Entering session variables into database of logged in user and linking tables to get username id

Question

I am pretty new to php but have a pretty basic understanding of it. I have just figured out how to create a session. Once a customer finishes an order I am trying to get basic information of the order into the "order table" of database for that specific logged in username. I have 2 tables in this database.

Customers: which has 4 columns. id | username | password | url

Orders: has 4 columns. id | address | user_id | cost |

How to I write a query that gets the logged in users ID from "customers" and INSERTS that id along with the session variables into the "orders" table? Hopefully someone can help!

<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
 die("Connection failed: " . mysqli_connect_error());
}

mysqli_query($con,"INSERT INTO orders (address, user_id) VALUES $name WHERE id = " . 
$_SESSION['username']['id']);
mysqli_close($con);
?>

After trying to figure it out from tutorials and such this is the best I could come up with but I couldn't find anything that showed how to grab the id from the logged in user and insert into another table along with session variable data. Please help?

EDIT Not sure if this is the start of the problem but I need to know how to start a session defining what the logged in users id is in the first place. Is there a way to define the id into the existing session after login is validated? Here is the login script.

<?php
//Start session
session_start();


//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

// Connects to your Database 
mysql_connect("localhost", "xxx", "xxx") or 
die(mysql_error()); 

//Select database
$db = mysql_select_db("mydatabase");
if(!$db) {
    die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
    $str = @trim($str);
    if(get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);

//Input Validations
if($login == '') {
    $errmsg_arr[] = 'Login ID missing';
    $errflag = true;
}
if($password == '') {
    $errmsg_arr[] = 'Password missing';
    $errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: login-form.php");
    exit();
}

//Create query
$qry="SELECT * FROM customers WHERE login='$login' AND password='".($_POST['password'])."'";
$result=mysql_query($qry);



//Check whether the query was successful or not
if($result) {
    if(mysql_num_rows($result) == 1) {
        $_SESSION['login'] = $_POST['login'];

        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_ID'] = $member['id'];
        $_SESSION['SESS_login'] = $member['login'];
        $_SESSION['SESS_password'] = $member['password'];
        session_write_close();


        header("location: fullreport100_member_checkout.php");
        exit(); 
    }else {
        //Login failed
        header("location: login-failed.php");
        exit();
    }
}else {
    die("Query failed");
}
?>

Answer 1

Correct syntax for INSERT:

   INSERT INTO table_name (column1,column2,column3,...)
     VALUES (value1,value2,value3,...);

Therefor when you insert, you need to you need to do something like this:

$address = 'address 1';
$user_id = 5;
mysqli_query($con,"INSERT INTO orders (address, user_id) VALUES ('". $address . "', " . $user_id . ")"); 

I am also not use if this is correct syntax (I never used it) : $_SESSION['username']['id'] (I assume this is multi-dim array in session)

If you have classed defined, you need to use $_SESSION['username']->id