Can I use a PHP variable in a session?

I have a routine which gets member info from a database (works fine!) and puts the data into text boxes on a form (also works fine). The form has 2 buttons, one to update the details in the text boxes, the other to delete that member. The member’s unique ID is one of the DB fields returned (though it does not physically appear in a text box). A typical text box would contain the echoed value of a database field (also works), let’s say a variable $st which is the member’s street address.
So, can I use the variable $st as a session variable, assuming I have session_start() at the top of the file, then use that in the next page to update that member’s bit of data by retrieving it as a session variable?
Finally, what is stored in that session variable? Is it the string “$st” or its value (say ‘High Street’)?
PS - sorry, I can’t see the icon that lets you indicate a code snippet, hence the ‘over-wordy’ explanation.

From your previous thread -

You can assign any value to a session variable. This can be any expression that produces a value, e.g. a literal value, another variable, the result of an operation or comparison, or the result of a function/method call. The actual value is stored in the session variable.

What does using a session variable have to do with this operation? You should have two forms. The update form should have a hidden field with the id, a hidden ‘action’ field with a value that indicates that the ‘update’ form processing code is to be executed, and the form fields containing the data values. The delete form should have a hidden field with the id and a hidden ‘action’ field with a value that indicates that the ‘delete’ form processing code is to be executed.

The form processing code and the form(s) should be on the same page. This results in the simplest code and the best User eXperience (UX), since you can display any user/validation errors and repopulate the fields with the submitted/modified values when you redisplay the form.

The code for any page should be laid out in this general order -

1. initialization
2. post method form processing
3. get method business logic - get/produce data needed to display the page, such as the initial data being edited/updated.
4. html document

Yes, I have two forms. One features a dropdown box. The (visible) values in the dropdown box are members’ names, got from the DB that populates the box (this works fine).
Currently, on hitting a submit button, the name is passed to the sql query which then fills the text boxes on the 2nd form (again, this works fine).
However, what I want to get is the selected member’s unique ID to use as the session variable, because it is possible there may be more than one member with the same name, so not unique!
This can then be used on the 2nd form to update/delete that member. This is what I tried in the dropdown box:

echo "<select name='membox'><option value=''>Pick a Person...";
while ($row = mysqli_fetch_assoc($result))

	{
	$fullname = ucwords($row['firstname']." ".$row['lastname']." ");
	$hisid = $row['idno'];
	$_SESSION['id'] = $hisid;
	echo "<option value='$fullname'>$fullname";
	}
	
echo "</select></br></br>";

When I try this and echo the result for the $hisid variable, it always says 13 no matter which member I choose! I have no idea where this 13 comes from. Is there any way of getting the member’s ID into the option value… line?

I appreciate what you say about having the form and processing script on the same page, but at the moment I am trying to keep things as modular as possible to track down problems and avoid a page littered with error messages!

To select the user to edit and submit the member’s id to the next step, you would use $row[‘idno’] for the value attribute in the option tag. Using a session variable here is meaningless. The logic is storing the last (highest) $row[‘idno’] value in the session variable.

If you have multiple members with the same name, you would also display some unique value, such as a birthday, join date, or address as part of the option text so that you can uniquely select a member.

The member select menu needs be in a get method form, be ‘sticky’, and pre-select any existing choice, so that it will remember which user has been selected.

Cheers again! But isn’t value what the user sees in the DD box? I want the user to see his name (as currently), not a number which wont mean anything to him - so for every name there will be its matching unique ID, How will PHP know which to use from name or ID?
…or when the form is submitted, will there be a little array of name and ID? I can see that if one uses ‘get’ that will (in this context) be doing the same job as the session variable.
Aha!! Just thinking and my poor old brain has just realised something! If in the echo line above I write

echo "<option value='$hisid'>$fullname";

would that work? The user would see the name in the DD box as now, but the ID would be what was stored in the ‘get’ string! Go on, tell me I’ve got it

OK, just tried that. Picked my dummy entry ‘Fred Bloggs’ (ID=21) from the DD list, echoed the value and it is still saying 13! Relevant code now says:

{
	$fullname = ucwords($row['firstname']." ".$row['lastname']." ");
	$hisid = $row['idno'];
	echo "<option value='$hisid'>$fullname";
	}

Your markup doesn’t have closing </option> tags.

What does the ‘view source’ in the browser show for the markup?

OK! Whisper it quietly but I think I finally got it! The correct matching ID is now returned.

<select type="select" name="person">
                     <option>Pick a Person</option>
                     <?php                 
                     while ($row = $result->fetch_assoc()) {
                     	$fullname = $row['firstname']." ".$row['lastname'];
                     ?>
                         <option value="<?php echo $row['idno'] ?>"><?php echo $fullname; ?></option>
                         <?php
                      }
                      ?>
                </select>

All I have to do now is load the text boxes on the next page and sort out the update/delete routines. A few things are coming back but it’s a slow process!

A select field does not have a type attribute.

