I want to use session's name in my sql query. I dont know how to compare values in sql query using session. And is it safe to compare session's value in sql query. I am getting this error-
( ! ) Parse error: syntax error, unexpected T_VARIABLE in ****www\1lab\my-status.php on line 53
At top of htmlpage-:
session_start();
if(!isset($_SESSION['check']) or ($_SESSION['check'])!=='*****' or !isset($_SESSION['uname']) )
{
header('location:index.php');
}
in between html page-:
include 'config.php';
$list="select * from books where b_issued = "$_SESSION['uname']"";
$data=mysqli_query($con,$list);
while($info = mysqli_fetch_array($data))
{
echo $info['b_name']."<br><br>";
}
You forgot the concatenate operator
$list="select * from `books` where `b_issued` = ".$_SESSION['uname'];
// ^------ Here
Change your line 53 from:
$list="select * from books where b_issued = "$_SESSION['uname']"";
to:
$list="select * from books where b_issued = " . $_SESSION['uname'];
Your problem is caused by not concatenating 2 strings. Instead you just stick one after the other and PHP has no idea what to do with the variable ($_SESSION) right after a string. Should it get rid of it? concatenate it? It just doesn't know, unless you tell it (eg. by using the dot, which is the concatenation operators
The proper syntax for line 53 should be :
$list="select * from `books` where `b_issued` = '".$_SESSION['uname']."'";
Hope session value for 'uname' is a string.
Correct your this line, there is concatenation error.
$list="select * from books where b_issued = ".$_SESSION['uname'];
OR you can do it like this, take your $_SESSION['uname'] in a variable and pass it to the query.
$username = $_SESSION['uname'];
$list="select * from books where b_issued = $username";
As has been said before, you need to use the concatenate operator to tell php to 'add' this session variable to the SQL query. Alternatively, you can use prepared statements which are far better in terms of security. Also, you should escape anything that interacts with your database, even if it originates from the database!
$list="select * from books where b_issued = ?";
$uname = htmlentities($_SESSION['uname']);
$stmt = $con->prepare($list);
$stmt->bind_param('s', $uname);
$stmt->execute();
$res = $stmt->get_result();
while ($row = $res->fetch_array(MYSQLI_ASSOC))
{
echo $row['b_name']."<br><br>";
};
it works with $list="select * from books where b_issued = '{$_SESSION['uname']}'";
try below code.and make sure that * you have passed as session argument are same as you have set anywhere.For example,if you have set 5 * then use 5 * in session argument and then try below code.
session_start();
if(!isset($_SESSION['check']) or $_SESSION['check']!='*****' or !isset($_SESSION['uname']))
{
header('location:index.php');
}
include 'config.php';
$list="select * from books where b_issued = '".$_SESSION['uname']."'";
$data=mysqli_query($con,$list);
while($info = mysqli_fetch_array($data))
{
echo $info['b_name']."<br><br>";
}