How to change SESSION value in php?

Question

It will not reach my head how to implement the correct code.

<?php

$conn = mysqli_connect("local host", "root", "root", "penguin_rus");
$_SESSION["id"] = 1;
$sessionId = $_SESSION["id"];
$user = mysqli_fetch_assoc(mysqli_query($conn, "SELECT * FROM tb_user WHERE id = $sessionId"));
?>

(script used to load/update avatar)

where: $_SESSION["id"] = 1;

A user on the network, and specifically, instead of assigning the number 1, there should be an assignment of an online user id on the network, which should be taken from the database during authorization.

I can’t figure out what to assign $_SESSION["id"] = ! If a user enters the site with id 222, he will still be assigned id 1 from the table.

Firstly, as per [ask] please do not upload images of code or data. Provide all **relevant** code and data as text. — ADyson, Jul 01 '22 at 14:23
Anyway, it's a bit unclear what your problem is. You say you want to assign the Session ID during authorisation. Is the code you've shown part of your authorisation code, or something else? — ADyson, Jul 01 '22 at 14:26
If you want to get the ID of the logged-in user, you would normally do it at authorisation like this: 1) User enters their username and password to log in. 2) You check these details compared to what is in the database. 3) If the details are correct, you get the ID of the user's record in the database and put it into the $_SESSION. 4) After that, in any other PHP code you can check that to know the ID of the current user. — ADyson, Jul 01 '22 at 14:26
P.S. **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. — ADyson, Jul 01 '22 at 14:27
https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. — ADyson, Jul 01 '22 at 14:27
My authorization code is $_SESSION['logged_user'] = $user; And the photo upload/update code is $_SESSION["id"]. — Fun VK, Jul 01 '22 at 14:43
But you want to get the ID of the logged-in user, is that right? If so, you can get it from $_SESSION["user"] — ADyson, Jul 01 '22 at 14:53
OK so if you can get the value from $_SESSION["user"] then I don't understand what problem you're having...why haven't you done that? — ADyson, Jul 01 '22 at 17:22
Because profile authorization goes through $_SESSION['logged_user'] = $user; on RedBean; $data = $_POST; if ( isset($data['do_login']) ) { $errors = array(); $user = R::findOne('users', 'login = ?', array($data['login'])); if ($user) { // логин существует if( password_verify($data['password'], $user->password)) { // авторизуем пользователя $_SESSION['logged_user'] = $user; header('Location: /'); } else { $errors[] = 'Invalid password!'; } } else { $errors[] = 'User with this login was not found!'; } } — Fun VK, Jul 01 '22 at 19:50
That doesn't answer my question, sorry. I think we might be having a translation difficulty. Have you tried asking at [ru.so]? — ADyson, Jul 02 '22 at 06:40

How to change SESSION value in php?

0 Answers0