Jump to content

Best way to record a users input


glendango

Recommended Posts

Hi, i ve created an app which works fine while iam the admin. 

 

I now want to create users ( i have dummy users in the practice app and all foreign keys work fine)

 

I ve just set up a log in system for users and using $session, which sounds standard from the many tutorials i ve learnt from.

 

But after the log in system all tutorials seem to go dead.

 

Anyway my next step is to 

 

allow a user who had logged in ( who by signing up has entered into a 'users' table in MySQL with a unique id) 

i now want them to fill out forms which will input into table 'firsts'.. Which has the foreign key of their id.

 

am i missing something..how do tell the database to populate the form using the users id. 

 

Is it common practice to use $_SESSION['usr_id']  

 

or do i get the users id some other way..i cant work it out for some reason...

 

thanks

 

heres what i have so far  ..  .not sanitized yet  etc 

 

session_start();. 

 

?????    [user id]

$client_title =$_POST['client_title'];
$client_name =$_POST['client_name'];
$client_contact =$_POST['client_contact'];
$client_email =$_POST['client_email'];
$notes =$_POST['notes'];
 
$sql = "INSERT INTO firsts (usr_id, client_title, client_name, client_contact, client_email, notes  )
VALUES ('$usr_id', '$client_title' , '$client_name' ,'$client_contact' ,'$client_email' ,'$notes' )";

$result = mysqli_query($conn,$sql);
Link to comment
Share on other sites

> Is it common practice to use $_SESSION['usr_id']

Yes. Once they're logged in you have to have something that tells you who they are. It's not like they can keep logging in on every single page over and over again.

 

So when they log in, store information that you need to access frequently in the session. Like the user ID.

Link to comment
Share on other sites

Just pull the user id from your session data and use that in your query. So your original code sample would be for example:

session_start();. 
 
$usr_id = $_SESSION['usr_id'];
$client_title =$_POST['client_title'];
$client_name =$_POST['client_name'];
$client_contact =$_POST['client_contact'];
$client_email =$_POST['client_email'];
$notes =$_POST['notes'];
 
$sql = "INSERT INTO firsts (usr_id, client_title, client_name, client_contact, client_email, notes  )
VALUES ('$usr_id', '$client_title' , '$client_name' ,'$client_contact' ,'$client_email' ,'$notes' )";
Before you get much further in your project, you really need to do some reading on SQL Injection and prevent it. I'd suggest you learn how to use the PDO API and parameter binding.
Link to comment
Share on other sites

WTF!!!    no way is it that obvious....  4 hours of searching...thank you!!!!!!    i know about the sanitizationwill be going over whole app and learning to use the proper methods. 

guru is this how its done once you have users logged into your app or do you use other ways to enter data into databse from their id. this seems quick and easy though 

Link to comment
Share on other sites

WTF!!!    no way is it that obvious....  4 hours of searching...thank you!!!!!!    i know about the sanitizationwill be going over whole app and learning to use the proper methods. 

guru is this how its done once you have users logged into your app or do you use other ways to enter data into databse from their id. this seems quick and easy though 

 

 You would not create variables just for nothing. You already have the data available, just use it. You also should never ever put variables in a query.  As he mentioned, you need to use PDO and Prepared Statements. See this tutorial.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.