Help
Hi ,
I've been working on creating a CMS and have everything working, but that's if I'm the only user. Multiple logins work fine, and I've passed the username through $_SESSION['name'] to that the admin section now says "Welcome back (username)".
Now, my problem is inserting this name into a database so that they they post a blog entry site visitors can see which user posted the blog entry.
I've tried $user = $_SESSION['name'] and then inserting $user into the database but this returns blank. No idea how to get around it. I know that everything else works fine as if I try $user = "Ben" then it inserts my name into the database, no problem. But I need it showing the session name.
Does anyone know how I would go about this please? Any help is much appreciated!
Thanks, Ben
Page 1 of 1
Help with $_SESSION
Rate Topic:
#3
benjawi 
- Forum Newcomer
-
- Group: Members
- Posts: 7
- Joined: 08-June 11
- Reputation: 0
- Gender:Male
- Experience:Beginner
- Area of Expertise:Designer/Coder
Posted 29 December 2011 - 01:09 AM
Samus, on 29 December 2011 - 12:09 AM, said:
That's odd.
Wanna show some code?
Wanna show some code?
Sure.
Using this displays the sessions user name, works anywhere on a page on any within the admin area no matter how many pages you visit so can't see an issue with this :
if (isset($_SESSION['name'])) { echo 'You are currently logged in as '.$_SESSION['name'].' '; }
And this is where I insert into the database :
$user = $_SESSION['name'];
if (array_key_exists('insert', $_POST)) {
// remove backslashes
nukeMagicQuotes();
$expected = array('title', 'article');
// prepare expected items for insertion in to database
foreach ($_POST as $key => $value) {
if (in_array($key, $expected)) {
${$key} = mysql_real_escape_string($value);
}
}
// prepare the SQL query
$sql = "INSERT INTO `blog` (username, title, article, created) VALUES ('$user', '$title', '$article', NOW())";
database_queryModify($sql,$insertId);
header("Location: index.php");
exit();
}
If I remove adding the user part everything else adds into the database as it should, and like I mentioned above, if I use $user = "Ben" up the top then it adds that to the database fine, as it is though everything gets added but the username shows up as blank even though I know there's a value showing as I can call it as shown in the first block of code. I've even added username into the expected array but that makes no difference. I'm completely stumped.
#5
benjawi
- Forum Newcomer
-
- Group: Members
- Posts: 7
- Joined: 08-June 11
- Reputation: 0
- Gender:Male
- Experience:Beginner
- Area of Expertise:Designer/Coder
Posted 29 December 2011 - 11:22 AM
andyl, on 29 December 2011 - 10:52 AM, said:
You've definitely used session_start() at the top of the insertion script too?
Yeah, that's the first line of code. Everything works bar this one thing. The session times out after 15 minutes of inactivity and the session name works in telling you which user is logged in, blog entries can be added to the database, etc. Everything but this one problem. I need some way of identifying which user has made an entry as I don't want them to be able to view and edit each others in the admin area, just their own..
#6
Samus
- Advanced Member
-
- Group: Members
- Posts: 367
- Joined: 05-August 11
- Reputation: 27
- Gender:Male
- Location:Hackney, London, UK
- Experience:Intermediate
- Area of Expertise:Web Developer
Posted 29 December 2011 - 02:19 PM
I think the problem is within your if statement.
That checks if the 'insert' key is within the $_POST array. In this case it may not be, so the if statement returns false if a form element with the name field 'insert' was not posted and since you've not specified a a code to be executed if returned false. Nothing happens.
Where does 'insert' come from anyway? Was it meant to be the name attribute of your submit button or what?
EDIT: Clarity.
if (array_key_exists('insert', $_POST)) {
// remove backslashes
nukeMagicQuotes();
$expected = array('title', 'article');
// prepare expected items for insertion in to database
foreach ($_POST as $key => $value) {
if (in_array($key, $expected)) {
${$key} = mysql_real_escape_string($value);
}
}
// prepare the SQL query
$sql = "INSERT INTO `blog` (username, title, article, created) VALUES ('$user', '$title', '$article', NOW())";
database_queryModify($sql,$insertId);
header("Location: index.php");
exit();
}
That checks if the 'insert' key is within the $_POST array. In this case it may not be, so the if statement returns false if a form element with the name field 'insert' was not posted and since you've not specified a a code to be executed if returned false. Nothing happens.
Where does 'insert' come from anyway? Was it meant to be the name attribute of your submit button or what?
EDIT: Clarity.
This post has been edited by Samus: 29 December 2011 - 02:24 PM
#7
benjawi
- Forum Newcomer
-
- Group: Members
- Posts: 7
- Joined: 08-June 11
- Reputation: 0
- Gender:Male
- Experience:Beginner
- Area of Expertise:Designer/Coder
Posted 29 December 2011 - 03:59 PM
Insert is the name of my submit button, so if I have either of the following button types and they are clicked on then it executes the above code.
<button type="submit" name="insert" class="button" > Insert Article </button>
<input type='submit' value='Insert Article' />
#8
Samus
- Advanced Member
-
- Group: Members
- Posts: 367
- Joined: 05-August 11
- Reputation: 27
- Gender:Male
- Location:Hackney, London, UK
- Experience:Intermediate
- Area of Expertise:Web Developer
Posted 29 December 2011 - 11:24 PM
benjawi, on 29 December 2011 - 03:59 PM, said:
Insert is the name of my submit button, so if I have either of the following button types and they are clicked on then it executes the above code.
<button type="submit" name="insert" class="button" > Insert Article </button>
<input type='submit' value='Insert Article' />
I had a little play around with it. I don't have access to your 2 functions nukeMagicQuotes() & database_queryModify().
So I just commented them out. Maybe there's a problem with the latter function?
Here's what my code looks like & it works fine.
<html>
<body>
<form method='post'>
<input type='submit' name='insert'/>
</form>
</body>
</html>
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test", $con);
$_SESSION['name'] = 'Michael';
$user = $_SESSION['name'];
if (array_key_exists('insert', $_POST)) {
// remove backslashes
// nukeMagicQuotes();
$expected = array('title', 'article');
// prepare expected items for insertion in to database
foreach ($_POST as $key => $value) {
if (in_array($key, $expected)) {
${$key} = mysql_real_escape_string($value);
}
}
// prepare the SQL query
$sql = "INSERT INTO `blog` (username, created) VALUES ('$user', NOW())";
//database_queryModify($sql,$insertId);
mysql_query($sql);
header("Location: index.php");
exit();
}
?>
This post has been edited by Samus: 29 December 2011 - 11:26 PM
#9
benjawi
- Forum Newcomer
-
- Group: Members
- Posts: 7
- Joined: 08-June 11
- Reputation: 0
- Gender:Male
- Experience:Beginner
- Area of Expertise:Designer/Coder
Posted 30 December 2011 - 11:20 AM
Cheers for all your help guys. Really appreciate it. Tried everything but finally have a method that works. It's not perfect, but it does the job. I could print the session name anywhere but couldn't seem to do anything with it bar print it to the screen. Been playing around with it for another hour now before trying to print it as a value to a hidden input field, which works. It's not perfect but it gets the job done 
- ← Quick XAMPP question.
- Server Side (PHP, Databases, ASP.NET, etc)
- can this application be done with .NET and how hard is it? →
Share this topic:
Page 1 of 1