How to select data from a database where userid is equal to a session variable

Question

I'm trying to select a row using a session variable which is already defined, but when I try it comes up with the error:

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting '-' or identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in viewmybookings.php on line 9

I have tried defining the session variable as a PHP variable and using the PHP variable however it still doesn't work

<?php
//first connect to the the database via your connection insert file
  include'db.php';
    $sql = "SELECT lesson.LessonName,lesson.LessonType,bookingtable.LessonDate,bookingtable.LessonStartTime,bookingtable.Duration,bookingtable.Statues FROM lesson
JOIN bookingtable
ON bookingtable.LessonID=lesson.Id
JOIN users
ON users.UserID = bookingtable.UserID
WHERE users.UserFirstName = <?php $_SESSION['UserID']?>";
//line 9 is the last line
?>

Can you try with putting single quote besides userID like WHERE users.UserFirstName = '' — mkRabbani, May 09 '19 at 09:21

score -1 · Answer 1 · answered May 09 '19 at 08:57

You dont need the opening PHP tag, since you are already in a PHP statement. All you need to do, is to append it to your query.

<?php
//first connect to the the database via your connection insert file
include 'db.php';
$sql = "SELECT lesson.LessonName,lesson.LessonType,bookingtable.LessonDate,bookingtable.LessonStartTime,bookingtable.Duration,bookingtable.Statues FROM lesson
JOIN bookingtable
ON bookingtable.LessonID=lesson.Id
JOIN users
ON users.UserID = bookingtable.UserID
WHERE users.UserFirstName = " . $_SESSION['UserID'];
//line 9 is the last line
?>

This query has an opening to SQL injection (its very unlikely someone guesses your session id, but possible), which you could avoid using prepared statements.

I have tried that however i got this error instead Bad Query: SELECT lesson.LessonName,lesson.LessonType,bookingtable.LessonDate,bookingtable.LessonStartTime,bookingtable.Duration,bookingtable.Statues FROM lesson JOIN bookingtable ON bookingtable.LessonID=lesson.Id JOIN users ON users.UserID = bookingtable.UserID WHERE users.UserFirstName = — Abdullah Almazmome, May 09 '19 at 09:03

score -1 · Accepted Answer · answered May 09 '19 at 08:57

-1

You can simply use any variable in the query like this:

$userId = $_SESSION['UserID'];
 $sql = "SELECT lesson.LessonName,lesson.LessonType,bookingtable.LessonDate,bookingtable.LessonStartTime,bookingtable.Duration,bookingtable.Statues FROM lesson
JOIN bookingtable
ON bookingtable.LessonID=lesson.Id
JOIN users
ON users.UserID = bookingtable.UserID
WHERE users.UserFirstName = '$userId'";

Please be aware of SQL injection.

answered May 09 '19 at 08:57

Aaron

1,600
1
8
14

I have just tried this and I got this error instead Undefined variable: _SESSION in viewmybookings.php on line 4 line 4 is the line where $userid is defined – Abdullah Almazmome May 09 '19 at 09:05
You have to write session_start() to have access on the $_SESSION variables. Also try to write var_dump($_SESSION) to see if userId is present. – Aaron May 09 '19 at 09:09
ah writing session_start() works thanks for the help – Abdullah Almazmome May 09 '19 at 10:03
Please accept my post as the accepted answer. thanks @AbdullahAlmazmome – Aaron May 09 '19 at 11:54

How to select data from a database where userid is equal to a session variable

2 Answers2