PHP $_SESSION variable between pages error- mySQL query

Question

I am trying to get the name of a certain '$_SESSION' variable into a SQL query from another PHP page, I keep on getting errors..

The scenario is, If i enter a review for a certain page, I want the name of that page to go into the database. (Refer to screenshot below) If i submit a review i want the name 'SEDGLEY PK...' etc stored in the database.

I get the following error message: (Click Picture to enlarge)

Below is the code of the page: (enter_review.php)

$value1 = $_POST['review'];
$value2 = $_SESSION['id'];
$value3 = $date = date("Y-m-d");
$value4 = $_POST['rating'];
$value5 = $_SESSION['SUBURB'];
try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $sql = "INSERT INTO dog_parks.reviews (review_text, username, date, rating, item)           
    VALUES ('$value1', '$value2', '$value3', '$value4', '$value5')";
    // use exec() because no results are returned
    $conn->exec($sql);
    echo "Review Successful";
    }
catch(PDOException $e)
    {
    echo $sql . "<br>" . $e->getMessage();
    }

$conn = null;


header( "refresh:20; url=index.php" );
?>

I suspect there is something not right at the $value5 variable...

Here is the code for the page that the review was entered on..

<?php
    if (isset($_GET['suburb']))
    {
         $_SESSION["SUBURB"] = $_GET['suburb']; ?>
         <!-- PRINTING DOG PARK NAME -->
            <h1><?php echo $_SESSION["SUBURB"]; ?></h1> 


            <table border="1" cellspacing="5" cellpadding="5" width="100%">
                <thead>
                    <tr>
                        <th>Park Name</th>
                        <th>Street</th>
                        <th>Suburb</th>
                        <th>Dog Park Area (m2)</th>
                    </tr>
                </thead>
                <tbody>
                <?php

                    $result = $conn->prepare("SELECT * FROM dog_parks.items where dog_park_name = $_SESSION[SUBURB]");
                    $result->execute();
                    for($i=0; $row = $result->fetch(); $i++){

                ?>

                    <tr>
                        <td><label><?php echo $row['Park_Name']; ?></label></td>
                        <td><label><?php echo $row['Street']; ?></label></td>
                        <td><label><?php echo $row['Suburb']; ?></label></td>
                        <td><label><?php echo $row['Dog_Park_Area_(m2)']; ?></label></td>

                    </tr>
                    <?php } ?>
                </tbody>
            </table>



            <?php
    }

Answer 1

PHP can't recognize $_SESSION['id'] due to the single quotes. So either use curly braces {} or take our the single quotes.

Answer 2

hello deluxenathan

SQL Error you are getting is because of quote in your session variable value $value5 = $_SESSION['SUBURB'];

if you will print/echo $value5/$_SESSION['SUBURB'] you will get actual text quoted like

'SEDGLEY PK DOG OFF LEASH AREA'

instead of

SEDGLEY PK DOG OFF LEASH AREA

quick solution is either remove quote from session variable $value5/$_SESSION['SUBURB'] or from query like

$sql = "INSERT INTO dog_parks.reviews (review_text, username, date, rating, item)
VALUES ('$value1', '$value2', '$value3', '$value4', $value5)";

Answer 3

I think that should be a string. Try this instead

 $sql = "INSERT INTO dog_parks.reviews (review_text, username, date, rating, item) VALUES (:review_text,:username,:date,:rating,:item)"; $conn->bindParam(':review_text', $value1, PDO::PARAM_STR); $conn->bindParam(':username', $value2, PDO::PARAM_STR); $conn->bindParam(':date', $value3, PDO::PARAM_STR); $conn->bindParam(':rating', $value4, PDO::PARAM_STR); $conn->bindParam(':item', $value5, PDO::PARAM_STR);