-1

$result= mysql_query ("SELECT * FROM employee WHERE empno= '".$_SESSION['id']."'");

ndm
  • 59,784
  • 9
  • 71
  • 110
Berto
  • 1
  • 4
  • If you are using an MVC framework, how comes you have code in what appears to be the project root? And if you are using CakePHP, why aren't you using `Session` or builtin ORM? – Álvaro González Feb 11 '17 at 13:59
  • 1
    Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) – Álvaro González Feb 11 '17 at 14:00
  • BTW, we are in 2017. Learning PHP with `mysql_query()` is like learning to drive with a steam carriage, but probably less funny :) – Álvaro González Feb 11 '17 at 14:32

2 Answers2

0

There is no element named 'id' in $_SESSION. Either start a session or check the Hash's contents (print_r is your friend if you don't use an IDE)

Benjamin Judas
  • 41
  • 4
  • No I can't. It's a conceptual error. I suggest reading about session management in PHPs documentation: http://php.net/manual/en/reserved.variables.session.php – Benjamin Judas Feb 11 '17 at 13:44
0

Assuming the CakePHP tag was a red herring, these are some issues to address:

  1. Verify you are loading session data.

  2. Make sure you are actually writing somewhere the session data you need:

    $_SESSION['id'] = ...

  3. Look up the official documentation as much as needed.

  4. I know you skipped previous point because if you had checked mysql_query() you would have seen the big red warning:

    This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used.

    You are wasting your energy learning a feature that no longer exists.

  5. When a given array item may or may not exist, write code that handles both situations gracefully:

    if (isset($_SESSION['id'])) {
    // ....
} else {
    // ....
}

  6. The proper way to inject variables into SQL is prepared statements:

    $sql = 'SELECT * FROM employee WHERE empno = ?';
$params = [
    $_SESSION['id']
];
$stmt = $your_library->function_to_prepare($sql);
$res = $stmt->function_to_execute($params);

  7. If you don't have a decent debugger you can always use var_dump() to display variables.

Álvaro González
  • 142,137
  • 41
  • 261
  • 360