1

I was here yesterday with the same issue, but I have changed the code slightly. I am trying to fetch the user id of a user as they log in and store it as a session variable. I don't know what I'm doing wrong though, as when I try pass this session variable into another SQL INSERT statement in a different php file, it does not work. If I pass a local variable to the INSERT statement it works and inserts all values into my database. When I try pass the session variable, it does not work.

This is my login file where I declare the session variable:

<?php
 session_start();

$db =mysqli_connect("localhost", "root", "", "project_website1");

if(isset($_POST['Login_Btn']))  {


    $email = mysql_real_escape_string($_POST['email']);
    $password = mysql_real_escape_string($_POST['password']);

    $id_retrieve = mysqli_query("SELECT user_id FROM userdetails WHERE email='$email'");
    $retrieved_id = mysqli_fetch_row($id_retrieve);


    $password = md5($password);// Decrypt hash of password stored in database

    $mySQLQuery = "SELECT * FROM userdetails WHERE email='$email' AND password='$password'";
    $resultOfQuery = mysqli_query($db, $mySQLQuery);

    if (mysqli_num_rows($resultOfQuery) == 1) {
        $_SESSION['user_id'] =  $retrieved_id[0];
        header("location: User_Home_Page.html");
    }else{          
        $_SESSION['message'] = "Login Fail";
        header("location: User_Login.html");

    }

}
?>

This is the file where I then try insert this session variable:

<?php
  session_start();
$db =mysqli_connect("localhost", "root", "", "project_website1");
if(isset($_POST['upload_btn'])){


    $user_id = $_SESSION[ 'user_id' ];
    $taskTitle = mysql_real_escape_string($_POST['tasktitle']);
    $taskDescription = mysql_real_escape_string($_POST['TaskDescription']);

    $file = rand(1000,100000)."-".$_FILES['file_document']['name'];
    $file_loc = $_FILES['file_document']['tmp_name'];
    $file_size = $_FILES['file_document']['size'];
    $file_type = $_FILES['file_document']['type'];
    $folder="uploads/";

    move_uploaded_file($file_loc,$folder.$file);

    $numPages = mysql_real_escape_string($_POST['number_of_pages']);
    $numWords = mysql_real_escape_string($_POST['number_of_words']);
    $deadlineClaim = mysql_real_escape_string($_POST['deadline_claim']);
    $deadlineComplete = mysql_real_escape_string($_POST['deadline_complete']);

    $sql = "INSERT INTO task(user_id, title, description, file, file_type, file_size, pg_num, num_words, deadline_claim, deadline_completion) VALUES( '$user_id', '$taskTitle', '$taskDescription', '$file', '$file_type', '$file_size', '$numPages', '$numWords', '$deadlineClaim', '$deadlineComplete')";
    mysqli_query($db, $sql);
    header("location: User_Home_Page.html");

}

?>

If someone could provide a solution I would really appreciate it.

Improve this question
5
  • Try to change this mysqli_fetch_row to mysqli_fetch_array and then this variable $_SESSION['user_id'] = $retrieved_id[0]; change to $_SESSION['user_id'] = $retrieved_id['user_id']; and try to var_dump($_SESSION); this will show u all session names and values Commented Mar 22, 2017 at 17:38
  • Still has not solved the problem, where would I place the var_dump($_SESSION); part of code? Commented Mar 22, 2017 at 17:52
  • under session_start(); Commented Mar 22, 2017 at 17:54
  • Still no luck, really am stumped with this have been looking up solutions for the last few days, nothing seems to be working. Commented Mar 22, 2017 at 18:06
  • moment i will make u code works Commented Mar 22, 2017 at 18:06

1 Answer 1

Reset to default
1

First you don't need 2 query because you need a query where you get user_id based on data where user must login.

So in this query first u check for email and password to match that user and if this match u will get more that 0 based on mysqli_num_rows.

When u check this and this works you use mysqli_fetch_array so you can use a data from it however you want.

You can remove error_reporting, ini_set, var_dump if its all ok, this is just for testing and to give you error if exists

Here is your code:

<?php

// turn on error reporting
error_reporting(1);
ini_set('error_reporting', E_ALL);

// start session
session_start();

// debug session
var_dump($_SESSION);

// database connection
$db = mysqli_connect("localhost", "root", "", "project_website1");

if(isset($_POST['Login_Btn']))
{

    $email = mysql_real_escape_string($_POST['email']);
    $password = mysql_real_escape_string($_POST['password']);

    // Decrypt hash of password stored in database
    $password = md5($password);

    // get all data from userdetails table
    $mySQLQuery = "SELECT * FROM userdetails WHERE email='$email' AND password='$password'";
    $resultOfQuery = mysqli_query($db, $mySQLQuery);

    // if query return more that 0 rows
    if (mysqli_num_rows($resultOfQuery) > 0)
    {
        // fetch data
        $uid = mysqli_fetch_array($resultOfQuery);

        $_SESSION['user_id'] = $uid['user_id'];
        header("location: User_Home_Page.html");
        exit();
    }
    else
    {          
        $_SESSION['message'] = "Login Fail";
        header("location: User_Login.html");
        exit();
    }

}

?>

EDIT : Don't use md5 its not secure use password_hash() and password_verify() to make yours password safe.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you so much works perfectly! Yes I plan to use a site salt to hash the password, md5 used just for the purpose of the first demo. Thanks so much again!
No problem :) glad to help

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.