Get information from sessions - PHPBuilder Forums

Get information from sessions

jbachris

I have a session running by the following code:

<?php  

session_start();  

if (!isset($_SESSION['first_name'])) {     

$path_to_login = "http://www.xxxxxxxxx.net/login.php";  

    header("Location: ".$path_to_login);  

} 
?>

Later on in the page I have a form setup for the person that is logged on to edit their bio, but I want make it secure that they can edit theirs, and only their, bio's.

The query I tried was:

$query = "SELECT * FROM users WHERE userid = '. $_SESSION['userid']'";

Is there a way I can change that so it will get * FROM users where the userid is the userid from the session?

rehfeld

well i think the security mainly lies in not allowing someone to log in unless they get the username/password correct. and then only allow a logged in user to edit thier bio.

if your query is not working as expected, echo $query to make sure $_SESSION['userid'] has the value you are expecting

cmccomas

This is the error I'm getting:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/alliance/public_html/edit_bio.php on line 74

Line 74 is my query, does anyone notice what I did wrong?

$query = "SELECT * FROM users WHERE userid = '. $_SESSION['userid']'";

rehfeld

try

$query = "SELECT * FROM users WHERE userid = '" . $_SESSION['userid'] . "'";

cmccomas

Working a bit better now, but it is not finding the indivdual in the database. When I try to echo the userid from the SESSION it doesn't show.

Do I need to change/add something to:

<?php  

session_start();  

if (!isset($_SESSION['first_name'])) {     

$path_to_login = "http://www.allianceproject.net/login.php";  

    header("Location: ".$path_to_login);  

} 
?>

Thanks!

rehfeld

if there is no value for $_SESSION['userid'] then you need to set it somewhere. it cant appear out of thin air.

cmccomas

Originally posted by rehfeld
if there is no value for $_SESSION['userid'] then you need to set it somewhere. it cant appear out of thin air.

Forgive my newnewss to PHP.

Do I need to get the userid from the following? If so, where do I include it?

<?php   

session_start();   

if (!isset($_SESSION['first_name'])) {      

$path_to_login = "http://www.allianceproject.net/login.php";   

    header("Location: ".$path_to_login);   

}  

?>

rehfeld

we cant tell you where to get it from, but most likely you would prob get that info during the login proceedure.

i take it you didnt write this code?

quick questions though. are you thinking of the session id? or are you talking about some other form of id?

cmccomas

The userid is a field in a table called 'users' and it is the primary key for each of the users.

first_name is a field in the same table as userid. With the session code above on my pages I can use:

<?
							include 'db.php';  

						echo "Welcome ". $_SESSION['first_name'];  
						?>

This correctly displays the first_name on the page, but if I try to change it to userid it does not display the userid on the page. I'm sorry this is confusing. How do I get the userid from the session that is open like I am getting the first_name?

 <?php    

session_start();    

if (!isset($_SESSION['first_name'])) {       

$path_to_login = "http://www.xxx.net/login.php";    

    header("Location: ".$path_to_login);    

}   

?>

rehfeld

again, you need to set $_SESSION['userid'] to something.

when your setting the value of $_SESSION['firsnt_name'], then set the value of the userid too.

cmccomas

Originally posted by rehfeld
again, you need to set $_SESSION['userid'] to something.

when your setting the value of $_SESSION['firsnt_name'], then set the value of the userid too.

I tried this:

<?php  

session_start();  

if (!isset($_SESSION['first_name']) && ($_SESSION[userid])) {     

$path_to_login = "http://www.xxxx.net/login.php";  

    header("Location: ".$path_to_login);  

} 
?> [/[code=php]

But still nothing.

rehfeld

you need to SET the variable NOT check it.

$_SESSION['userid'] DOES NOT EXIST

make it exist.

you do this when you log them in.

did you write that code or not?