Reputation: 63
Insert session variable into MySQL database
Hey I am new to PHp and I am trying to enter details into my database. I am trying to enter an eventname- which the user enters (POST) and the username of the logged in user.
I have created sessions to store users usernames, the code i have is
$eventname=$_POST['eventname'];
$myusername = $_SESSION['myusername']
$sql = mysql_query("INSERT INTO $tbl_nameVALUES('','$eventname','$_SESSION['myusername'])");
echo "You have been added to the event";
Its the $sql statement which is giving the error? any help would be much appreciated.
Thanks all!
Upvotes: 0
Views: 41884
Answers (5)
Reputation: 1528
Hope it help you...
$eventname=$_POST['eventname'];
$myusername = $_SESSION['myusername'];
$sql = mysql_query("INSERT INTO tbl_name VALUES('','$eventname','".$_SESSION['myusername'])."'");
echo "You have been added to the event";
Upvotes: 1
Reputation: 3345
Remove the single quotes around the key in your $_SESSION array:
$sql = mysql_query("INSERT INTO $tbl_name VALUES('', '$eventname', '$_SESSION[myusername])");
Upvotes: 0
Reputation: 270775
There are several potential problems here.
First, you have not escaped eventname against SQL injection. We assume hopefully that myusername is already safe. If it has not been previously filtered, also use mysql_real_escape_string() on $_SESSION['myusername'].
$eventname = mysql_real_escape_string($_POST['eventname']);
// Then you need space before VALUES and are missing a closing quote on $_SESSION['myusername'], which should be in {}
$sql = mysql_query("INSERT INTO $tbl_name VALUES('','$eventname','{$_SESSION['myusername']}')");
Finally, in order for the statement to work, it assumes you have exactly three columns in $tbl_name. You should be explicit about the columns used. Substitute the correct column names for colname1, event_name, username.
$sql = mysql_query("INSERT INTO $tbl_name (colname1, event_name, username) VALUES('','$eventname','{$_SESSION['myusername']}')");
The exact locations of SQL syntax errors will be revealed to you with some basic error checking via mysql_error().
$sql = mysql_query(<your insert statement>);
if (!$sql) {
echo mysql_error();
}
Upvotes: 8
Reputation: 5286
You're missing a ' on your insert statement. Try this
INSERT INTO $tbl_name VALUES('','$eventname','$_SESSION['myusername']')
Upvotes: 1
Reputation: 151740
You need a space between $tbl_name and VALUES, and indeed a ' after $_SESSION['myusername'].
And look up SQL injection.
Upvotes: 0
Related Questions
- Inserting session data to mysql database
- PHP SESSION Variable is not inserted from MySQL record
- Store variable in Session
- Insert POST Variable into Mysql depending on SESSION Variable
- Saving session value in database using php
- session variables are not inserting in database in php and mysql form
- php store session variable in mysql database
- Inserting PHP Session Variables into MySQL Database
- How to put data from database to session dynamically
- trying to set session variable