You should have an empty value attribute value='' for the prompt option so that you can easily validate the input in the next step.

Ah well, HTML being HTML I think it’s just ignoring the type attribute, I believe my HTML editor (Codelobster) inserted it. The important thing is, it works! I have now done the 2nd page, and all the text boxes are properly filled in with the values from the member’s row in the DB. I used your advice to create a hidden field for the member’s ID, checked the page source and it is also present and correct, so everything is working properly!
Just need to do the update / delete buttons and the attendant code. You suggest doing everything on the same page - not sure I’m clever enough for that, but will have a try.
Many thanks.

OK, this isn’t a question but a thank you. A big thank you! All my pages and coding work very well, for which I want to thank the forum (especially PHDR) as I dont think I could have done it without you!
Respect.

Not directly related to your question but I see you are using ucwords() on the names you’re fetching. While this generally works, it does not take into account certain names like McDonald and other similar ones. I use a custom function made just for the purpose and, while I didn’t write it myself so can’t take credit, it works!

// PROPERLY SET CASE ON NAMES, ie McDonald vs Mcdonald
function capitalize($str, $is_name = FALSE) {

	$mylist =   "S|‘s|‘t|A|Aan|Aan ‘t|Aan De|Aan Den|Aan Der|Aan Het|Aan T|Af|Al|Am|"
					. "Am De|Auf|Auf Dem|Auf Den|Auf Der|Auf Ter|Aus|Aus ‘m|Aus Dem|Aus Den|"
					. "Aus Der|Aus M|Ben|Bij|Bij ‘t|Bij De|Bij Den|Bij Het|Bij T|Bin|Boven D|"
					. "Boven D’|D|D’|Da|Dal|Dal’|Dalla|Das|De|De Die|De Die Le|De L|De L’|"
					. "De La|De Las|De Le|De Van Der|Deca|Degli|Dei|Del|Della|Den|Der|Des|"
					. "Di|Die Le|Do|Don|Dos|Du|El|Het|I|Im|In|In ‘t|In De|In Den|In Der|"
					. "In Het|In T|L|L’|La|Las|Le|Les|Lo|Los|Of|Onder|Onder ‘t|Onder De|"
					. "Onder Den|Onder Het|Onder T|Op|Op ‘t|Op De|Op Den|Op Der|Op Gen|Op Het|"
					. "Op T|Op Ten|Over|Over ‘t|Over De|Over Den|Over Het|Over T|S’|T|Te|Ten|"
					. "Ter|Tho|Thoe|Thor|To|Toe|Tot|Uijt|Uijt ‘t|Uijt De|Uijt Den|Uijt Te De|"
					. "Uijt Ten|Uit|Uit ‘t|Uit De|Uit Den|Uit Het|Uit T|Uit Te De|Uit Ten|"
					. "Unter|Van|Van ‘t|Van De|Van De L|Van De L’|Van Den|Van Der|Van Gen|"
					. "Van Het|Van La|Van T|Van Ter|Van Van De|Ver|Vom|Von|Von ‘t|Von Dem|"
					. "Von Den|Von Der|Von T|Voor|Voor ‘t|Voor De|Voor Den|Voor In ‘t|"
					. "Voor In T|Vor|Vor Der|Zu|Zum|Zur|Vit De|Or|And|Van|En";

	$str = trim($str);
	$str = stripcslashes($str);
	
	// EXCEPTIONS TO STANDARD CASE CONVERSION
	if ($is_name) :
		$all_uppercase = ''; //'Aj|Jd';
		$all_lowercase = $mylist;
	else :
		// ADDRESSES, ESSAY TITLES ... AND ANYTHING ELSE
		$all_uppercase = 'Po|Rr|Se|Sw|Ne|Nw';
		$all_lowercase = 'A|And|As|By|In|Of|Or|To';
	endif;

	$prefixes = 'Mc';
	$suffixes = "'S";
	// CAPTIALIZE ALL FIRST LETTERS
	$str = preg_replace_callback('/\\b(\\w)/', function($m) {
		return strtoupper($m[1]);
	}, strtolower(trim($str)));
	
	if ($all_uppercase) :
	// CAPITALIZE ACRONYMNS AND INITIALISMS e.g. PHP
		$str = preg_replace("/\\b($all_uppercase)\\b/", function($m) {
			return strtoupper($m[1]);
		}, $str);
	endif;

	if ($is_name) :
		if (strpos($str, " ") !== FALSE) :
			$ara = explode(" ", $str);
			foreach ($ara as $k => $v) :
				if ($k != count($ara) - 1 && !preg_match("/[aeiouyAEIOUY]/", $v))
					$ara[$k] = strtoupper($v);
			endforeach;
			$str = implode(" ", $ara);
		elseif (!preg_match("/[aeiouy]/", $str)) :
			$str = strtoupper($str);
		endif;
	endif;

