How can session id find current user id

Question

I maybe don't know what im talking about, but I will give it a try.

I want this code to update this http://prntscr.com/4t9a4u value to 3 for the user who enters "mysite.com/earth.php". Not for somebody else. Just for the user who enters this page. So I want this code to read what id the user have and then update the current users "ally" value from -1 to 3 in the database. Do you know how? Ask me if you want me to explain more.

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

session_start();

$verbindung = mysql_connect("localhost","root","****");
mysql_select_db("lan");

// setting up value in session
$_SESSION['id'] = $id; //or $id your variable 

if(isset($_SESSION['id'])) {
    mysql_query("UPDATE users SET ally='3' WHERE id='".$_SESSION['id']."'");
}
?>

Sidenote: please change your database password, since it's on the web now (in another revision). — Caramiriel, Oct 05 '14 at 13:42

score 0 · Answer 1 · answered Oct 05 '14 at 13:37

0

This depends on your authentication setup. When logging in the user, the user ID should be stored in a session and then it can be retrieved as you show in your code snippet.

It appears you have not set $id in the following line:

$_SESSION['id'] = $id;

This needs to be set when logging in the user.

Side Note: You should really look into parameterized queries so as to avoid SQL injection.

answered Oct 05 '14 at 13:37

CaveSpider

83
1
7

How do I do that then? is it any good tutorial or can you just explain? thanks – Emrik Oct 05 '14 at 13:42
Parameterized queries have nothing to do with your original question, but are highly recommended to increase security. Here is a place for more info: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – CaveSpider Oct 05 '14 at 15:22

How can session id find current user id

1 Answers1