$InnerJoinQuery = $STD->query("
SELECT Users.ID, Users.Username, Users.Password, UserInformation.LastName, UserInformation.Firstname, UserInformation.DOB
FROM Users AS Users
INNER JOIN UserInformation AS UserInformation
ON Users.ID = UserInformation.UserID WHERE Users.Username=".$_SESSION['real_name']."");
$InnerJoinArray = $InnerJoinQuery->fetch_array(MYSQLI_ASSOC);
My Above code is causing an error. It works up to the point of my WHERE Clause.
WHERE Users.Username=".$_SESSION['real_name']."
How can i Impliment this into my innerjoin?
Update:
$InnerJoinQuery = $STD->query("
SELECT Users.ID, Users.Username, Users.Password, UserInformation.LastName, UserInformation.Firstname, UserInformation.DOB
FROM Users
INNER JOIN UserInformation
ON Users.ID = UserInformation.UserID WHERE Users.Username = '".$_SESSION['real_name']."'");
$InnerJoinArray = $InnerJoinQuery->fetch_array(MYSQLI_ASSOC);
$_SESSION['UID'] = $InnerJoinArray['ID'];
$_SESSION['Password'] = $InnerJoinArray['Password'];
$_SESSION['Firstname'] = $InnerJoinArray['Firstname'];
$_SESSION['LastName'] = $InnerJoinArray['LastName'];
$_SESSION['DOB'] = $InnerJoinArray['DOB'];
print_r($_SESSION);
This returns:
Array ( [real_name] => inhumaneslayer [Password] => [UID] => [Firstname] => [LastName] => [DOB] => )
Which is not expected.
When I change my Query To:
$InnerJoinQuery = $STD->query("
SELECT Users.ID, Users.Username, Users.Password, UserInformation.LastName, UserInformation.Firstname, UserInformation.DOB
FROM Users
INNER JOIN UserInformation
ON Users.ID = UserInformation.UserID WHERE Users.Username = 'inhumaneslayer'");
I get the expected result:
Array ( [real_name] => inhumaneslayer [Password] => PASSWORDHIDDEN [UID] => 5 [Firstname] => xx [LastName] => xx [DOB] => DOBHIDDEN )
Which is expected.
I am unsetting session by unset($_SESSION); prior to changing the SQL
You have to enclose the string in quotes:
... Users.Username='".$_SESSION['real_name']."'")
Also - you need to escape the variable properly. How exactly you would do that - depends on the DB library you use. In your case it's http://php.net/manual/en/mysqli.real-escape-string.php
... Users.Username='". $STD->real_escape_string($_SESSION['real_name']) ."'")
But better - learn how to use prepared statements http://php.net/manual/en/mysqli.prepare.php
$stmt = $STD->query("
SELECT Users.ID, Users.Username, Users.Password, UserInformation.LastName, UserInformation.Firstname, UserInformation.DOB
FROM Users AS Users
INNER JOIN UserInformation AS UserInformation
ON Users.ID = UserInformation.UserID WHERE Users.Username=?");
$stmt->bind_param("s", $_SESSION['real_name']);
$stmt->execute();
$result = $stmt->get_result();
$InnerJoinArray = $result->fetch_array();
you're forgetting the (single/double) quote around your string (you are looking for a string, not integer?)
Try: ".... WHERE Users.Username='".$_SESSION['real_name']."'")
otherwise, the way you had it, it would search for
WHERE Users.Username=some_string (instead of Users.Username='some_string')which will return an error since some_string is a string and it needs to be wrapped in quotes
If still no results:
try putting your query in a variable $query = "SELECT Users .....";
Then echo $query and see what your $_SESSION variable is actually producing. Without knowing that, there's not much more I can do to help.