skip to Main Content

my problem is that i did not get an php session variable into my function – i start in the top of the file

<?php
session_start();
var_dump($_SESSION);

this is the result

array(3) { ["loggedin"]=> bool(true) ["name"]=> string(4) "Piet" ["id_staff"]=> int(9) }
public static function getStaffList($_SESSION['name']){

  if ($_SESSION['name'] =="admin" || $_SESSION['name'] =="Piet") {
    $sql = "SELECT * FROM staff";
  }
  else {
    $sql = "SELECT * FROM staff where surname = '".$_SESSION['name']."'";
  }

  $result = Core::$link->query($sql);

  if (!$result) {
    return 'Error: ' . mysqli_error(Core::$link);
  }

  $return = array();
  while ($myrow = mysqli_fetch_assoc($result)) {
    if ($myrow['birthday'] !== '0000-00-00') {
      $myrow['birthday'] = date("d.m.Y", strtotime($myrow['birthday']));
    } else {
      $myrow['birthday'] = '';
    }

    $return[] = $myrow;
  }

  return $return;
}

2

Answers


  1. Chosen as BEST ANSWER

    if i write exactly this after session_start() - $_SESSION = array("loggedin"=> true, "name"=>"Piet", "id_staff"=> 9); - than it works –


  2. You do not need to pass the session as parmeter:

    public static function getStaffList($_SESSION['name']){
    

    the session is available anyway:

    public static function getStaffList(){
    

    Take care that the call for the session_start() is executed at the start of the script.

    Another point where you need to take care is using values directly into SQL statements!

      else {
         $sql = "SELECT * FROM staff where surname ='".$_SESSION['name']."'";
      }
    

    you never know what the user puts in there, or what value reaches to that point, and is than used for the query, leaking data.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search