[SOLVED] Assign a session variable from a posted form?

[frobak]

Hi, im making a simple user control panel, the user logs in by entering a user id and passowrd, which is checked in a mysql database before displaying the control panel. from this control panel i want the user to be able to change user details, sign up for bits, register for stuff etc. When the user clicks on a link to update their user details for example, i want to use the user id originally posted with the login form.

 

Is it possible to register a session variable from a posted field in a form, and then retreive and use throughout my control panel? Ive tried many different ways to pass variables but its not happening?

 

Any ideas?

[.josh]

Show what you've tried.  You can assign a posted var to a session var no problem.  Do you have session_start() at the top of all the pages that use it (including where you set it)?

[F1Fan]

Yes, you can use session_start() and then add a variable called $_SESSION['username'] or something. If that doesn't help much, include your code.

[frobak]

session_start();

if (isset($_POST['userid']) && isset($_POST['password'])) {

 

$table_name = "customers";

 

include '../functions/db_connect.inc.php';

 

$userid = $_POST['userid'];

$password = $_POST['password'];

 

  // check if the user id and password combination exist in database

  $sql = "SELECT * FROM customers WHERE userid= '$userid'";

 

  $result = mysql_query($sql)

            or die('Query failed. ' . mysql_error());

 

  if (mysql_num_rows($result) == 1) {

      // the user id and password match,

      // set the session

      $_SESSION['db_is_logged_in'] = true;

  $_SESSION[$userid] = $userid;

      // after login we move to the main page

      header('Location: ../pages/control_panel.php?$userid;');

      exit;

  } else {

      $errorMessage = 'Sorry, wrong user id / password';

  }

 

}

 

How do i get the posted value of userid to $_SESSION[$userid]?

 

and then how do i call it in another script?

[F1Fan]

Replace

$_SESSION[$userid] = $userid;

with

$_SESSION['userid'] = $userid;

[.josh]

$_SESSION[$userid] = $userid;

 

needs to be

 

$_SESSION['userid'] = $userid;

 

...unless you intended to make the session var name the same as the userid number, which I don't think you did.

 

Then from another script you'd just do:

 

session_start();
echo $_SESSION['userid'];

 

[frobak]

So how would i use the variable say to update a table, ie UPDATE customers WHERE userid = ?????????

 

 

[F1Fan]

UPDATE customers WHERE userid = $_SESSION['userid'];

[frobak]

excellent, cheers for your help guys! 

[frobak]

This doesnt work though?

 

$sql = "SELECT * FROM customers WHERE userid= $_SESSION['userid']";

 

it says: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\Inetpub\vhosts\frobak.co.uk\httpdocs\pages\show_cust_details.php on line 18

[.josh]

$sql = "SELECT * FROM customers WHERE userid= {$_SESSION['userid']}";

[frobak]

cheers 

[frobak]

$sql = "UPDATE customers SET

cust_firstname = '$_POST[cust_firstname]',

cust_surname = '$_POST[cust_surname]',

house_no = '$_POST[house_no]',

streetname = '$_POST[streetname]',

postcode = '$_POST[postcode]',

emailaddress = '$_POST[emailaddress]',

homephone = '$_POST[homephone]',

mobphone = '$_POST[mobphone]',

WHERE username = {$_SESSION['username']}";

 

why am i being told i have an sql error near my where clause?

 

[.josh]

probably because of the comma right before it

[frobak]

cheers