im new in php and sql please help me find away to insert a username into sql when click the logout.
heres my code:
<?php
include('includes/mysql_connect.php');
if(isset($_POST['submit'])){
$query = mysql_query("select users from username where username = '".$_SESSION['username']."'");
mysql_query($query);
$insert_log="INSERT INTO activity_logout(username, details) VALUES('$query','Succesfully Logout!')";
mysql_query($insert_log);
}
session_start();
session_destroy();
header("location:index.php");
?>
Try this,
<?php
include('includes/mysql_connect.php');
if(isset($_POST['submit'])){
$insert_log="INSERT INTO activity_logout(username, details) VALUES($_SESSION['username'],'Succesfully Logout!')";
mysql_query($insert_log);
}
session_destroy();
header("location:index.php");
?>
Please use
session_start();
at the start, after your "login" code. Also, you should use some common file which will handle your includes files. Please refer enter link description here
You don't need to do the SELECT because you already have the username, and you should be checking for the $_SESSION['username'] not if a Submit button is set.
And your open to SQL injection for usernames that are actually SQL query's, or at minimum a username with a ' in it will break your query.
<?php
session_start();
include('includes/mysql_connect.php');
if(!empty($_SESSION['username'])){
mysql_query('INSERT INTO activity_logout
(username, details)
VALUES ("'.mysql_real_escape_string($_SESSION['username']).'",
"Succesfully Logout!")');
}
session_destroy();
exit(header("location: ./index.php"));
?>
Obligatory suggestion, Don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.