0

This is my existing code from a tutorial:

<fieldset>
    <legend><?php echo WORDING_EDIT_USER_DATA; ?></legend>
    <p><?php echo WORDING_YOU_ARE_LOGGED_IN_AS . '<b>' . $_SESSION['user_name']; ?></b></p><hr/>

    <p>$_SESSION['user_id'] = <?php echo $_SESSION['user_id']; ?></p>
    <p>$_SESSION['user_name'] = <?php echo $_SESSION['user_name']; ?></p>
    <p>$_SESSION['user_email'] = <?php echo $_SESSION['user_email']; ?></p>
    <p>$_SESSION['user_access_level'] = <?php echo $_SESSION['user_access_level']; ?></p>
    <p>$_SESSION['user_logged_in'] = <?php echo $_SESSION['user_logged_in']; ?></p><hr/>

    <p><?php echo WORDING_PROFILE_PICTURE . '<br/><img src="' . $login->getGravatarImageUrl() ; ?>" /></p>
</fieldset><br/>
<a href="?logout"><?php echo WORDING_LOGOUT; ?></a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="?edit"><?php echo WORDING_EDIT_USER_DATA; ?></a>
<?php echo (ALLOW_ADMIN_TO_REGISTER_NEW_USER && $_SESSION['user_access_level'] == 255 ? '<br/><a href="?register">'. WORDING_REGISTER_NEW_ACCOUNT .'</a>' : ''); ?>

This is the query I want to do on this schema:

SELECT item_title, item_location, item_datetime
FROM item
WHERE user_id = 1;

I'm fairly new to this but this is what I was trying, in order to show the post items which belong to that user who is logged in:

<?php

$result = mysql_query('SELECT item_title, item_location, item_datetime
FROM item WHERE user_id = $_SESSION['user_id'] ;');
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

?>

I haven't been able to make much progress in making this query work or this code run. Can anyone tell me where I am going wrong please?

Improve this question
3
  • Are you getting any errors? Commented Feb 2, 2016 at 7:40
  • 1
    if you are getting mysql error then try to print your query and check if user id is showing or not Commented Feb 2, 2016 at 7:43
  • 1
    check your quotation marks, your query should be like "SELECT item_title, item_location, item_datetime FROM item WHERE user_id = $_SESSION['user_id'] ;" Commented Feb 2, 2016 at 7:43

3 Answers 3

Reset to default
2

Replace the main boundaries with double qoutes

mysql_query('SELECT item_title, item_location, item_datetime
FROM item WHERE user_id = $_SESSION['user_id'] ;');

to

mysql_query("SELECT item_title, item_location, item_datetime
FROM item WHERE user_id = $_SESSION['user_id'] ;");
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

How come the other answer has a full stop in front of the $_SESSION and yours doesn't? Does it make a difference?
@Jimmy ask google....Double quote strings displays a host of escaped characters (including some regexes), and variables in the strings are evaluated. Use double quotes in PHP to avoid having to use the period to separate code.
2

Replace your query by this one and try :

$result = mysql_query('SELECT item_title, item_location, item_datetime
FROM item WHERE user_id ='.$_SESSION['user_id']);
Improve this answer

Comments

1

try this:

<?php

$result = mysql_query("SELECT item_title, item_location, item_datetime
FROM item WHERE user_id =  " .$_SESSION['user_id']. " ;");
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

?>

Anyway, you should escape the variable $_SESSION['user_id'], to prevent SQL injection.

Here is some of the official documentation:

http://php.net/manual/es/security.database.sql-injection.php

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.