Issue with sending $_SESSION with $_POST

Question

I have a function that updates a row in a table, the query works when I hard coded the email value, but when I want to send the value as $_SESSION nothing happens in the row, and I won't get any errors either.

My working query is:

function profile_name($profile_name){
    $profile_name = mysql_real_escape_string(htmlentities($profile_name)); 
    mysql_query("UPDATE user SET user_name = '{$profile_name}' WHERE user_email = '[email protected]' ");
}

When I send the [email protected] as session with the following code:

(isset($_POST['profile'], $_POST["{$_SESSION['email']}"])){ } 
 function profile_name($profile_name, $email){
    $profile_name = mysql_real_escape_string(htmlentities($profile_name)); 
        mysql_query("UPDATE user SET user_name = '{$profile_name}' WHERE user_email = '{$email}' ");
    }

nothing happens.

If I echo out the session $_SESSION['email'] it prints [email protected]

[Please, don't use `mysql_*` functions](http://stackoverflow.com/q/12859942/1190388) in new code. They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the red box? Learn about prepared statements instead, and use [tag:PDO] or [tag:MySQLi]. — hjpotter92, Apr 12 '13 at 11:49
Is your function even getting called? Did you check? What does session have anything to do with MySQL? — maksimov, Apr 12 '13 at 11:57
@maksimov Yes the function is working if i write it like this. function profile_name($profile_name, $email){ $profile_name = mysql_real_escape_string(htmlentities($profile_name)); mysql_query("UPDATE user SET user_name = '{$profile_name}' WHERE user_email = 'my@email' "); } It update my user_name row. but not when im sending it with $_session — Dymond, Apr 12 '13 at 12:03
@Dymond, I don't understand what you mean when you say "when im sending it with $_session". Can you please elaborate? Preferably through adding more information to your original question. — maksimov, Apr 12 '13 at 12:06

maksimov · Accepted Answer · 2013-04-12T12:37:06.500

1

Still trying to understand what you mean by "sending the $_SESSION", but this statement looks weird:

$_POST["{$_SESSION['email']}"]

What it does is it's getting a value from $_SESSION array with the key email, and then uses this value as a key to $_POST array.

Assuming your $_SESSION['email'] is set to [email protected], it would expect $_POST['[email protected]'] to return a value. For that your form would have to have an input control with name [email protected].

Since it is a very irregular way of doing things, I assume it might be a problem, unless it's a typo in your question.

What you probably meant to do is this:

if (isset($_POST['profile'], $_SESSION['email'])) {...

edited Apr 12 '13 at 12:37

answered Apr 12 '13 at 12:19

maksimov

5,792
1
30
38

well yes, that is what I'm trying to do. but it still gives me nothing, nor an error or an input. But I will do as some people suggestion here and start over with mysqlli. – Dymond Apr 12 '13 at 12:28
"Nothing" == your record isn't getting updated? I've asked you before, are you sure you are entering your function even? If it was a problem with MySQL it would have printed something in your error.log at the very least. – maksimov Apr 12 '13 at 12:39

score 0 · Answer 2 · answered Apr 12 '13 at 11:49

0

I think both columns are not integers, SO the values should be wrap with single quotes,

UPDATE user SET user_name = '{$profile_name}' WHERE user_email = '{$email}'

I'll suggest that you switch on using PDO or MySQLi.

answered Apr 12 '13 at 11:49

John Woo

258,903
69
498
492

Issue with sending $_SESSION with $_POST

2 Answers2