1

I am trying to create posts with a userid = to the currently logged in users id. On page 1 I use $_SESSION to set a variable

$_SESSION['Userid'] = $row_getUserStuff['userid'];

I can call $_SESSION['Userid'] on both page 1 and page 2 with

echo($_SESSION['Userid']);

which outputs the users id, my problem is when I try to push that data to the database. In the form I put

<input type="hidden" name="userid" value="<?php $_SESSION['Userid']?>" />

But when I try to post it I get the error

Column 'userid' cannot be null

Improve this question
1
  • Stating the obvious, but have you checked whether the value is empty? Check it by viewing the HTML source and seeing what is written in the value field. Commented Mar 26, 2012 at 16:37

4 Answers 4

Reset to default
7

Don't put the session data in the form. It is pointless for the browser to have to send the server something the server already knows, and anyone can change it in an injection attack.

Instead, just access $_SESSION['Userid'] when inserting the value into the database.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

+1 Awesome answer I would've never thought of it but soo true.
Thanks, between this and JKirchartz's post I fixed it. I'm really new to PHP so his was easier to understand.
1

try this:

<input type="hidden" name="userid" value="<?php echo $_SESSION['Userid']?>" />

You're not actually telling PHP to output the session variable, you're just referring to it. But since it's a session variable, it doesn't need to be in the form at all, I assume there's a $_POST['userid'] somewhere in your code to handle the form, just replace that with $_SESSION['Userid'].

Improve this answer

Comments

0

try

<input type="hidden" name="userid" value="<?php echo $_SESSION['Userid']; ?>" />

I added the echo statement and the ; so that no php error will be generated and the $_SESSION['Userid'] is properly sent to the browser.

Improve this answer

Comments

0

Replace this line:

<input type="hidden" name="userid" value="<?php $_SESSION['Userid']?>" />

to

<input type="hidden" name="userid" value="<?php echo $_SESSION['Userid']?>" />
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.