0

I have a small messaging system in which I am having a problem with sessions. The problem is that: I have inbox.php and view_inbox.php in which all the messages will be listed on inbox.php and when the user click on one of the messages it will show the message body on the second page.

Also I have a reply button on view_inbox.php to reply to the sender. if user1 sends message to user2 it works fine even with replying each other however when user3 sends a message and I try to reply to user3, it sends to user2 instead of user3.

As you can see below, I am using session to identify to which user to reply to and the problem is that it is inserting the old session(if I had replied to user2 and again try to reply to user3 it doesn;t work).

I can use $_GET variable to avoid this issue but I did not want to show the sender's name in the url. any ideas?

inbox.php

$stmt = $mydb->prepare("SELECT * FROM messages where to_user = ?  and deleted = '' order by id desc");
 $stmt->bind_param('s', $username->username);
 $stmt->execute();

 <?php 
 while ($row = $stmt->fetch_assoc()) {

 $_SESSION['sender'] = $row['from_user']; 

  echo"<a href='view_inbox?messageid=".$row['id']."'>".$row['from_user']."</a>";
?>

view_inbox.php this is just the reply part which is causing the prob.

 $to_user = $_SESSION['sender']; 
if (isset($_POST['replyto']))
 $reply = $_POST['reply'];  {
 if(!empty($reply)){
  $date = date('m-d-Y h:i:s');


$insert = $mydb->prepare("insert into `messages`(`to_user`, `from_user`, `message`, `date`) values(?,?,?,?)");
echo $mydb->error;
$insert->bind_param('ssss', $to_user, $username->username, $reply, $date);
$insert->execute();
}
Improve this question
1
  • In your first section of code, where does $max come from? Commented Sep 15, 2013 at 1:58

2 Answers 2

Reset to default
1

Don't forget to use session_start() before using any $_SESSION

The best way to debug your problem is to inject a print statement inside the loop where you assign the value to the SESSION. Check if your code truly reach to that part.

while(...) {
   echo "Reach here and value is " . $row['from_user'];
   $_SESSION['sender'] = $row['from_user']; 
   echo"<a href='view_inbox?messageid=".$row['id']."'>".$row['from_user']."</a>";
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This should have been a comment.
@amdvb He doesn't have a space between the second echo and its "
0

Inside inbox.php, the sender session variable keeps getting overwritten in the loop:

while ($row = $max->fetch_assoc()) {
    $_SESSION['sender'] = $row['from_user'];
}

If the last message in the inbox was from sender2, no matter which message you select, it will reply to sender2.

It would be better to let view_inbox.php determine the sender from the messageid parameter.

Improve this answer

3 Comments

so then I have to select the sender on the view_inbox from database?
@amdvb Yes, the sender comes with the message anyway, so I don't think you'll incur any additional overhead.
@amdvb You're welcome :) sessions typically solve problems of offline caches, but in this case there's no need to cache anything.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.