Session data not saving in current users table

Laika1986

Hey guys I really need some help with my code. I havnt got much experience in PHP but i do have a good understanding of programming in general. The problem i am encountering is when a user is logged in and selects an option from the dropdown menu it is written to the first row of the table everytime. I want it to write to the currently logged in users table. Any help or suggestions would be great.

http://pastebin.com/kax8G3e5

Emma

Welcome to the forums and thank you for providing the code, however...

There's a special hell reserved for people who don't write a single comment in a 520 line file and it's right next to those who talk at the theatre.

Could you possible narrow down the part of the code you're having trouble with and post in PHP tags on here (it colour codes it).

Laika1986

To be honest I dont understand the code well Enough to comment the php! Im not sure what to do to be honest I think my problem stems from my login in page as i found this page http://stackoverflow.com/questions/10097887/using-sessions-session-variables-in-a-php-login-script and tested it. Although i had logged in previously it still told me i wasnt logged in. So should i post my code from my login page or the page from where I need to pass variables from?Thanks for your reply by the way and apologies for the structure of my posts but It probably communicates my confusion pretty well!

Weedpacket

Have you applied general debugging techniques to narrow down the problem?

Perhaps trying to reduce the code to a minimal reproducible test case will make it easier to locate the problem. For one thing, you'll be able to post the problematic code here in the forum (use the appropriate tags described in the FAQ), so that people who do want to take the time to trawl through your code don't simply get an error message saying pastebin is overloaded 🙂

Laika1986

Hey thanks for the reply and apologies again for just posting so much code! I will post snippets of code that i think are causing the problem. Firstly

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE tbluser SET premierleague=%s WHERE userid=%s",
                       GetSQLValueString($_POST['premierleague'], "text"),
                       GetSQLValueString($_POST['userid'], "int"));

  mysql_select_db($database_Server, $Server);
  $Result1 = mysql_query($updateSQL, $Server) or die(mysql_error());
}

This code is used to write the data to the database. My problem is creating the session i think. As regards debugging i used this code,when logged in, to determine what user id was being recognised.

<?php 
if(isset($_POST['userid'])){ 
    echo "<p>The posted userid is: {$_POST['userid']} .</p>"; 
}else{ 
   echo "<p>POST userid not set.</p>"; 
} 

echo "<p>The session userid is: {$_SESSION['userid']} .</p>"; 

?>

the result of this was

POST userid not set
.
( ! ) Notice: Undefined index: userid in C:\wamp\www\Connections\mybet.php on line 493
Call Stack

Time Memory Function Location

1 0.0022 876536 {main}( ) ..\mybet.php:0
The session userid is: .

So i assume it is not recognising any user id. Sorry about my lack of clarity Iv never done php before and and our class work with it was minimal so im learning as i go and thanks for your patience!if i can make it any clearer let me know and ill try

Weedpacket

Laika1986 wrote:
( ! ) Notice: Undefined index: userid in C:\wamp\www\Connections\mybet.php on line 493

What this means is that the value [font=monospace]$POST['userid'][/font] or [font=monospace]$SESSION['userid'][/font] doesn't exist (it's not quite clear which is line 493).

For the former, check that you are POSTing a form, and that it does have a field named "userid". Likewise I guess for the other form fields you mention ("MM_update" and it wouldn't hurt to check "premierleague" as well). For the latter, I don't see anywhere that you assign any values to the [font=monospace]$_SESSION[/font] array (something you'll need to do if you want to find anything there).

Incidentally, you may have noticed from notices in the manual that using the MySQL extension is discouraged in favour of the or [url=http://www.php.net/ref.pdo-mysql]PDO interfaces. If you're just starting, it would pay to start with those instead - save picking up bad habits that you'd just have to break again later (and rewriting all that code when the extension is eventually dropped).

Hmm. Now that pastebin is up:

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

PHP hasn't even reached version 6 yet (and the check is wrong, since PHP_VERSION is a string, not an integer, and should be checked with a function like [man]version_compare[/man]). It's also wrong because, since PHP 5.4.0 [man]get_magic_quotes_gpc[/man] always returns false (because the configuration setting it checks was removed. On top of that, [man]mysql_real_escape_string[/man] has been around since PHP 4.3, so if you're using a version older than that you're in even bigger trouble - 4.2 hasn't been supported for a decade. Where did all that come from? (On top of it all: the whole thing is redundant given the newer interfaces I mentioned, which support parameterised queries, which do the appropriate quoting and escaping as needed.)