brendyd Posted March 24, 2010 Share Posted March 24, 2010 Hi I am trying to build a sports website. Once users login then can add a new activity to their log. I want to be able to insert their user name in the log using the data from the session. I think it may be along the lines of this : - $sql="INSERT INTO log (logid, username, logdate, type, totaltime_mins, total_distance, notes) VALUES (Null,'$_SESSION['myusername']','$_POST[logdate]','$_POST[type]','$_POST[totaltime_mins]', '$_POST[total_distance]','$_POST[notes]')"; The Null bit is for the logid which is a_i Other other information eg logdate,type, totaltime_mins comes from a form But it doesn't work Any help would be great Quote Link to comment https://forums.phpfreaks.com/topic/196415-_session-in-a-sql-insert/ Share on other sites More sharing options...
micah1701 Posted March 24, 2010 Share Posted March 24, 2010 you've gotta watch your apostrophes. drop the single quotes around 'myusername' VALUES (Null,'$_SESSION[myusername]','$_POST[logdate]','$_POST[type]','$_POST[totaltime_mins]', '$_POST[total_distance]','$_POST[notes]')"; Quote Link to comment https://forums.phpfreaks.com/topic/196415-_session-in-a-sql-insert/#findComment-1031282 Share on other sites More sharing options...
katsu Posted March 24, 2010 Share Posted March 24, 2010 when you use quotes there is no need to use apostrophes when inside VALUES, try this $sql="INSERT INTO log (logid, username, logdate, type, totaltime_mins, total_distance, notes) VALUES (Null,$_SESSION['myusername'],$_POST['logdate'],$_POST['type'],$_POST['totaltime_mins'],$_POST['total_distance'],$_POST['notes'])"; Quote Link to comment https://forums.phpfreaks.com/topic/196415-_session-in-a-sql-insert/#findComment-1031335 Share on other sites More sharing options...
premiso Posted March 24, 2010 Share Posted March 24, 2010 Given the poorly given advice of the previous two posters, I felt the need to correct them: $sql="INSERT INTO log (logid, username, logdate, type, totaltime_mins, total_distance, notes) VALUES (Null,'{$_SESSION['myusername']}','{$_POST['logdate']}','{$_POST['type']}','{$_POST['totaltime_mins']}', '{$_POST['total_distance']}','{$_POST['notes']}')"; Should work properly. For array elements that are associative indexed you need to use either curly braces, as seen above or concatenate the line IE: $sql="INSERT INTO log (logid, username, logdate, type, totaltime_mins, total_distance, notes) VALUES (Null,'" . $_SESSION['myusername'] . "','" . $_POST['logdate'] . "','" . $_POST['type'] . "','" . $_POST['totaltime_mins'] . "', '" . $_POST['total_distance'] . "','" . $_POST['notes'] . "')"; Either of those is the correct variation and usage. If the session variable still does not work, make sure you have session_start at the top of the page so the session gets initiated for that page. EDIT: Why micah's is "incorrect" or "poor advice" is that using non quoted associative index causes a PHP Notice error, which is not "hugely" important, but it is still better to not cause errors of any kind if you can avoid it. If, however, you were using a numerical indexed array, that would be fine, but I still find it better to seperate variables by either the concatenation or the curly braces for readability sakes as a personal preference. Katsu's advice is wrong in that you do need to single quote string / text values inside of MySQL SQL Statements, and he did not concat or enclose the php variables in curly braces so the actual values would not have appeared properly either. As a side note, you should really sanitize your POST / GET / SESSION variables with mysql_real_escape_string before running a query on them to prevent MySQL errors and possible SQL Injection. Quote Link to comment https://forums.phpfreaks.com/topic/196415-_session-in-a-sql-insert/#findComment-1031339 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.