Well you will want to use a Session regardless, you really don’t want to pass UserID via a querystring or have it manually entered, that logically doesn’t make any sense.
In short, after you authenticate the user in your index.php, write their user id to a session variable
$_SESSION['userID'] = $userID; // replace $userID with the field that contains it
Make sure you have session_start(); at the top of your PHP files or at least the ones that will be reading from the session variable.
Then when you need to read the userID later on (such as in new_thread.php or whatever it is called, you simply use $_SESSION[‘userID’]
I tired what you said about the session stuff but its coming up with ERROR’s currently my coding looks like this i cant get it to work:
index.php
<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">
<?php
$mysqli = mysqli_connect("localhost","root","","forum");
$query = "select * from users where username = '$_POST[username]' and password = '$_POST[password]'";
$result = mysqli_query($mysqli,$query);
$_SESSION['userID'] = $userID;
if (mysqli_num_rows($result) == 0)
{
echo "User Not Found";
include "index.html";
}
else
{
echo "<h3>User Logged in</h3>";
include "threads.php";
}
mysqli_close($mysqli);
?>
new_threads.php
<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">
<?php
session_start();
// connect to database
$mysqli = mysqli_connect("localhost", "root","","forum");
// php string query insert into table
$myquery = "insert into threads
values ('','{$_SESSION['userID']}','{$_POST['title']}','{$_POST['date']}'}";
// function which runs the myquery string
$result = mysqli_query($mysqli,$myquery);
// if's statments for inerting data into table
If ($result==true)
{
echo "New Thread Added";
include "threads.php";
}
else
{
echo "Corrupt Thread";
include "threads.php";
}
// close connection with database
mysqli_close ($mysqli);
?>
threads.php
<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">
<p>
Welcome to the threads Page!!!!!!!!!
</p>
To start a new thread fill in the details and...
<form name "input" action="new_threads.php?userId=<?php echo $userId; ?>" method="post"></p>
<input type="hidden" name="user_Id" size="25" value="<?php echo $userId; ?>"><br>
<input type="text" name="title" size="25" value="Topic Name"><br>
<input type="text" name="date" size="25" value="Topic Date"><br>
<p><input type="submit" value="Submit"></p>
</form>
<form name "input" action="index.html" method="post"></p>
<p><input type="submit" value="Back"></p>
</form>
<p>Click the "Submit" button to create a thread.</p>
<?php
$mysqli = mysqli_connect("localhost", "root","","forum");
$myquery = "select * from `threads`";
$result = mysqli_query($mysqli,$myquery);
echo "<table>";
while($record = mysqli_fetch_array($result,MYSQL_ASSOC))
{
$threadID = $record["threadID"];
$user_ID = $record["user_ID"];
$title = $record["title"];
$date = $record["date"];
echo "<tr>";
echo "<td>";
echo $threadID;
echo "</td>";
echo "<td>";
echo $user_ID;
echo "</td>";
echo "<td>";
echo "<a href=\\"posts.php?threadId=" . $threadID . "\\">$title</a>";
echo "</td>";
echo "<td>";
echo $date ;
echo "</td>";
echo "</tr>";
}
echo "</table>";
?>
What errors are you receiving? Don’t forget to use my last tip (putting session_start(); at the top of each page that needs to use $_SESSION[‘userID’]).
oki its working a bit better but in new_threads.php its not putting the new topic through can you check my code there something wrong with the query syntax:
<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">
<?php
session_start();
// connect to database
$mysqli = mysqli_connect("localhost", "root","","forum");
// php string query insert into table
$myquery = "insert into threads
values ('','{$_SESSION['userID']}','{$_POST['title']}','{$_POST['date']}'}";
// function which runs the myquery string
$result = mysqli_query($mysqli,$myquery);
// if's statments for inerting data into table
If ($result==true)
{
echo "New Thread Added";
include "threads.php";
}
else
{
echo "Corrupt Thread";
include "threads.php";
}
// close connection with database
mysqli_close ($mysqli);
?>
First thing to do is add var_dump($_POST,$_SESSION); above your $myquery statement. See what it outputs, as one or several of those values are not matching your code.
its not putting the thread through because of the userID from users table isnt being automatically entered into the query compared to manually inputting it in.
Yh i have the session_start(); at the top but still not working:
index.php
<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">
<?php
session_start();
$mysqli = mysqli_connect("localhost","root","","forum");
$query = "select * from users where username = '$_POST[username]' and password = '$_POST[password]'";
$result = mysqli_query($mysqli,$query);
$_SESSION['userID'] = $_POST['username'];
if (mysqli_num_rows($result) == 0)
{
echo "User Not Found";
include "index.html";
}
else
{
echo "<h3>User Logged in</h3>";
include "threads.php";
}
mysqli_close($mysqli);
?>
All thats happening is that in index.php its getting the username and password from my index.html via the
'$_POST[username]' and password = '$_POST[password]'"
and then if the post super globals matchs whats in the users table in mysql then it will display user logged in otherwise user not found which is what this piece of code does.
$_SESSION['userID'] = $_POST['username'];
if (mysqli_num_rows($result) == 0)
{
echo "User Not Found";
include "index.html";
}
else
{
echo "<h3>User Logged in</h3>";
include "threads.php";
}
I need the session to store the userID not the username so i was think like you said before have it as
$_SESSION['userID'] = $userID;
so then have another query which would be something like
$username = '$_POST[username]'
$password = '$_POST[password]'
$userID = "select 'users'.userID from users where userID = $username AND $password";
<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">
<?php
session_start();
$mysqli = mysqli_connect("localhost","root","","forum");
$query = "select userID from users where username = '$_POST[username]' and password = '$_POST[password]'"; // updated this line
$result = mysqli_query($mysqli,$query);
if (mysqli_num_rows($result) == 0)
{
echo "User Not Found";
include "index.html";
}
else
{
$row = mysqli_fetch_array($result); // added this line
$_SESSION['userID'] = $row['userID']; // added this line
echo "<h3>User Logged in</h3>";
include "threads.php";
}
mysqli_close($mysqli);
?>
From what I can tell, you should be able to use $_SESSION[‘userID’] instead of $_POST[‘userID’], as if that var_dump() is the $_POST, $_SESSION data, then the session has the userID.
For whatever reason, your threads.php isn’t able to get the $_SESSION data by itself, but your new_thread.php can. My guess is threads.php doesn’t have session_start();
Does it insert the new thread? The reason you are getting that warning is your new_threads.php has session_start() and then does an include ‘threads.php’ which is including a second session_start().
Since you removed the hidden field for userID on threads.php, you can likely remove the session_start() from threads.php as well, as the only page that would need it is, index.php and new_threads.php
oki ive done that just for testing ive removed include thread.php for testing and the code does work however its not echoing new thread added so its not inputing the data into the threads table