Problem with $_SESSION[userid]

[PollyJuice]

Hello,

I have some trouble getting a posting-script to work for a forum I'm developing. I know the sessions work, I've tried that, but nothing gets posted into the db. I suspect the lines

$user = $_SESSION['userid'];
and
$query = "INSERT INTO thread(title, text, datum, Kat, forfattare) VALUES ('$title', '$text', '$datum', '$kat', '$user')";

are to blame. If I change '$user' to the member's number, like 1 or 2 or something, it inserts the new post properly, but with '$user', all that happends is that it goes back to the index-page.

Why doesn't the database understand who the user is?


<?php
session_start();
if (isset($_SESSION['userid'])) {

$title = $_POST["title"];
$text = $_POST["text"];
$datum = date("Y-m-d H:i:s");
$kat = $_POST["kategori"];
if ($kat == "Webb") {
$kat = "1";
}
elseif ($kat == "Grafik") {
$kat = "2";
}
elseif ($kat == "Flash") {
$kat = "3";
}
$user = $_SESSION['userid'];

// Anslut till MySQL på datorn 'localhost'
$conn = mysql_connect("**.***.**.**", "****", "********") or die("Could not connect: " . mysql_error());

// Anslut till databasen med namn 'grafiket'
$db_selected = mysql_select_db("grafiket", $conn) or die("Can't use testdb : " . mysql_error());

// Skapa den SQlsats som ska lägga in data i tabellen 'thread'
$query = "INSERT INTO thread(title, text, datum, Kat, forfattare) VALUES ('$title', '$text', '$datum', '$kat', '$user')";

// Exekvera SQLsatsen och lagra resultatet i variabeln $result
$result = mysql_query($query);

//gå tillbaka till index_online.php
header("Location: index_online.php");


//Avsluta databaskopplingen
mysql_close($conn);
exit;
}

else {
// if not set, send back to login
header("Location: login.html");
}
?>

 

[vacunita]

Use mysql_error to see if there's something wrong with the query when the $user variable is being used:

$result = mysql_query($query)[red]or die(mysql_error())[/red];

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[PollyJuice]

Tried your suggestion. It enters the data into the db, but it places a 0 in the column forfattare.

I tried replacing this file post.php with another one, test.php, with this code:

<?php
session_start();
// check session variable is set
if (isset($_SESSION['userid'])) {
// if set, greet by name
print "Hej, " .$_SESSION['userid'] . "!";
}
else {
// if not set, send back to login
header("Location: login.html");
}
?>

and it promptly says Hej Donald Duck, if it's Donald Duck who has logged in. Apparently the $_SESSION['userid'] works, but the number is not properly inserted into the db - it just inserts 0 (zero).

Do I need to convert it or something?

 

[jpadie]

i would guess that your database is expecting an integer and you are feeding it a string. check your column definition for userid.

 

[vacunita]

I agree, looks like your forfattare column is not a char or varchar type to accept a string such as "Donald duck' but rater is expecting a number.

Which is why it defaults to Zero. instead of an empty string.


----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[PollyJuice]

You're so right - I had set forfattare as INT. I replaced that with VARCHAR and added to the login.php that the username used to log in should be the userid.

Now it works. posts are recorded with the logged in member as its author.


Thank you all for your help, I appreciate it.

 

[Olavxxx]

Also, you have several potential errors:
1: SQL Injection
2: You dont remove tags and such (look up strip_tags())
3: You dont check if variables are filled (eg. it can post in no cat?).
4: The "system" you made:

    if ($kat == "Webb") {
    $kat = "1";
    }
     elseif ($kat == "Grafik") {
     $kat = "2";
     }
     elseif ($kat == "Flash") {
     $kat = "3";
     }

Is very static.
It also wont catch an "else", where the variable will differ from the expected result.

Look up the switch function on PHP.net
I guess you have a natural join system, seeing as you add the $kat to the database. So I guess you have a kategori table too? and then you just join it for presentational values?

Olav Alexander Mjelde

 

[PollyJuice]

In answer to Da Butcher:

1: SQL Injection - good point. Will fix this once I've got the basics to work.
2: You dont remove tags and such (look up strip_tags()) - where should I remove tags and why?
3: You dont check if variables are filled (eg. it can post in no cat?). - good point again. I totally missed that one. I'll fix that.

4 - the user chooses one of 3 radiobuttons, ie there will never be any other categories than these 3; Webb, Grafik and Flash - once I've fixed 3 so they don't try to enter posts without any category at all.
And no, kategori is a column in the thread-table. I use it when presenting the data by sorting the posts according to what number is in the column kategori; 1,2 or 3.