at 18:16

Dinesh

4,066
5
21
35

did you start session where you inserting id, just start session on that page top.... – Dinesh Sep 25 '14 at 18:29
@user3774056 Try using Dinesh's answer, but by switching `$_SESSION['login_session'] =$row['id'];` with `$_SESSION['login_session'] =$login_session;` which is what I had in mind earlier. Then using `('$propertyname','$propertytype','".$login_session."')` – Funk Forty Niner Sep 25 '14 at 18:57
Ok @user3774056 I'll see what I can do for you later on if Dinesh hasn't fixed it before. I'm working on a job right now. – Funk Forty Niner Sep 25 '14 at 19:26

score 0 · Answer 2 · answered Sep 26 '14 at 01:05

Firstly, you will need to omit include('retailer_login_session.php'); from your second body of code and use a standard include for only the DB if you really want to do an include.

In your first body of code $user_check=$_SESSION['login_user']; is empty because nothing has been assigned to $_SESSION['login_user'] so it's just sitting there in limbo.

I take it that you want to use a form for someone to log into.

You first need to assign a POST variable from an input, then assign that to a session variable, then use that session variable and assign that to a variable; I know it may sound a bit confusing, but that's how it's done.

You then need to loop over your table using a while loop and assign a variable to the row you wish to use.

Base yourself on the following model, and see the comments throughout the code. I'm here to teach you and not spoonfeed you with code, it's a good way to "learn".

File 1)

<?php 
session_start();

$DB_HOST = "xxx"; // replace with yours
$DB_NAME = "xxx"; // ...
$DB_USER = "xxx"; // ...
$DB_PASS = "xxx"; // ...

$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
  die('Connection failed [' . $conn->connect_error . ']');
}

// $_POST['propertyname'] = 12345; // for testing purposes only
$var = $_POST['propertyname'];
$_SESSION['login_user'] = $var;
$user_check= $_SESSION['login_user'];

$ses_sql=mysqli_query($conn,"select * from your_table where column_name='$user_check'");

    while($row = mysqli_fetch_assoc($ses_sql)){

    $login_session = $row['column_name']; // this matches the WHERE clause
    $user_firstname = $row['firstname'];
    $user_lastname = $row['lastname'];

    echo $login_session; // for testing purposes
    }

if(isset($_SESSION['login_user'])){
    echo $user_check; // will echo from entered POST

$login_session = $user_check;
    echo "<br>";
    echo $login_session; // will echo same from entered POST. Test
}

// var_dump($_SESSION); // tool to check what is in memory for session

File 2)

<?php 
session_start();

$DB_HOST = "xxx"; // replace with yours
$DB_NAME = "xxx"; // ...
$DB_USER = "xxx"; // ...
$DB_PASS = "xxx"; // ...

$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
  die('Connection failed [' . $conn->connect_error . ']');
}

if(isset($_SESSION['login_user'])){

$login_session = $_SESSION['login_user'];
echo $login_session;  // for testing purposes

$sql="INSERT INTO your_table (the_column) VALUES ('$login_session')"; // keep $login_session

if (!mysqli_query($conn,$sql)) 
    {
        die('Error: ' . mysqli_error($conn));
    }

}

// var_dump($_SESSION); // tool to check what is in memory for session

Sidenote:

These lines of code are incorrect, just so you know, which are in the first body of code.

$db = mysqli_select_db("as", $connection);
$ses_sql=mysqli_query("select * from retailer_signup where id='$user_check'", $connection);

DB connection comes first when using mysqli_

For example:

$db = mysqli_select_db($connection,"as");
$ses_sql=mysqli_query($connection,"select * from retailer_signup where id='$user_check'");

For a safer method: (read up on those, they're worth it).

Use mysqli_ with prepared statements, or PDO with prepared statements.

If you have any problems, use error reporting.

Placing this at the top of every file:

error_reporting(E_ALL);
ini_set('display_errors', 1);

as well as or die(mysqli_error($conn)) to mysqli_query()

It will help in troubleshooting/debugging.

fetch id from session and store into a different table

2 Answers2

File 1)

File 2)