I'm making an app that creates a profile for a sports team. What i need it to do when im adding the team info is that the currently logged in user's ID is added to the team_info table which is as :
create table team_info(
team_id int NOT NULL AUTO_INCREMENT,
name varchar(255) NOT NULL,
sport varchar(255) NOT NULL,
country varchar(255) NOT NULL,
city_town varchar(255) NOT NULL,
age_profile varchar(255) NOT NULL,
user_id varchar(255) NOT NULL,
PRIMARY KEY (team_id),
FOREIGN KEY (user_id) REFERENCES user_info(user_id)
);
the form is:
<?php $userId = $_SESSION['user_id']; ?>
<div id="main">
<form action="index.php" method="post" id="add_team_form">
<input type="hidden" name="action" value="add_team"/>
<h2>Create New Team</h2>
<label>Team Name:</label>
<input type="text" name="name" />
<br /><br />
<label>Sport:</label>
<input type="text" name="sport" />
<br /><br />
<label>Country:</label>
<input type="text" name="country" />
<br /><br />
<label>City/Town:</label>
<input type="text" name="city_town" />
<br /><br />
<label>Age Profile:</label>
<input type="text" name="age_profile" />
<br /><br />
<input type="submit" value="Create" />
<input type="hidden" name="user_id" value="<?php echo $userId ?>" />
</form>
</div>
and heres the login_exec.php :
<?php
//Start session
session_start();
//Include database connection details
require_once('model/connection.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$email = clean($_POST['email']);
$password = clean($_POST['password']);
$usertype = $_GET['user_type_id'];
//Input Validations
if ($email == '') {
$errmsg_arr[] = 'Email missing';
$errflag = true;
}
if ($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if ($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
//Create query
$qry1 = "SELECT * FROM user_info WHERE email='$email' AND password='$password' AND user_type_id = '1'";
$result1 = mysql_query($qry1);
$qry2 = "SELECT * FROM user_info WHERE email='$email' AND password='$password' AND user_type_id = '2'";
$result2 = mysql_query($qry2);
//Check whether the query was successful or not
if (mysql_num_rows($result1) == 1) {
//Login Successful
session_regenerate_id();
$user_info = mysql_fetch_assoc($result1);
$_SESSION['SESS_USER_ID'] = $user_info['user_id'];
$_SESSION['SESS_FIRST_NAME'] = $user_info['email'];
$_SESSION['SESS_LAST_NAME'] = $user_info['password'];
$_SESSION['SESS_USER_TYPE'] = $user_info['user_type_id'];
session_write_close();
header("location: userPage.php");
exit();
} else if (mysql_num_rows($result2) == 1) {
//Login Successful
session_regenerate_id();
$user_info = mysql_fetch_assoc($result2);
$_SESSION['SESS_USER_ID'] = $user_info['user_id'];
$_SESSION['SESS_FIRST_NAME'] = $user_info['email'];
$_SESSION['SESS_LAST_NAME'] = $user_info['password'];
$_SESSION['SESS_USER_TYPE'] = $user_info['user_type_id'];
session_write_close();
header("location: playerPage.php");
exit();
} else {
//Login failed
$errmsg_arr[] = 'email and password not found';
$errflag = true;
if ($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
}
?>
SOLUTION
I found the solution, i had to add session_start() to my form file to access the session data.
Here's the full code:
<?php session_start(); ?>
<div id="main">
<form action="index.php" method="post" id="add_team_form">
<input type="hidden" name="action" value="add_team"/>
<h2>Create New Team</h2>
<label>Team Name:</label>
<input type="text" name="name" />
<br /><br />
<label>Sport:</label>
<input type="text" name="sport" />
<br /><br />
<label>Country:</label>
<input type="text" name="country" />
<br /><br />
<label>City/Town:</label>
<input type="text" name="city_town" />
<br /><br />
<label>Age Profile:</label>
<input type="text" name="age_profile" />
<br /><br />
<input type="submit" value="Create" />
<input type="hidden" name="user_id" value='<?php echo $_SESSION['SESS_USER_ID'] ?>' />
</form>
</div>