glendango Posted October 4, 2017 Share Posted October 4, 2017 (edited) Hi, i ve created an app which works fine while iam the admin. I now want to create users ( i have dummy users in the practice app and all foreign keys work fine) I ve just set up a log in system for users and using $session, which sounds standard from the many tutorials i ve learnt from. But after the log in system all tutorials seem to go dead. Anyway my next step is to allow a user who had logged in ( who by signing up has entered into a 'users' table in MySQL with a unique id) i now want them to fill out forms which will input into table 'firsts'.. Which has the foreign key of their id. am i missing something..how do tell the database to populate the form using the users id. Is it common practice to use $_SESSION['usr_id'] or do i get the users id some other way..i cant work it out for some reason... thanks heres what i have so far .. .not sanitized yet etc session_start();. ????? [user id] $client_title =$_POST['client_title'];$client_name =$_POST['client_name'];$client_contact =$_POST['client_contact'];$client_email =$_POST['client_email'];$notes =$_POST['notes']; $sql = "INSERT INTO firsts (usr_id, client_title, client_name, client_contact, client_email, notes ) VALUES ('$usr_id', '$client_title' , '$client_name' ,'$client_contact' ,'$client_email' ,'$notes' )";$result = mysqli_query($conn,$sql); Edited October 4, 2017 by glendango Quote Link to comment Share on other sites More sharing options...
requinix Posted October 4, 2017 Share Posted October 4, 2017 > Is it common practice to use $_SESSION['usr_id'] Yes. Once they're logged in you have to have something that tells you who they are. It's not like they can keep logging in on every single page over and over again. So when they log in, store information that you need to access frequently in the session. Like the user ID. Quote Link to comment Share on other sites More sharing options...
glendango Posted October 4, 2017 Author Share Posted October 4, 2017 (edited) is it common practice to use $session to then insert their id into a db table? Edited October 4, 2017 by glendango Quote Link to comment Share on other sites More sharing options...
glendango Posted October 4, 2017 Author Share Posted October 4, 2017 It's not like they can keep logging in on every single page over and over again. - isn't that what session_start();. is for on every page? Quote Link to comment Share on other sites More sharing options...
glendango Posted October 4, 2017 Author Share Posted October 4, 2017 So when they log in, store information that you need to access frequently in the session. Like the user ID. i think my question is then: how do i access the id for a table? Quote Link to comment Share on other sites More sharing options...
Solution kicken Posted October 4, 2017 Solution Share Posted October 4, 2017 Just pull the user id from your session data and use that in your query. So your original code sample would be for example: session_start();. $usr_id = $_SESSION['usr_id']; $client_title =$_POST['client_title']; $client_name =$_POST['client_name']; $client_contact =$_POST['client_contact']; $client_email =$_POST['client_email']; $notes =$_POST['notes']; $sql = "INSERT INTO firsts (usr_id, client_title, client_name, client_contact, client_email, notes ) VALUES ('$usr_id', '$client_title' , '$client_name' ,'$client_contact' ,'$client_email' ,'$notes' )"; Before you get much further in your project, you really need to do some reading on SQL Injection and prevent it. I'd suggest you learn how to use the PDO API and parameter binding. Quote Link to comment Share on other sites More sharing options...
glendango Posted October 4, 2017 Author Share Posted October 4, 2017 WTF!!! no way is it that obvious.... 4 hours of searching...thank you!!!!!! i know about the sanitizationwill be going over whole app and learning to use the proper methods. guru is this how its done once you have users logged into your app or do you use other ways to enter data into databse from their id. this seems quick and easy though Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 4, 2017 Share Posted October 4, 2017 (edited) WTF!!! no way is it that obvious.... 4 hours of searching...thank you!!!!!! i know about the sanitizationwill be going over whole app and learning to use the proper methods. guru is this how its done once you have users logged into your app or do you use other ways to enter data into databse from their id. this seems quick and easy though You would not create variables just for nothing. You already have the data available, just use it. You also should never ever put variables in a query. As he mentioned, you need to use PDO and Prepared Statements. See this tutorial. Edited October 4, 2017 by benanamen 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.