Session Variable working in echo but not working in SQL query
Question
I want to pass the value of login.php variables $user_key & $user_id to another file statusdata.php for which I have used session. In statusdata.php I want to use those session variable value in sql query of statusdata.php file.
To achieve this in login.php I pass the value of variable $user_key & $user_id to session variable $_SESSION["key"] & $_SESSION["id"] respectively then in statusdata.php I call session variable and pass their value in variable $user_key & $user_id of statusdata.php
Now the problem is when using the variable $user_key & $user_id in SQL query it is not returning proper output but using the same variable in echo it is giving proper value mean session is working fine when I echo the variable but not working in SQL. I have also tried passing the session variable directly but the same thing is happening to work in echo but not in SQL.
login.php
<?php
// Start the session
session_start();
require "conn.php";
$user_key = '8C9333343C6C4222418EDB1D7C9F84D051610526085960A1732C7C3D763FFF64EC7F5220998434C896DDA243AE777D0FB213F36B9B19F7E4A244D5C993B8DFED';
$user_id = '1997';
$mysql_qry = "select * from applications where application_key = '".$user_key."' and application_id like '".$user_id."';";
$result = mysqli_query($conn, $mysql_qry);
if (mysqli_num_rows($result) > 0){
$_SESSION["key"] = ".$user_key.";
$_SESSION["id"] = ".$user_id.";
echo "Login Success";
}
else {
echo "Login Not Success";
}
?>
statusdata.php
<?php
// Start the session
session_start();
require "conn.php";
$user_key = "-1";
if (isset($_SESSION["key"])) {
$user_key = $_SESSION["key"];
}
$user_id = "-1";
if (isset($_SESSION["id"])) {
$user_id = $_SESSION["id"];
}
//creating a query
$stmt = $conn->prepare("SELECT applications.application_id, applications.applicant_name, applications.applicant_aadhaar, applications.applicant_phone, applications.subject, applications.date, applications.description, applications.chairperson_remark, applications.status, officer_accounts.name_of_officer, applications.officer_remark, applications.last_update_on
FROM applications INNER JOIN officer_accounts ON applications.account_id = officer_accounts.account_id
WHERE applications.application_id = '".$user_id."' AND applications.application_key = '".$user_key."';");
//executing the query
$stmt->execute();
//binding results to the query
$stmt->bind_result($id, $name, $aadhaar, $phone, $subject, $date, $description, $chairperson, $status, $officername, $officerremark, $lastupdate);
$applications = array();
//traversing through all the result
while($stmt->fetch()){
$temp = array();
$temp['applications.application_id'] = $id;
$temp['applications.applicant_name'] = $name;
$temp['applications.applicant_aadhaar'] = $aadhaar;
$temp['applications.applicant_phone'] = $phone;
$temp['applications.subject'] = $subject;
$temp['applications.date'] = $date;
$temp['applications.description'] = $description;
$temp['applications.chairperson_remark'] = $chairperson;
$temp['applications.status'] = $status;
$temp['officer_accounts.name_of_officer'] = $officername;
$temp['applications.officer_remark'] = $officerremark;
$temp['applications.last_update_on'] = $lastupdate;
array_push($applications, $temp);
}
//displaying the result in json format
echo json_encode($applications);
// Echo session variables that were set on previous page
echo "<br>key is " . $user_key . ".<br>";
echo "id is " . $user_id . ".";
?>
Output login.php
Login Success
Output statusdata.php
[]
key is .8C9333343C6C4222418EDB1D7C9F84D051610526085960A1732C7C3D763FFF64EC7F5220998434C896DDA243AE777D0FB213F36B9B19F7E4A244D5C993B8DFED..
id is .1997..
output I want from statusdata.php (I am getting it if I use direct value in variable $user_key & $user_id not session variable from login.php)
[{"applications.application_id":1997,"applications.applicant_name":"Tanishq","applications.applicant_aadhaar":"987654321","applications.applicant_phone":"123456789","applications.subject":"asdnjsnadnksncdnsjnvsavasdnjsnadnksncdnsjnvsav","applications.date":"2018-07-02 09:11:47","applications.description":"asdnjsnadnksncdnsjnvsavasdnjsnadnksncdnsjnvsavasdnjsnadnksncdnsjnvsavasdnjsnadnksncdnsjnvsavasdnjsnadnksncdnsjnvsav","applications.chairperson_remark":"asdnjsnadnksncdnsjnvsavasdnjsnadnksncdnsjnvsav","applications.status":1,"officer_accounts.name_of_officer":"Chayan Bansal","applications.officer_remark":"asdnjsnadnksncdnsjnvsavasdnjsnadnksncdnsjnvsav","applications.last_update_on":"2018-07-22 09:14:25"}]
key is 8C9333343C6C4222418EDB1D7C9F84D051610526085960A1732C7C3D763FFF64EC7F5220998434C896DDA243AE777D0FB213F36B9B19F7E4A244D5C993B8DFED.
id is 1997.
NOTE : I am taking the output of statusdata.php SQL query in JSON format as in the end I am extracting it in android.
Please help me I have tried everything which other similar questions are suggesting but nothing helps
1 answers
solution1
0 ACCPTED 2018-07-23 12:47:05
Looks more like a typo situation. You have this in login.php :
$_SESSION["key"] = ".$user_key.";
$_SESSION["id"] = ".$user_id.";
Which is tainting your original values... by adding needless dots around them. Clean that up by simply assigning as so:
$_SESSION["key"] = $user_key;
$_SESSION["id"] = $user_id;
And it should begin working better.
Side note, you are using prepare , but not using bind_param . Change your SQL prepare to the following (note the ? placeholders), and add bind_param :
$stmt = $conn->prepare("SELECT applications.application_id, applications.applicant_name, applications.applicant_aadhaar, applications.applicant_phone, applications.subject, applications.date, applications.description, applications.chairperson_remark, applications.status, officer_accounts.name_of_officer, applications.officer_remark, applications.last_update_on
FROM applications INNER JOIN officer_accounts ON applications.account_id = officer_accounts.account_id
WHERE applications.application_id = ? AND applications.application_key = ?;");
$stmt->bind_param('ss',$user_id,$user_key);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.