my problem is that i did not get an php session variable into my function – i start in the top of the file
<?php
session_start();
var_dump($_SESSION);
this is the result
array(3) { ["loggedin"]=> bool(true) ["name"]=> string(4) "Piet" ["id_staff"]=> int(9) }
public static function getStaffList($_SESSION['name']){
if ($_SESSION['name'] =="admin" || $_SESSION['name'] =="Piet") {
$sql = "SELECT * FROM staff";
}
else {
$sql = "SELECT * FROM staff where surname = '".$_SESSION['name']."'";
}
$result = Core::$link->query($sql);
if (!$result) {
return 'Error: ' . mysqli_error(Core::$link);
}
$return = array();
while ($myrow = mysqli_fetch_assoc($result)) {
if ($myrow['birthday'] !== '0000-00-00') {
$myrow['birthday'] = date("d.m.Y", strtotime($myrow['birthday']));
} else {
$myrow['birthday'] = '';
}
$return[] = $myrow;
}
return $return;
}
2
Answers
if i write exactly this after session_start() - $_SESSION = array("loggedin"=> true, "name"=>"Piet", "id_staff"=> 9); - than it works –
You do not need to pass the session as parmeter:
the session is available anyway:
Take care that the call for the
session_start()
is executed at the start of the script.Another point where you need to take care is using values directly into SQL statements!
you never know what the user puts in there, or what value reaches to that point, and is than used for the query, leaking data.