$_Session HTML table

Question

0.00/5 (No votes)

See more:

So I have a sql query (below) which is supposed to use the login id from login page and do a query based on that user. I can't figure out the correct formatting for the $_session, seems to print the correct user id in the error message but the rest of the query is not pulling any data.

error showing: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '27008 order by Policy asc' at line 1

What I have tried:

$sql = "select pendingindex.* from pendingindex join sorttest on pendingindex.pendreckey = sorttest.pendreckey where agentid in( select agentid from pinagentid where pin = . {$_SESSION['user_id']} order by $sort $sort_order";

Posted 7-May-19 6:51am

Member 14315552

Updated 7-May-19 8:39am

Add a Solution

2 solutions

Solution 2

First problem I see is that you have the potential for a SQL Injection vulnerability by way you concatenate together your SQL command. How you should be doing this is by creating a prepared statement and then binding in a parameter.

Second item I see is an error there is no closing parenthesis in your subquery.

Third item I see is in your ORDER BY clause; the two items should be separated by the items are not separated by a comma

References:
PHP: mysqli::prepare - Manual[^]
PHP: PDOStatement::bindParam - Manual[^]

Posted 7-May-19 8:40am

MadMyche

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

W∴ Balboos, *GHB* · Accepted Answer · 2019-05-07T08:15:00

select pendingindex.* from pendingindex
join sorttest on pendingindex.pendreckey = sorttest.pendreckey
where agentid in ( select agentid from pinagentid where pin = . {$_SESSION['user_id']} order by $sort $sort_order

Notice your "agentid in (" subquery . . . you did not have a closing ")" before your ORDER BY clause.

Try that for a start.