Can't insert open session id into MySQL Database

PHP
1

I’m trying to insert the session_id along with other values into a database table when the user signs up, however the session_id field always ends up blank in the database, which is very weird, because I’m starting the session correctly with session_start(), I’ve even used var_dump at the session_id and the string that I’m using to execute the query in order to see if the session id is in there, and it is. Another funny thing is that when I place any other string instead of the result generated from session_id() it is registered in the database, unless the string I’m trying to use is the result taken from the var_dump() on session_id(), which is very strange, because if I go to another browser and generate a different session id, copy and paste it there, it works, also if I use the same SQL statement directly into SQL command prompt or phpMyAdmin using the session_id() that I can’t insert with PHP, it works perfectly. I don’t know why but it’s not allowing me to insert the id of the current session via mysql_query. My code is the following:

$email = mysql_real_escape_string($_POST['signup_email']);
 $password = md5(mysql_real_escape_string($_POST['signup_password']));
 $origPassword = mysql_real_escape_string($_POST['signup_password']);
 $first_name = mysql_real_escape_string($_POST['first_name']);
 $last_name = mysql_real_escape_string($_POST['last_name']);
 $mobile_phone = mysql_real_escape_string($_POST['mobile_phone']);
 $sessionID = session_id();
 $fullName = mysql_real_escape_string($first_name." ".$last_name);
 var_dump($sessionID);

 //Inserting user info
 $q_user = "INSERT INTO
                minders (

                            name,
                            phone,
                            ssid,
                            insert_datetime,
                            status,
                            email,
                            password,
                            is_minder,
                            login_allowed
                        )
            VALUES
                        (

                            '{$fullName}',
                            '{$mobile_phone}',
                            '{$sessionID}',
                            now(),
                            'deactivated',
                            '{$email}',
                            '{$password}',
                            0,
                            1
                        )";

 var_dump($q_user);

 $r_user = mysql_query($q_user) or die(mysql_error());

I hope someone can help me with that. Thanks very much! Note: I know mysql_query is deprecated but isn’t feasible for me to change it.

2

Obvious question I know, but how much space have you allowed in the database column for the session ID? I don’t know if it would truncate or just fail to write if it overflowed, maybe that’s a config setting. I understand the length varies depending on config as well.

3

The field is a VARCHAR of length 120, and think that is enough.

4

Looking at some sample code around, do you need to call escape_string() on the sessionID? Other code seems to do that, but I cannot tell whether it needs to in the real world or whether it’s just covering all bases.

And yes, maximum session ID seems to be 40 characters, so your column is probably big enough.

5

Not changing away from mysql_* functions is not really an option, as soon as your host upgrades the server to a version where the mysql_* functions have been removed, your site will be well and truly broken. Have a read of this SitePoint article which explains about migrating over to PDO.

Double check that your using session_start() before this script is called

6

Well if the site is not owned or maintained by the op than it is the clients problem not the developers.

7

I’ve already tried to call escape_string(), I don’t think it is really needed, but I tried for safeness, but the problem remained.

8

Thanks, I’ll take a look at the article.