2

I want to use session's name in my sql query. I dont know how to compare values in sql query using session. And is it safe to compare session's value in sql query. I am getting this error-

( ! ) Parse error: syntax error, unexpected T_VARIABLE in ****www\1lab\my-status.php on line 53

At top of htmlpage-:

  session_start();
   if(!isset($_SESSION['check']) or ($_SESSION['check'])!=='*****' or         !isset($_SESSION['uname']) )
    {
       header('location:index.php');
    }

in between html page-:

   include 'config.php';
   $list="select * from books where b_issued = "$_SESSION['uname']"";
   $data=mysqli_query($con,$list); 
   while($info = mysqli_fetch_array($data))
   {
     echo $info['b_name']."<br><br>";
   }
Improve this question
2
  • like this .. $list="select * from books where b_issued ='".$_SESSION['uname']."'"; Commented Feb 14, 2014 at 11:43
  • Although ghost's comment is very ugly and badly mannered, he does have a point. The mysql extension has been deprecated for some time in PHP, and it is very strongly advised to use either the MySQLi or PDO extensions instead. Commented Feb 14, 2014 at 11:45

7 Answers 7

Reset to default
2

Change your line 53 from:

$list="select * from books where b_issued = "$_SESSION['uname']"";

to:

$list="select * from books where b_issued = " . $_SESSION['uname'];

Your problem is caused by not concatenating 2 strings. Instead you just stick one after the other and PHP has no idea what to do with the variable ($_SESSION) right after a string. Should it get rid of it? concatenate it? It just doesn't know, unless you tell it (eg. by using the dot, which is the concatenation operators

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Correct your this line, there is concatenation error.

   $list="select * from books where b_issued = ".$_SESSION['uname'];

OR you can do it like this, take your $_SESSION['uname'] in a variable and pass it to the query.

   $username = $_SESSION['uname'];
   $list="select * from books where b_issued = $username";
Improve this answer

4 Comments

(mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\wamp\www\1lab\my-status.php on line 58)
Please print your query which is $list"..." and share output here.
echo $list working perfectly and getting the value of username.. but still get error which i show you before in line 58
Debug your code using "or die(mysql_error())"... add $data=mysqli_query($con,$list) or die(mysql_error());
1

try below code.and make sure that * you have passed as session argument are same as you have set anywhere.For example,if you have set 5 * then use 5 * in session argument and then try below code.

session_start();
if(!isset($_SESSION['check']) or $_SESSION['check']!='*****' or !isset($_SESSION['uname']))
{
   header('location:index.php');
}

include 'config.php';
$list="select * from books where b_issued = '".$_SESSION['uname']."'";
$data=mysqli_query($con,$list); 
while($info = mysqli_fetch_array($data))
{
  echo $info['b_name']."<br><br>";
}
Improve this answer

Comments

1

You forgot the concatenate operator

$list="select * from `books` where `b_issued` = ".$_SESSION['uname'];
                                              // ^------ Here
Improve this answer

Comments

0

As has been said before, you need to use the concatenate operator to tell php to 'add' this session variable to the SQL query. Alternatively, you can use prepared statements which are far better in terms of security. Also, you should escape anything that interacts with your database, even if it originates from the database!

$list="select * from books where b_issued = ?";
$uname = htmlentities($_SESSION['uname']);
$stmt = $con->prepare($list);
$stmt->bind_param('s', $uname);
$stmt->execute();
$res = $stmt->get_result();
while ($row = $res->fetch_array(MYSQLI_ASSOC)) 
    {
        echo $row['b_name']."<br><br>";
    };
Improve this answer

Comments

0

The proper syntax for line 53 should be :

$list="select * from `books` where `b_issued` = '".$_SESSION['uname']."'";

Hope session value for 'uname' is a string.

Improve this answer

Comments

0

it works with $list="select * from books where b_issued = '{$_SESSION['uname']}'";

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.