$_SESSION["id"] is always zero in the database

Question

I have been trying to solve this issue couldn't, tried reading from asked questions but couldn't get it. I started the session and required it in another page but when ever i want to use it to insert some text base on the current session id, it is always zero in the database. Please,explain to me, maybe i miss understood it. Thanks!

<?php
ob_start();

session_start();

if(isset($_SESSION['$user_id'])  && !empty($_SESSION['$user_id']))
{
 return true;
}   
else
     return false;
?>
include.php

<?php


include ("login._form.php");
require ("include.php");
require("require.php");

if ($_SERVER["REQUEST_METHOD"]== "POST")
{
 $username = mysqli_real_escape_string($link, $_POST["user"]);
 $password = mysqli_real_escape_string($link,$_POST["password"]);


 if(empty($username) || empty($password))
 {
    die();
 }

   $row = mysqli_query($link,"SELECT * FROM `users` WHERE username ='$username'");

   if($row === false)
   {
    echo "Query Error";
   }

  while($fetch = mysqli_fetch_array($row)){

      if($username == $fetch["username"] && $password == $fetch["password"])

      {
        $_SESSION["id"] = $id;
        header('Location:index.php');
      }
      else

        die("user does'n exist");

}   
mysqli_close($link);
}

login.php

?>

require("include.php");
include ("yd_sendpage_form.php");
require("require.php");

if ($_SERVER["REQUEST_METHOD"]== "POST")

{
    $user_id = $_SESSION["id"];

    $text = mysqli_real_escape_string($link,$_POST["text"]);

    if(empty($text))
    {
        die("Field Can't Be Empty!");
    }   

    $insert = mysqli_query($link,"INSERT INTO `text`(`id`, `user_id`, `text`) VALUES ('$user_id','$user_id','$text')");

}   





?>

yd_sendpage.php

just after this line `$user_id = $_SESSION["id"];`, add `var_dump($_SESSION["id"]);` and what does it give? if it returns `id` and not null, perhaps something to do with the `$insert = mysqli_query(..)` part.. — Bagus Tesa, Jan 11 '17 at 08:47
Avoid storing unhashed passwords in the database. See: `password_hash` and `password_verify`. — Progrock, Jan 11 '17 at 10:30
@Abdulsadeeq, so, `var_dump($_SESSION["id"]);` returns `NULL`? where did you set this `$_SESSION["id"]`? — Bagus Tesa, Jan 12 '17 at 02:52
@BagusTesa in include.php and i required it in the header of yd_sendpage.php. That's the full code. — Abdulsadeeq, Jan 12 '17 at 02:58

score 0 · Answer 1 · edited Jan 11 '17 at 08:57

0

Change

if(isset($_SESSION['$user_id'])  && !empty($_SESSION['$user_id']))

to

if(!empty($_SESSION['id']))

And don't forget about SQL injection, your code is vulnerable to it.
More information about SQL injection in your code

edited Jan 11 '17 at 08:57

Your Common Sense

152,517
33
193
313

answered Jan 11 '17 at 08:47

Blaatpraat

2,760
8
21

This is only part of the problem. The OPs file include.php, reads like an is_logged_in function, but is just left dangling there. – Progrock Jan 11 '17 at 10:32
@Blaatpraat, i used var_dump($_SESSION["id"]) is giving me NULL field can't be empty. – Abdulsadeeq Jan 12 '17 at 03:02

score 0 · Accepted Answer · answered Jan 14 '17 at 08:02

0

$_SESSION["id"] was not set, so i changed $_SESSION["id"] to $_SESSION["user"] = $username in the login.php and other pages to $_SESSION["user"] and that works. Thanks!

answered Jan 14 '17 at 08:02

Abdulsadeeq

1
5

$_SESSION["id"] is always zero in the database

2 Answers2