	if ($all_lowercase) :
		// DECAPITALIZE SHORT WORDS e.g. and
		if ($is_name) :
			// ALL OCCURENCES WILL BE CHANGED TO LOWERCASE
			$str = preg_replace_callback("/\\b($all_lowercase)\\b/", function($m) {
				return strtolower($m[1]);
			}, $str);
		else :
			// FIRST AND LAST WORD WILL NOT BE CHANGED TO LOWER CASE (i.e. titles)
			$str = preg_replace_callback("/(?<=\\W)($all_lowercase)(?=\\W)/", function($m) {
				return strtolower($m[1]);
			}, $str);
		endif;
	endif;

	if ($prefixes) :
		// CAPITALIZE LETTER AFTER CERTAIN NAME PREFIXES e.g 'Mc'
		$str = preg_replace_callback("/\\b($prefixes)(\\w)/", function($m) {
			return $m[1] . strtoupper($m[2]);
		}
				, $str);
	endif;

	if ($suffixes) :
		// DECAPITALIZE CERTAIN WORD SUFFIXES E.G. 's
		$str = preg_replace_callback("/(\\w)($suffixes)\\b/", function($m) {
			return $m[1] . strtoupper($m[2]);
		}, $str);
	endif;

	//MAC EXCEPTIONS
	if (strpos($str, "Macd") === FALSE || strpos($str, "Macv") === FALSE) :
		//$str = preg_replace_callback("/Macd/", 'MacD', $str);
		//$str = preg_replace_callback("/Macv/", 'MacV', $str);
	endif;
	
	return trim(stripcslashes($str));
}

OK, bit of a cosmetic issue - the code actually works but I get a scary orange warning (webserver, not online): it keeps saying “undefined index:mymail” but when I look at the coding, we have:

<form method="post" action="" name="enteremail" id="enteremail">
Email Address: <input type="text" name="mymail" id="mymail" />
<input type="submit" value="Log In" />
</form>

So mymail IS defined, surely! Is this more of an error-reporting setting rather than an actual coding error? Just as long as the eventual users don’t see the ‘scary message’!

The code is likely missing a logic test to check if the form was submitted before referencing any of the form data. What is the full code necessary to reproduce the problem?

Whatever learning resource you are using, it is out of date -

1. An empty string for the action="" attribute is not valid html5. In html5, to cause a form to submit to the same page it is on, simply leave out the entire action attribute.
2. Unless you are referencing the form in the bowser, using javascript or css, the form tag doesn’t need name or id attributes.
3. You need <label></label> tags for the form field’s Email Address: label. If you put the closing </label> tag after the form field it corresponds to, you can leave out the for and corresponding id attributes.
4. If you are not referencing the form field in the browser, you don’t need the id attribute.
5. The / before the closing > is obsolete and no longer used.
6. You need to validate the resulting web pages at validator.w3.org

Hi PHDR, and thanks.
Issues 1, 2, and 4: I only added those things you mention when I continued to get the same puzzling error message and thought they might be the cause. Previously, I had actually done what you suggested in every case, so I can now carry out your suggestions here.
Issue 3: I don’t think I actually need the label tags, do I? I agree it makes for more ‘proper’ coding but it’s not going to affect the page appearance or the PHP functioning, is it? And the page displays as it is intended to (However I recognise that you have a lot more knowledge of this stuff than I do, so if you advise again, I shall do as you say!)

For test purposes, I (temporarily!) removed error checking in php.ini and the whole thing works fine. So it looks like the error checking was too strict on this occasion.

Code should not produce any errors when it runs normally, only for unexpected things that you didn’t account for when you wrote and tested the code.

Turning off php’s error_reporting or display_errors/log_errors doesn’t stop php from detecting and handling the errors, it just means that they are no longer reported or displayed/logged. It also means that if a user/programmer does something unexpected that causes a page to not work, you won’t know anything about it.

You must find and fix what is causing an error, not hide them.

OK, everything working nicely offline - pic uploaded and its details sent to a DB. But now I need to see if images will upload on the www!
What I have done as a first test using the offline form is to set the upload folder to one I created online, giving the full URL. The folder has permissions of 775.
The offline image doesn’t upload to that online folder at the moment.
Problem is, I’m not sure how to reference a folder on the remote server, which I think is unix/linux. I saw in the book I am using that it could be ‘/home/user/private/images/’ assuming the folder is called images.
I just changed the permissions to 777 and still no upload from PC to remote server. Looks like I need to move everything online to make it all work. Is that correct?

If by this you mean you used a URL for the destination in the move_uploaded_file() statement, that won’t work. Move_uploaded_file() operates on file system paths only. Php would be producing an error letting you know why it didn’t work. You cannot upload/move a file to any server using a URL, as that would let anyone put a file onto a server that they don’t have access to. The upload processing code must be on the server where you want the uploaded file to be put.

OK, cheers. I thought maybe that had something to do with it. Makes sense!
So let’s say the upload folder (‘images’ in my example) is under the site root (public_html) how would I refer to that folder from the page where the form is? That form is also under the site root.
Thanks in advance.