query based on session variable?

orionblue

Hi there,

I have just started playing with sessions to allow for members to login and navigate througout a members only website. I am trying to make it as secure as possible and so I have a couple of things I wanted to check with you guys to make sure I'm doing it properly (no bad habits created).

$_SESSION['user_id'] - this is registered when the member logs in.

I want to make a query that goes something like:

SELECT * FROM members WHERE user_id=$user_id

I thought it should work if I write:

SELECT * FROM members WHERE user_id=$_SESSION['user_id']

but it didn't. (as in the result didn't show, but it does if I hard code in 5 as the $user_id for example).

I'm sorry if this is a simple question, I've re-written the scripts a few times now to become familiar with them and it's making me a lot tired and a little stupid... Probably missing the obvious...

LordShryku

You just need to sepearte the superglobal from the string. It's good practice to seperate all of your variables from the string. Like so

$sql = "SELECT * 
        FROM   members 
        WHERE  user_id = '".$_SESSION['user_id']."'";
$result = mysql_query($sql);

orionblue

YAYYYYYY! Worked, of course.

Love learning to implement things like that that I see but don't always understand.

thanks LordShryku!