MySQL Query Issue

[Agold]

Alright so I have a database table of users set up that creates a unique member_id for each new registered user. I then have a second table that stores data entries that also has a member_id field. When the users are logged in, they can enter a new entry into this second table. The problem I'm having is that when the entry is written into the database, the member_id field always comes up as "0." I'm using the session variables to pass the member_id to the query. Here's the code:

 

        //Create Member Session Variables
$memberID = $_SESSION['SESS_MEMBER_ID'];

//Create INSERT query
$qry = "INSERT INTO userBars(member_id, barName, barAddress, barCity, barState, barZip) VALUES('$memberID','$ename','$street','$city','$state','$zipcode')";
$result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	header("location: register-success.php");
	exit();
}else {
	die("Query failed");
}

 

 

When I echo the $memberID var I do in fact get the member_id, but when this script writes into the database, the member_id field is always set to "0." Anyone have any ideas as to why this might happen?

 

[SamT_]

Remove the quotes around $memberID in your query and be sure to cast it as an int when you create it, i.e.

$memberID = (int) $_SESSION['SESS_MEMBER_ID'];

[Pikachu2000]

Is session_start() called in both this script, and the one that assigns the value to the $_SESSION variable?

[Agold]

session_start is only called at the log in page, I then use an auth.php script at the beginning of each client page to ensure the user is logged in and a session is running.

 

I modified the code as you stated and I still have the same problem. I even just changed the MySQL field to a char and I still get 0. This is really baffling me right now. I have the member_id echo'd at the top of the form just to be sure it's there in the session.

[Agold]

Here's my login script:

 

<?php

//Start session

session_start();

 

//Include database connection details

require_once("$DOCUMENT_ROOT/../SQLlogin.php");

 

//Array to store validation errors

$errmsg_arr = array();

 

//Validation error flag

$errflag = false;

 

//Connect to mysql server

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if(!$link) {

die('Failed to connect to server: ' . mysql_error());

}

 

//Select database

$db = mysql_select_db(DB_DATABASE);

if(!$db) {

die("Unable to select database");

}

 

//Function to sanitize values received from the form. Prevents SQL injection

function clean($str) {

$str = @trim($str);

if(get_magic_quotes_gpc()) {

$str = stripslashes($str);

}

return mysql_real_escape_string($str);

}

 

//Sanitize the POST values

$login = clean($_POST['login']);

$password = clean($_POST['password']);

 

//Input Validations

if($login == '') {

$errmsg_arr[] = 'Login ID missing';

$errflag = true;

}

if($password == '') {

$errmsg_arr[] = 'Password missing';

$errflag = true;

}

 

//If there are input validations, redirect back to the login form

if($errflag) {

$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

session_write_close();

header("location: client_login.php");

exit();

}

 

//Create query

$qry="SELECT * FROM clients WHERE login='$login' AND passwd='".md5($_POST['password'])."'";

$result=mysql_query($qry);

 

//Check whether the query was successful or not

if($result) {

if(mysql_num_rows($result) == 1) {

//Login Successful

session_regenerate_id();

$member = mysql_fetch_assoc($result);

$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];

$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];

$_SESSION['SESS_LAST_NAME'] = $member['lastname'];

session_write_close();

header("location: client_homepage.php");

exit();

}else {

//Login failed

header("location: login-failed.php");

exit();

}

}else {

die("Query failed");

}

?>

 

Everytime I echo $_SESSION['SESS_MEMBER_ID'] i get the member id, but for some reason it doesn't want to enter it in the query.

[Pikachu2000]

What is the format of member_id? Is in an integer, string, or . . . ? What is the data type of the field in the database, and is it set to a large enough size?

[Agold]

I've had it set to both int(11) and char(11), neither seems to work.

[Agold]

Hmmm something must be going on with the session because when I echo it after running the script, it's set to 0.

[Agold]

Fixed, I've been confused by what session_start does I guess. I did not include it in this script thinking it restarts the session, but it appears it doesn't continue the session if I don't include it in every script? I should have known as the auth.php script has session start in it as well.

[Pikachu2000]

That's why I asked.

 

You need to call session_start() in any script that will access $_SESSION vars.