I have a problem in retrieving a session variable in php.
While I am using the session variable in the drop down list, when I echo the values I can receive the value but when I use them in query there is no output.
Can you guide me?
+1
A:
Unless you provide some code snippets we will be unable to correctly guide you in the right direction, however I'm going to take a blind guess:
Maybe you're using calling them wrong?
Lets say you echo a session variable like this: echo $_SESSION['var'];. This works and you get the desired value from var but when you use it on a query you may be encapsulating it incorrectly.
For example:
$sql="SELECT * FROM `users` WHERE id = '".$_SESSION['var']."'"; //Correct.
$sql="SELECT * FROM `users` WHERE id = '{$_SESSION['var']}'"; //Correct.
$sql="SELECT * FROM `users` WHERE id = '$_SESSION['var']'"; //Not correct.
$sql='SELECT * FROM `users` WHERE id = "$_SESSION['var']"'; //Not correct.
johnnyArt
2010-01-05 12:20:06
Don't include variables without any escaping directly into queries! You're just asking to be hacked with code like this. See this page: http://www.phpbuilder.com/manual/en/security.database.sql-injection.php
Joeri Sebrechts
2010-01-05 12:23:30
Since he said 'when I use them in query' I ought to assume that's what he meant, that doesn't mean it's the right way of doing it.
johnnyArt
2010-01-05 21:50:19