2

I want to make the html element 

<p id="userInfo"></p>

have the value of the username that was user to login in the session. I have the following variable set to contain the variable that holds the username and works this works for logging in.

$_SESSION['globalUser'] = $_POST['resultUser'];

I currently am attempting to set the userInfo element with

<script>document.getElementById(userInfo).value='<?php echo $_SESSION['globalUser']?>'</script>

This script is causing the error "Uncaught SyntaxError: Invalid or unexpected token"

When I open the developer tools and click the error it shows

<script>document.getElementById(userInfo).value='<br />

I also using the following statement to transfer the session across pages

<?php $session_value=(isset($_SESSION['id']))?$_SESSION['id']:''; ?>

What am I doing wrong here?

EDIT:

This is currently my query

$sqlUser = "SELECT `teacher_username` FROM `teacher` WHERE `teacher_username`='$user'";
$sqlPass = "SELECT `password` FROM `teacher` WHERE `password`='$pass'";
$resultUser = mysqli_query($connection, $sqlUser);
$resultPass = mysqli_query($connection, $sqlPass);
$textUser = $resultUser->fetch_assoc();
$textPass = $resultPass->fetch_assoc();
$_SESSION['globalUser'] = $_POST[$textUser['teacher_username']];
Enter Strandman
  • 329
  • 2
  • 14
  • Try this: Use double quotes if there are nested quotes. userInfo ID needs to be in quotes. End you JS and your PHP statements with a semi-colon ; – MichaelvE Nov 01 '18 at 00:45
  • That produced the same error as before – Enter Strandman Nov 01 '18 at 00:47
  • 1
    Why are you doing it with JS instead of `

    `?     – Barmar Nov 01 '18 at 00:48
  • It looks like you have `
    ` in `$_SESSION['globalUser']`.     – Barmar Nov 01 '18 at 00:49
  • 1
    You also have a newline in the variable. JavaScript doesn't allow newlines in string literals, that's what's causing the syntax error. – Barmar Nov 01 '18 at 00:51
  • Barmar, your suggestion gave me an error of "Undefined variable: _SESSION" – Enter Strandman Nov 01 '18 at 00:51
  • 1
    That will happen if you don't have `session_start()` at the beginning. – Barmar Nov 01 '18 at 00:52
  • You need quotes around `userInfo`. And `

    ` elements don't have a value, that's only for user input elements. You need to assign to `innerText`.

     – Barmar Nov 01 '18 at 00:54
  • Does the not take care of that? – Enter Strandman Nov 01 '18 at 00:56
  • That takes care of it for the `$session_value` variable, but doesn't have anything to do with `$_SESSION['globalUser']` – Barmar Nov 01 '18 at 00:57
  • I tried starting the session and using the

    , it didn't produce an error or result.     – Enter Strandman Nov 01 '18 at 01:00
  • Your password query seems wrong. What if they enter the password for a different teacher? You also shouldn't store plaintext passwords in the database, you should use `password_hash()` and `password_verify()`. – Barmar Nov 01 '18 at 01:37
  • `$textUser['teacher_username']` will be the same as `$user`, why do you need to fetch it from the DB? – Barmar Nov 01 '18 at 01:38
  • That's how I compare them for login. I also haven't added security yet, I'm waiting until this is working. This is also for learning not production – Enter Strandman Nov 01 '18 at 01:39

1 Answers1

2

You need to quote the ID userinfo, otherwise it will be used as a variable rather than a literal.

You should assign to innerText rather than value; only user input elements have a value.

To convert PHP values to JavaScript literals, the safest way is to use json_encode(). It will add quotes and any necessary escaping.

<script>document.getElementById('userInfo').innerText=<?php echo json_encode($_SESSION['globalUser']); ?>;</script>
Barmar
  • 741,623
  • 53
  • 500
  • 612