Jump to content
Sign in to follow this  
glendango

Best way to record a users input

Recommended Posts

Hi, i ve created an app which works fine while iam the admin. 

 

I now want to create users ( i have dummy users in the practice app and all foreign keys work fine)

 

I ve just set up a log in system for users and using $session, which sounds standard from the many tutorials i ve learnt from.

 

But after the log in system all tutorials seem to go dead.

 

Anyway my next step is to 

 

allow a user who had logged in ( who by signing up has entered into a 'users' table in MySQL with a unique id) 

i now want them to fill out forms which will input into table 'firsts'.. Which has the foreign key of their id.

 

am i missing something..how do tell the database to populate the form using the users id. 

 

Is it common practice to use $_SESSION['usr_id']  

 

or do i get the users id some other way..i cant work it out for some reason...

 

thanks

 

heres what i have so far  ..  .not sanitized yet  etc 

 

session_start();. 

 

?????    [user id]

$client_title =$_POST['client_title'];
$client_name =$_POST['client_name'];
$client_contact =$_POST['client_contact'];
$client_email =$_POST['client_email'];
$notes =$_POST['notes'];
 
$sql = "INSERT INTO firsts (usr_id, client_title, client_name, client_contact, client_email, notes  )
VALUES ('$usr_id', '$client_title' , '$client_name' ,'$client_contact' ,'$client_email' ,'$notes' )";

$result = mysqli_query($conn,$sql);
Edited by glendango

Share this post


Link to post
Share on other sites

> Is it common practice to use $_SESSION['usr_id']

Yes. Once they're logged in you have to have something that tells you who they are. It's not like they can keep logging in on every single page over and over again.

 

So when they log in, store information that you need to access frequently in the session. Like the user ID.

Share this post


Link to post
Share on other sites

is it common practice to use $session to then insert their id into a db table?

Edited by glendango

Share this post


Link to post
Share on other sites

It's not like they can keep logging in on every single page over and over again. -   

isn't that what session_start();.  is for on every page? 

Share this post


Link to post
Share on other sites

So when they log in, store information that you need to access frequently in the session. Like the user ID.

 

i think my question is then:   how do i access the id for a table?

Share this post


Link to post
Share on other sites

Just pull the user id from your session data and use that in your query. So your original code sample would be for example:

session_start();. 
 
$usr_id = $_SESSION['usr_id'];
$client_title =$_POST['client_title'];
$client_name =$_POST['client_name'];
$client_contact =$_POST['client_contact'];
$client_email =$_POST['client_email'];
$notes =$_POST['notes'];
 
$sql = "INSERT INTO firsts (usr_id, client_title, client_name, client_contact, client_email, notes  )
VALUES ('$usr_id', '$client_title' , '$client_name' ,'$client_contact' ,'$client_email' ,'$notes' )";
Before you get much further in your project, you really need to do some reading on SQL Injection and prevent it. I'd suggest you learn how to use the PDO API and parameter binding.

Share this post


Link to post
Share on other sites

WTF!!!    no way is it that obvious....  4 hours of searching...thank you!!!!!!    i know about the sanitizationwill be going over whole app and learning to use the proper methods. 

guru is this how its done once you have users logged into your app or do you use other ways to enter data into databse from their id. this seems quick and easy though 

Share this post


Link to post
Share on other sites

WTF!!!    no way is it that obvious....  4 hours of searching...thank you!!!!!!    i know about the sanitizationwill be going over whole app and learning to use the proper methods. 

guru is this how its done once you have users logged into your app or do you use other ways to enter data into databse from their id. this seems quick and easy though 

 

 You would not create variables just for nothing. You already have the data available, just use it. You also should never ever put variables in a query.  As he mentioned, you need to use PDO and Prepared Statements. See this tutorial.

Edited by benanamen
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.