Best way to record a users input

[glendango]

Hi, i ve created an app which works fine while iam the admin. 

 

I now want to create users ( i have dummy users in the practice app and all foreign keys work fine)

 

I ve just set up a log in system for users and using $session, which sounds standard from the many tutorials i ve learnt from.

 

But after the log in system all tutorials seem to go dead.

 

Anyway my next step is to 

 

allow a user who had logged in ( who by signing up has entered into a 'users' table in MySQL with a unique id) 

i now want them to fill out forms which will input into table 'firsts'.. Which has the foreign key of their id.

 

am i missing something..how do tell the database to populate the form using the users id. 

 

Is it common practice to use $_SESSION['usr_id']  

 

or do i get the users id some other way..i cant work it out for some reason...

 

thanks

 

heres what i have so far  ..  .not sanitized yet  etc 

 

session_start();. 

 

?????    [user id]

$client_title =$_POST['client_title'];
$client_name =$_POST['client_name'];
$client_contact =$_POST['client_contact'];
$client_email =$_POST['client_email'];
$notes =$_POST['notes'];
 

$sql = "INSERT INTO firsts (usr_id, client_title, client_name, client_contact, client_email, notes  )

VALUES ('$usr_id', '$client_title' , '$client_name' ,'$client_contact' ,'$client_email' ,'$notes' )";

$result = mysqli_query($conn,$sql);

Edited October 4, 2017 by glendango

[requinix]

> Is it common practice to use $_SESSION['usr_id']

Yes. Once they're logged in you have to have something that tells you who they are. It's not like they can keep logging in on every single page over and over again.

 

So when they log in, store information that you need to access frequently in the session. Like the user ID.

[glendango]

is it common practice to use $session to then insert their id into a db table?

Edited October 4, 2017 by glendango

[glendango]

It's not like they can keep logging in on every single page over and over again. -   

isn't that what session_start();.  is for on every page? 

[glendango]

So when they log in, store information that you need to access frequently in the session. Like the user ID.

 

i think my question is then:   how do i access the id for a table?

[kicken]

Just pull the user id from your session data and use that in your query. So your original code sample would be for example:

session_start();. 
 
$usr_id = $_SESSION['usr_id'];
$client_title =$_POST['client_title'];
$client_name =$_POST['client_name'];
$client_contact =$_POST['client_contact'];
$client_email =$_POST['client_email'];
$notes =$_POST['notes'];
 
$sql = "INSERT INTO firsts (usr_id, client_title, client_name, client_contact, client_email, notes  )
VALUES ('$usr_id', '$client_title' , '$client_name' ,'$client_contact' ,'$client_email' ,'$notes' )";

Before you get much further in your project, you really need to do some reading on SQL Injection and prevent it. I'd suggest you learn how to use the PDO API and parameter binding.

[glendango]

WTF!!!    no way is it that obvious....  4 hours of searching...thank you!!!!!!    i know about the sanitizationwill be going over whole app and learning to use the proper methods. 

guru is this how its done once you have users logged into your app or do you use other ways to enter data into databse from their id. this seems quick and easy though 

[benanamen]

WTF!!!    no way is it that obvious....  4 hours of searching...thank you!!!!!!    i know about the sanitizationwill be going over whole app and learning to use the proper methods. 

guru is this how its done once you have users logged into your app or do you use other ways to enter data into databse from their id. this seems quick and easy though 

 

 You would not create variables just for nothing. You already have the data available, just use it. You also should never ever put variables in a query.  As he mentioned, you need to use PDO and Prepared Statements. See this tutorial.

Edited October 4, 2017 by benanamen