fetch id from session and store into a different table

Question

I have made a user login-logout form using sessions. The code that i am using for session is

retailer_login_session.php

<?php
$connection = mysqli_connect("as.com", "as", "as");
$db = mysqli_select_db("as", $connection);
session_start();
$user_check=$_SESSION['login_user'];

$ses_sql=mysqli_query("select * from retailer_signup where id='$user_check'", $connection);

$row = mysqli_fetch_assoc($ses_sql);

$login_session =$row['id'];
$user_firstname = $row['firstname'];
$user_lastname = $row['lastname'];

if(!isset($login_session)){
mysqli_close($connection); 
header('Location: index.html'); 
}
?>

Eg of able for retailer_signup is

id  firstname    lastname    email                password
1   f.retailer   l.retailer  retailer@gmail.com   retailer

the home page of the user needs to display a list of items from a table named retailer_add_property. Along with the list i wish to display the id of the retailer on the users' home page and further save it to the database

Eg of table for retailer_add_property is

id  propertyname  propertytype  retailerid
1   n.property    t.property   

Code that i have used to display id on the user's profile page is

<div class="form-group">
    <label class="col-lg-3 control-label">Retailer Unique ID:</label>
        <? echo $login_session;?>
</div>

The php code that helps in inserting the values of form in the database at back end is

<?php
include('retailer_login_session.php');

$con=mysqli_connect("ab.com","ab","ab","ab");
// Check connection
if (mysqli_connect_errno()) 
    {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

// escape variables for security
$propertyname = mysqli_real_escape_string($con, $_POST['propertyname']);
$propertytype = mysqli_real_escape_string($con, $_POST['propertytype']);

$sql="INSERT INTO retailer_add_property(propertyname,propertytype,retailerid) VALUES ('$propertyname','$propertytype','$login_session')";

if (!mysqli_query($con,$sql)) 
    {
        die('Error: ' . mysqli_error($con));
    }

header("Location: index.html");
mysqli_close($con);
?>

My problem is that the value of the id is neither getting displayed nor being stored in the database. Would appreciate some help regarding the problem

Answer 1

Firstly, you will need to omit include('retailer_login_session.php'); from your second body of code and use a standard include for only the DB if you really want to do an include.

In your first body of code $user_check=$_SESSION['login_user']; is empty because nothing has been assigned to $_SESSION['login_user'] so it's just sitting there in limbo.

I take it that you want to use a form for someone to log into.

You first need to assign a POST variable from an input, then assign that to a session variable, then use that session variable and assign that to a variable; I know it may sound a bit confusing, but that's how it's done.

You then need to loop over your table using a while loop and assign a variable to the row you wish to use.

Base yourself on the following model, and see the comments throughout the code. I'm here to teach you and not spoonfeed you with code, it's a good way to "learn".

File 1)

<?php 
session_start();

$DB_HOST = "xxx"; // replace with yours
$DB_NAME = "xxx"; // ...
$DB_USER = "xxx"; // ...
$DB_PASS = "xxx"; // ...

$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
  die('Connection failed [' . $conn->connect_error . ']');
}

// $_POST['propertyname'] = 12345; // for testing purposes only
$var = $_POST['propertyname'];
$_SESSION['login_user'] = $var;
$user_check= $_SESSION['login_user'];

$ses_sql=mysqli_query($conn,"select * from your_table where column_name='$user_check'");

    while($row = mysqli_fetch_assoc($ses_sql)){

    $login_session = $row['column_name']; // this matches the WHERE clause
    $user_firstname = $row['firstname'];
    $user_lastname = $row['lastname'];

    echo $login_session; // for testing purposes
    }

if(isset($_SESSION['login_user'])){
    echo $user_check; // will echo from entered POST

$login_session = $user_check;
    echo "<br>";
    echo $login_session; // will echo same from entered POST. Test
}

// var_dump($_SESSION); // tool to check what is in memory for session

File 2)

<?php 
session_start();

$DB_HOST = "xxx"; // replace with yours
$DB_NAME = "xxx"; // ...
$DB_USER = "xxx"; // ...
$DB_PASS = "xxx"; // ...

$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
  die('Connection failed [' . $conn->connect_error . ']');
}

if(isset($_SESSION['login_user'])){

$login_session = $_SESSION['login_user'];
echo $login_session;  // for testing purposes

$sql="INSERT INTO your_table (the_column) VALUES ('$login_session')"; // keep $login_session

if (!mysqli_query($conn,$sql)) 
    {
        die('Error: ' . mysqli_error($conn));
    }

}

// var_dump($_SESSION); // tool to check what is in memory for session

---

Sidenote:

These lines of code are incorrect, just so you know, which are in the first body of code.

$db = mysqli_select_db("as", $connection);
$ses_sql=mysqli_query("select * from retailer_signup where id='$user_check'", $connection);

DB connection comes first when using mysqli_

For example:

$db = mysqli_select_db($connection,"as");
$ses_sql=mysqli_query($connection,"select * from retailer_signup where id='$user_check'");

---

For a safer method: (read up on those, they're worth it).

Use mysqli_ with prepared statements, or PDO with prepared statements.

---

If you have any problems, use error reporting.

Placing this at the top of every file:

error_reporting(E_ALL);
ini_set('display_errors', 1);

as well as or die(mysqli_error($conn)) to mysqli_query()

It will help in troubleshooting/debugging.

Answer 2

save that id in session

$login_session =$row['id'];

store in session

$_SESSION['login_session'] =$row['id'];

AND INSERT IT LIKE THAT

$sql="INSERT INTO retailer_add_property(propertyname,propertytype,retailerid) VALUES ('$propertyname','$propertytype','".$_SESSION['login_session']."')";

and dont forget to start session on every page where you wish to use session variables