1

I have a page on my site that I am making that is to upload comments to a community section from the users profile page.

The page was working fine but I needed to add a 'username' foreign key to the table to identify who made the post, and so I am trying to use the session function to do this.

In the code below, the three functions I added (before which the page was working correctly) are the $date, $time, and $_SESSION['username']=$_POST['username'].

The $date and $time variables are for timestamping the post, and along with the $_SESSION['username']=$_POST['username'], are going to be the primary key for the table.

Since I added those three variables, (yes, they are added in the table) I am getting an error:

Notice: Undefined index: username in C:\xampp\htdocs\soiree'_2\create_post_script.php on line 12

Notice: Undefined index: username in C:\xampp\htdocs\soiree'_2\create_post_script.php on line 22 failure

It seems to have a problem with the $_SESSION variables. So with that being said, is my implementation of the session variable incorrect?

As you can see below the page begins with a 'start_session();' function, so does my log in script. The way I understand this to work is when my user logs on, the $_POST['username'] is assigned to $_SESSION['username'], so that on the subsequent pages, like when they go to make their post or comment, $_SESSION['username'] captures the credentials to insert into the column of the table for 'username'.

Perhaps obvious this is my first time using session variables/functions. Below is the code for the page in question (the comment page) and the script for the login below. Thanks.

    <?php
    session_start();

    include('db.php');


     $event_name='';
     $place='';
      $t='';
      $d='';
     $description=''; 
     $_SESSION['username'];
     $time='';
     $date='';


    $event_name=strip_tags($_POST['event_name']);
    $place=strip_tags($_POST['place']);
    $t=strip_tags($_POST['time']);
    $d=strip_tags($_POST['date']);
    $description=strip_tags($_POST['event_description']);
    $_SESSION['username']=strip_tags($_POST['username']);
    $time=time();
     $date=date("y-m-d");

   if(isset($_POST['submit'])) 
    {            
    $query = "INSERT INTO user_posts (date, time, username, title, location, t, d, description)"; 
    $query .= "VALUES ('$date','$time','$_SESSION["username"]','$event_name','$place','$t','$d','$description')";

    if (mysqli_query($connection, $query)) {
        echo "<h2> your post has been submitted </h2>";        
        }        
    else {            
        die('failure');            
    }     
}

and the following is from the login script;

        <?php 
         session_start();
          include("db.php");
          if(isset($_POST['submit'])) {

          $username = $_POST["username"];
          $password = $_POST["password"];

         $u_check= mysqli_query($connection, "SELECT username AND password   FROM registration WHERE username='$username' AND password='$password'");
          $check=mysqli_num_rows($u_check);

         if($check==1) {

          $_SESSION['auth'] = "yes";
         $_SESSION['username'] = $_POST['username'];
        header("location: home.php");//echo "succesful login";

         }
        else {
        echo "invalid login info";        
        $result=mysqli_query($connection, $query);

        if(!$result){    
        die('failure');
        }
        }
        }
Elydasian
  • 2,016
  • 5
  • 23
  • 41
user74091
  • 301
  • 3
  • 13
  • 2
    Look at the syntax highlighting – John Conde Aug 24 '16 at 00:21
  • 1
    Not your current issue but you are open to SQL injections and passwords should be hashed. – chris85 Aug 24 '16 at 00:23
  • @JohnConde yes, it is saying i have a double ", but my quotes are properly nested? – user74091 Aug 24 '16 at 00:24
  • @chris85 yes, i am aware that the code is not secure, security will be the next learning step. right now i am just trying to learn how to get it working in the first place – user74091 Aug 24 '16 at 00:24
  • @user74091 no they're not. `$query .= "VALUES ('$date','$time','$_SESSION["username"]'` your string ends at `$_SESSION[` – Memor-X Aug 24 '16 at 00:29
  • @Memor-X i see what you mean, but if i replace those double quotes inside the square bracket, i will have the same problem, it will see '$_SESSION[' and stop there... so this must not be the right way to query this session variable? – user74091 Aug 24 '16 at 00:31
  • .. `'{$_SESSION['username']}'` ..http://stackoverflow.com/questions/2596837/curly-braces-in-string-in-php –  Aug 24 '16 at 00:34
  • for future reference, the edit by GCRDev that you approved should not have been. if it is an answer it should have been posted as an answer not appended to the question – Memor-X Aug 24 '16 at 00:36
  • ok so this was marked as a duplicate because the problem seems to be with the syntax error with the quotes, but the question is more generally is my implementation of the session variable/function appropriate to do what i stated in the question to do? or have i incorrectly used the session variables and function? – user74091 Aug 24 '16 at 00:38
  • @Memor-X It would have been if a moderator didn't rush into closing the topic and posting a link to one of the most long winded explanations on the site, something moderators do a lot on here. I wasn't interested in getting it approved, I was more concerned with giving the OP the correct answer. And now that edit will always be there, so it hardly matters. – independent.guru Aug 24 '16 at 00:41
  • ok, so like i said, i fixed the syntax error with the quotes, i encased the variable in curly braces. thats fine, but its calling my $_SESSION['username']=""; an undefined index and the same for $_SESSION['username']=$_POST['username'] an undefined index. so this question is not a question of syntax, but why is my use of these variables incorrect for the context? this was dictated in the question, so again i dont know why this is a duplicate of a syntax question. – user74091 Aug 24 '16 at 00:53
  • @user74091 Have you tried using a variable for the username, the same as you have for the description and using that in your query? You can still set the session as well for use if it's necessary to store the user input to auto fill forms if there's an error. Or you could remove all the quotes from inside the session value completely from the original line in your query and just place in '$_SESSION[username]', '$event_name', etc.. – independent.guru Aug 24 '16 at 01:06
  • this is what the question was about and what i am unclear about. so the user logs in, the login page sets the username to a variable which is set to the session variable. user then moves to the above page to post content, now when they upload the content i want there username to be uploaded with their content. so since there is not a place to input username on that page (there shouldnt be), i thought the purpose of the session variable was to store their username so it would be uploaded with the query, hence why the query includes the session variable for the username... – user74091 Aug 24 '16 at 01:11
  • so are you saying that instead of $_SESSION['username'] as the value to be uploaded to the 'username' columb in the table, the session variables allows me simply to use $_POST['username'] instead? – user74091 Aug 24 '16 at 01:12
  • i am reading this thread to try and gain some intuition on this; http://stackoverflow.com/questions/10097887/using-sessions-session-variables-in-a-php-login-script – user74091 Aug 24 '16 at 01:13
  • @user74091 Currently you're storing whatever the user types in as their username as the session and resetting the original session stored after they log in. which should really be set if the login is successful, not before. On the post, you don't have to set the session variable again, just call upon it in your query when needed or place it in another variable & call the variable. This would have been easier to explain if the post wasn't closed and I was allowed answer properly – independent.guru Aug 24 '16 at 01:18
  • ive edited the question to reflect the correction of the syntax error, this question should not be confused with one now and should not be a duplicate any longer. – user74091 Aug 24 '16 at 01:26

0 Answers0