CODEWITHSUNDEEP
php
cybertextron
cybertextron

Reputation: 10961

updating a session id in a MySQL db - PHP

The following function is supposed to take in a PHP session_id and update it, otherwise the user will be logged out in 5 min:

function update_session_id( $session_id = "" )
{
    $stmt = "UPDATE session SET start=NOW() WHERE id='$session_id';";
    $query = mysql_query( $stmt )
        or die( mysql_error() );

    if( $query )
    {
        return true;
    }
    return false;
}

For some reason, PHP is returning me "\"p9bb7t9gmchtvr6scr8hseufm6\"" even though I'm using stripslashes(), which does not seems to remove those slashes at all. That's why my query is not working ... The code where that function is called it's pretty simple:

else if( strcmp( $action, "query" ) == 0 )
    {
        $session_id = stripslashes( $_POST['session_id'] );
        $data = getCustomer();
        update_session_id( $session_id );
        echo json_encode( $session_id );
    }

but I don't know why I'm getting those extra slashes on my string. Any thoughts? Update A query example:

"UPDATE session SET start=NOW() WHERE id='\"p9bb7t9gmchtvr6scr8hseufm6\"';"

Upvotes: 0

Views: 782

Answers (1)

Ja͢ck
Ja͢ck

Reputation: 173572

The correct code to generate the statement is:

$stmt = sprintf("UPDATE session SET start=NOW() WHERE id='%s'", 
    mysql_real_escape_string($session_id)
);

If you see double quotes in the resulting query, that means the double quotes were already there.

See also: PDO

Upvotes: 1

Related Questions