Sql derived session variable not querying database on server

I queried a datbase based on user data after they signed up. The use data was assigned to session variable.

$result = mysqli_query($con, "SELECT * FROM `user` WHERE `id` ='".$_SESSION['id']."' ");

I assigned a value to $country from the lopp like this

while ($row = mysqli_fetch_array($result)) {$country= $row['country']; }

$country =$SESSION[`country`];

The page was redirecte. On another page, I used $country to query anothe table called market. The column is a varchar . The value $country was echoed but not performing this query below. It does nothing on ipage server but worked in localhost. The code is working on localhost but not on ipage cpanel server. Here is the code.

$result = mysqli_query($con, “SELECT name FROM market WHERE country =’”.$country."’ ");

while ($row = mysqli_fetch_array($result)) {echo $row[‘name’]."
"; }

. It does not work on ipage server to query the name column from market table. It worked on my wamp.

WHAT I TRIED
(1)When I tried to Assign Id, which is an integer, into the variable, it worked both on server and localhost. It means something like this query out

$SESSION['id']= row['id'],
$id =$SESSION['id'],



 SELECT * FROM market WHERE country = '$id'

(2)
Someone suggested I used cookies, same problem occurred

(3) the echoing of $country worked both on server and localhost. The problem is it is not querying on WHERE CLAUSE.

You should be using prepared statements rather than string interpolation or concatenation.

This is wasted. You are overwriting the value, so only grab the first value or only select a single value, this shouldn’t be a loop. You are also assigning a local variable $country the value of the session, which it doesn’t look like you set anywhere? Should that be:

$_SESSION['country'] = $country;

Possibly?

This is more wasted space. You don’t need to assign variables to variables to variables. Just use the container the value is in. Meaning if $row[‘id’] has the value, there is no point in creating another variable to hold that value.

Thanks for your observations. However,all the mentioned parts worked. Below code is not working on ipage. What’s not working is


$result = mysqli_query($con, “SELECT name FROM market WHERE country =’”.$country."’ ");

while ($row = mysqli_fetch_array($result)) {echo $row[‘name’]."
"; }.   ```

You probably want to check the error logs to see what is being triggered.

Well, you are not testing to see if you have data to actually display.
Perhaps your query is not pulling anything from the query itself.
Normally, you would check the mysqli_num_rows() to see if you get any results. If not, you can handle invalid countries. If you get some then, you fetch the results. But, you should use mysqli_fetch_assoc() functions if you want to use $row[“name”] out of the results. Or, change to array values…
My two cents on the session code you posted is that it would NOT work as-is. Astonecipher is correct.
It may be working, but, the session variables are NOT being used correctly.

There are no error on error log. The database is well populated. More than 50 rows were queried on localhost. It is not working on ipage cpanel where I hosted it. Thanks for your efforts. It is appreciated.

Does the database on the server match the one on local?

Do you have error reporting turned on for mysqli? It’s off by default.

Also, you show us no error checking at all in your code above. How are you checking for errors?
When you run a query using MySQLi, you can add an OR DIE function that will give you further errors.
And, you are not testing for errors, but, your code just moves on, so errors will basically be bypassed…
At the very least, you should use the mysqli_error() function to see if an error was thrown…

Please how do I turn mysqli error reporting on

Based on the posted code and your statement about a redirect, the server where this ‘works’ must be using a very old php version that still supports register globals. Your web hosting server probably has a current php version that does not and the $country variable doesn’t exist (if php’s error related settings were set up to either display or log all php errors, you would be getting and undefined variable error.)

If the overall goal of this is to display the markets that match the user’s country setting, just use a single JOIN query to get that data based on the user’s $_SESSION['id'] value.

Well, you can turn on errors for testing on any php page with these two commands at the top of the page:
error_reporting(E_ALL);
ini_set(“display_errors”, 1);
Do not leave these on in your live site. You don’t want to show users your error messages.

Then, show any MySQLi errors by testing for them. Loosely like this, not tested, just an example…

// Perform a query, check for error
if (!mysqli_query($con,“INSERT INTO Persons (FirstName) VALUES (‘Glenn’)”)) {
echo("Error description: " . mysqli_error($con));
}

In your code, you could run a query, then check to see if the there are any results using myslqi_num_rows and check for errors, too. If rows were found and no errors, then run the actual WHILE loop to get the data…

whats the code you use to connect to the database?

I like your solution. You are correct since $SESSION[id] was also declared. Please, give me a sample code that uses JOIN, session id to query table with country match.thanks

I created a connect.php and included the code in the head of all the pages. Thanks

And what is in the connect.php file?

You can find countless examples of sql JOIN queries already posted on the web and in the documentation for your database server type.

Another point for a good user experience on any page on your web site. All input data should be validated before using it. Since the country input (or the session user id) is ‘required’ for a page to produce correct output, you should validate that it is not empty. If it is empty, set up and display an appropriate user message. Only use the input value it is passes validation. If you end up always getting the user message that a required input is empty, that narrows down the problem to that specific input.

Oladupipo, There is so many issues in the samples you gave us. First, you need to learn about prepared statements. These protect your server from hackers. Also, MySQLi is NOT as secure as PDO. Most professional programmers now use PDO instead. Here is a link to a site which explains both of these.
It might help you get started converting to Prepared-Statements and also PDO. Prepared-Statements
Next, in your example I am showing above, you use a WHILE statement which is not needed if you are
only getting one row of data. Therefore, if you create a query to pull a user’s information, you only need
the one row of data. If you save this data into the SESSION array, the name is $_SESSION[ ] NOT the
$SESSION[ ] that you used. Please note the underline. Also, you create a fetch of an array of data, but,
I think you want to use mysqli_fetch_assoc() instead since you use $row[“country”] which is not an array
index, but an associated index. Lastly, as was mentioned by Astonecipher, you get the $row of data,
and that value does not need to be set again. You can store the data into the SESSION array, but,
you do not need to assign the $country variable twice in a row.

Fix all of these problems and then post if it works or if you have further problems. Good luck!

Okay. Thanks. I appreciate your inputs.

<?php
//This is placed inside index.php
session_start();


 //This is connect.php

 $email='[email protected]';
 mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
 error_reporting(E_ALL);
$con=mysqli_connect("localhost","find","FIND__2019","y_wheremarket");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
 
 

 
 //this is register.php
 
 $query = "SELECT * FROM user WHERE email='{$email}' ";
  	$results = mysqli_query($con, $query);
  	if (mysqli_num_rows($results) == 1) {
 if ($row = mysqli_fetch_assoc($results)) {
		 
		
	$_SESSION['country'] = $row['country'];
	 
	

 $_SESSION['id'] = $row['id'];


	 }
	 
	 }
	 
	
	  if (isset($_SESSION['country'])){$country=$_SESSION['country'];} else {echo("Error description: " . mysqli_error($con));}
	 
	  
	// this is index.php. head.php and connect.php are included in this index.php
	 
	 $result = mysqli_query($con,"SELECT * FROM market WHERE country='{$_SESSION['country']}'") ;
	 
	 if (!mysqli_query($con,"SELECT * FROM market WHERE country='{$_SESSION['country']}'")) {
echo("Error description: " . mysqli_error($con));
}

while ($row = mysqli_fetch_assoc($result)) {echo $row['name']."<br>"; } 

?>

The code can echo $country, It can echo $_SESSION[‘country’], it can echo $_SESSION[‘id’] on the ipage server but not query market table. All is working fine on localhost. I have implemented error reporting. The only thing I have not done is PDO. Thanks. Problem persist. My php version is 5.2.2 on localhost.

Sponsor our Newsletter | Privacy Policy | Terms of Service