0

Can somebody help me? This is my code:

foreach ($db->query('SELECT * FROM '. $_SESSION['url_recuperee'].' WHERE id=' . $article_id) as $data):
..... Here other scripts
endforeach;

I want to acceed dynamically to my database tables. And the variable $_SESSION['url_recuperee'] represents the name of each table according as I hget connected to one of the table. When I am in local (on my computer), every is good. But when I am on the hosting, I have the error:

Notice: Undefined variable: _SESSION in /home/u160916497/public_html/vue/parole_divine/article.php on line 33. THnaks for the help.

Lelio Faieta
  • 6,457
  • 7
  • 40
  • 74
simon
  • 1
  • 3
    If you have to do this, your database structure is probably set up very poorly. You should pretty much (almost) never have to dynamically call a table. – GrumpyCrouton Jan 18 '21 at 16:35
  • [Little Bobby](http://bobby-tables.com/) says [you may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/). Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) with [parameterized queries](https://stackoverflow.com/a/4712113/5827005). – GrumpyCrouton Jan 18 '21 at 16:38
  • The above message is in regards to how you concatenate `$article_id` into your query, it's unsafe. This issue is even more severe with the way you are concatenating the table name into the query. For that part to be safe, you need to check the table name against a list of all possible table names. – GrumpyCrouton Jan 18 '21 at 16:39

0 Answers0