syntax for picking mysql column from form

[PFMaBiSmAd]

The last query error you posted is because $_SESSION['ID'] is empty. Putting quotes around it is just hiding the problem by making it an empty string instead of an empty numerical value.

 

In reply #21 in this thread, Pikachu2000 posted a suggestion for forming your query in a php variable and then using some error checking and error reporting logic that would display the query when a query error occurs. You should do this for every query in your code.

 

As to why the session variable is empty, you are likely missing a session_start() statement or are getting a session_start() error on either one or both the page that is setting the session variable or on the page that is using the session variable.

 

If you were developing and debugging your php code on a system with error_reporting set to E_ALL and display_errors set to ON so that all the php detected errors get reported and displayed, php will help you. You will also save a TON of time.

 

 

[glava]

In case you don't have log in and sessions working you can try this.

<?php
require_once 'database.php';
$username = mysqli_real_escape_string($_POST['user']);

$queryA = "SELECT ID,level FROM user WHERE username = '".$username."' AND password = '".$_POST['pass']."'";   $resultA = mysql_query($queryA);
   $query_dataA = mysql_fetch_row($resultA);

      IF (!$query_dataA[0]) {
  $error = "You have submited an incorrect login and password combination.  Please try again...."; 
      }
   ELSE {
      session_start();

      $_SESSION['user_id']=$query_dataA[0];            
      $_SESSION['level']=$query_dataA[1];
IF ($_SESSION['level']==1){    
header("location:indexn.php");      
} 
IF ($_SESSION['level']==9){    
header("location:indexa.php");       
}           
}
//Assuming this is part of the login page echo error within content
IF (isset($error)) { echo "<p><b>$error</b>"; }

  You can then pick up the user ID at the top of any page which you can use for query's etc.

$userID=$_SESSION['user_id']; 

This might at least help sort out the user id issue.  Not sure if the space around your equals sign might have been giving you problems as well so I tightened them up below.

mysql_query(" UPDATE studenti SET $kol='$k1D' WHERE ID=$userID");

 

i got this error when using your code :

 

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /.../login2.php on line 3

[glava]

If your session is truly an integer, you do not need to wtapit in single quotes in your query. Have you tried echoing the session before use in your query, to make sure it is the value that you want

 

yes, i've echo it and it's empty value ???

[fugix]

Mysqli_real_escape_string() expects 2 parameters, a valid mysql link established, and the query itself. Also, can you post your new code where you are declaring your session

[glava]

IT WORKS NOW !! 

 

that " Mysqli_real_escape_string() expects 2 parameters " error  i was getting when i used code from Drummin.. i put back old one and just correct some syntax mistakes and now it works !!

 

Thank you guys for your help and time, i'm beginner but i can tell that PHP is very powerfull, i got a lot to learn and i hope i would..

I have some more questions but i will start another topic

[fugix]

I'm glad that you figured this one out. Anything else that you need, we will be here to help