how to get the user id and store it into the database

Question

i'm new to php and trying to upload a file and store the current logged in user id in the database with the file uploaded , that's my upload file form :

<?php 
error_reporting(E_ALL ^ E_NOTICE);
session_start();
?>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1"
cellspacing="1" class="box">
<tr>
<td>please select a file</td></tr>
<tr>
<td>
<input type="hidden" name="MAX_FILE_SIZE"
value="16000000">
<input name="pdf" type="file" id="pdf" accept="application/pdf"> 
</td>
<td width="80"><input name="upload"
type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
</body>
</html>
<?php
if(isset($_POST['upload'])&&$_FILES['pdf']['size']>0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName  = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$filePath = $_FILES['userfile']['path'];
$fileType = $_FILES['userfile']['type'];
$fileType=(get_magic_quotes_gpc()==0 ? mysql_real_escape_string(
$_FILES['userfile']['type']) : mysql_real_escape_string(
stripslashes ($_FILES['userfile'])));
$fp      = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if(!get_magic_quotes_gpc())
{
    $fileName = addslashes($fileName);
}
$con = mysql_connect('localhost', 'root', '') or die(mysql_error());
$db = mysql_select_db('workflow', $con);
if($db){
$query = "INSERT INTO upload (name, size, type, path  ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')";
mysql_query($query) or die('Error, query failed'); 
mysql_close();
echo "<br>File $fileName uploaded<br>";
}else { echo "file upload failed"; }
} 
?>

and that is my login form :

<?php 
error_reporting(E_ALL ^ E_NOTICE);
session_start(); 
?>
<!DOCTYPE html>
<html>
<head>
  <title>LOGIN FORM</title>
</head>
<body>
<?php 
$form= "<form action='login.php' method='post'>
  <table>
    <tr>
      <td>username :</td>
      <td><input type='text' name='user'/></td>
    </tr>
    <tr>
      <td>Password :</td>
      <td><input type='password' name='password'/></td>
    </tr>
    <tr>
      <td></td>
      <td><input type='submit' name='loginbtn' value='login' /></td>
    </tr>
  </table>
</form>";
if ($_POST['loginbtn']) {
  $user = $_POST['user'];
  $password = $_POST['password'];
  if ($user) {
    if ($password) {
      require ("connect1.php");
      $password= md5(md5("jdhbjdbj".$password."jdh645fdj"));
      $query = mysql_query("SELECT * FROM users WHERE username='$user'");
      $numrows = mysql_num_rows($query);
      if ($numrows == 1) {
        $row = mysql_fetch_assoc($query);
        $dbid=$row['id'];
        $dbuser=$row['username'];
        $dbpass=$row['password'];
        $dbactive=$row['active'];
        if ($password == $dbpass) {
          if ($dbactive == 1) {
            $_SESSION['userid'] = $dbid;
            $_SESSION['username'] = $dbuser;

            echo "you have been logged in as <b>$dbuser</b>. <a href='insert1.php' >Click here</a> to go to the insertion page ";

          }
          else echo "you must activate your account to login .$form";
        }
        else echo "You didn't enter a password . $form";
      }
      else echo "the user name u entered wasn't found . $form";;
      mysql_close();
    }
    else echo "You must enter your password .$form";
  }
  else echo "You must enter your username .$form";
}
else echo $form;

?>
</body>
</html>

i want to get the current user id and store it with the file i upload her can any one help ???

when user loged-in to your system, where you store his details? in session or something else? — Alive to die - Anant, Feb 07 '16 at 11:29
Does the upload work?Shoudnt this `$_FILES['userfile']['name']` be `$_FILES['pdf']['name']` and so on? — Mihai, Feb 07 '16 at 11:31
It's not about open the session, wen a user logged-in to your system try to save some of his record in session like logged-in user id, name etc. and then you can use it anywhere you want. Also you need to destroy your session in logout. — Alive to die - Anant, Feb 07 '16 at 11:32
@MohamedElbiheiry, just get user id from `$_SESSION['user_id']` - the key may be different and must be specified beforehand — RomanPerekhrest, Feb 07 '16 at 11:36
Add `user_id` to your `upload` table and store user_id there. — u_mulder, Feb 07 '16 at 11:37
@RomanPerekhrest u mean that i add this line : $userID= $_SESSION ['user_id'] after adding the $file type ???????? — Mohamed Elbiheiry, Feb 07 '16 at 11:39
@u_mulder like that $userID= $_SESSION ['user_id'] after $filetype ??? — Mohamed Elbiheiry, Feb 07 '16 at 11:40

AersolKing · Accepted Answer · 2016-02-07T11:46:34.010

2

You need to add another column into your upload DB, eg userid, if you haven't already and simply call it like:

$query = "INSERT INTO upload (name, size, type, path, userid  ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath', '".$_SESSION['userid']."')";

$_SESSION['userid'] <= userid needs to be changed to whatever the key is called that holds the Users ID. Don't forget to call session_start();

edited Feb 07 '16 at 11:46

answered Feb 07 '16 at 11:40

AersolKing

71
5

it gives an error when i right this $_SESSION['userid'] and the error is : expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) – Mohamed Elbiheiry Feb 07 '16 at 11:43
Try that edit, make sure you're calling session_start(); at the top and the userid does in fact hold the user id. If it hasn't been set it won't be available to use. – AersolKing Feb 07 '16 at 11:47
i tried what u say and it upload the file but the id is still given as 0 and it should be 2 – Mohamed Elbiheiry Feb 07 '16 at 11:50
If you dump $_SESSION['userid'] whats the result? Is that 2 as expected? Try doing it on the input form just after you start the session – AersolKing Feb 07 '16 at 11:54
sorry where shall i put it i'm new and don't get it very well – Mohamed Elbiheiry Feb 07 '16 at 11:56
whenever you wish to use $_SESSION you must initiate session_start(); on the page you wish to call or store $_SESSION variables. Just above your UPLOAD form HTML add Like on your login page you can see its called at the top. – AersolKing Feb 07 '16 at 11:57
i already added it when u say first and it's on the top but it still didn't make any change – Mohamed Elbiheiry Feb 07 '16 at 11:59
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/102828/discussion-between-aersolking-and-mohamed-elbiheiry). – AersolKing Feb 07 '16 at 12:02

score 0 · Answer 2 · edited May 23 '17 at 12:31

Well here are some steps and suggestion for you to follow: Suggestions first:

Use mysqli_query instead of mysql_query: Why mysqli?
mysql_real_escape_string() extension was deprecated .Read this for help.
Always maintain a separate file for Database Connection and keep it out of public_directory for making it little hard for hackers to get access.How to do it?

Now as you "want to get the current user id and store it with the file": To achieve this I would do something like this:

First at the time of logging store the user ID in session. How ?

Store the file in the file system :

if ( move_uploaded_file($_FILES['userfile']["tmp_name"],"Filesystem/here/$_FILES['userfile']['name']") ) 
{       
  // get the db connection 
  // get the user_id value from session
  // store the user_id with path to file or whatever in database
}

Hope it will help you to some extent. Wish you happy coding :-)

how to get the user id and store it into the database

2 Answers2