0

How can I do same processing with different session value? I am really new in html php ajax and not familiar on how to move the session from pages to another pages. The session value should able to be changed back and forth.

Here is server.php for login. After login, user's family tree succcessfully appeared. $_SESSION['family_id] = users' family id.

if (isset($_POST['login_user'])) {
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $password = mysqli_real_escape_string($db, $_POST['password']);

  if (empty($username)) {
    array_push($errors, "Username is required");
  }
  if (empty($password)) {
    array_push($errors, "Password is required");
  }

  if (count($errors) == 0) {
    $password = md5($password);
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $results = mysqli_query($db, $query);
    if (mysqli_num_rows($results) == 1) {
      while($row = $results->fetch_assoc()) {
        $_SESSION['user_id'] = $row["id"];
        $_SESSION['family_id'] = $row["family_id"];
      }
      $_SESSION['username'] = $username;
      $_SESSION['success'] = "You are now logged in";
      header('location: index.php');
    }else {
        array_push($errors, "Wrong username/password combination");
    }
  }
}

Then I add search features at server.php. After user search for name John, the John's family tree successfully appeared. $_SESSION['family_id]= John's family id.

if (isset($_POST['find_user'])) {
  if (!empty($_REQUEST['username'])) {

    $username = mysqli_real_escape_string($db, $_REQUEST['username']);     
    
    $query = "SELECT * FROM users WHERE username LIKE '%".$username."%'"; 
    $results = mysqli_query($db, $query); 

    while ($row = $results->fetch_assoc()){  
      $_SESSION['family_id'] = $row["family_id"];
      }  
    }
}

And now is the problem. I want the user can go back to view his family tree. So at 'index.php' I add section "Your family tree" at navigation bar using AJAX. But I failed to view the user's family tree.

<div>
<li class="p-1 sm:p-0"><a id="clickme">Your family Tree</a> 
</li>
</div>

<script>
    $("#clickme").click(function() {
      var info = "close";
      $.ajax({
          type:'POST',
          url:'index.php',
          data: {info:info}
      });
    });
</script>

While at server.php

if (isset($_POST['info'])) {
  $user_id = $_SESSION['user_id'];
  $query = "SELECT * FROM users WHERE id='$user_id'";
  $results = mysqli_query($db, $query);
      while($row = $results->fetch_assoc()) {
        $_SESSION['family_id'] = $row["family_id"];
      }
      header('location: index.php');
}

I would be grateful if you can provide any link for further reading.

qmay
  • 1
  • 2
  • **Warning**: You are wide open to [SQL Injections](http://php.net/manual/security.database.sql-injection.php) and should really use parameterised **prepared statements** instead of manually building your queries. They are provided by [PDO](http://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](http://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input, especially that which comes from the client side. [Escaping is not enough](https://stackoverflow.com/q/5741187) – Phil Jan 05 '22 at 04:41
  • _"I am really new in php"_... are you following a tutorial or other sort of instruction? If so, find another one. Whatever reference you're using is either grossly out of date or just bad. I highly recommend this resource ~ https://phpdelusions.net/ – Phil Jan 05 '22 at 04:44
  • 1) You appear to be missing `session_start()` in all your PHP files. 2) Your AJAX code doesn't do anything with the response and since the response is a redirect, it probably shouldn't. I suspect this answers your question ~ [What is the difference between post api call and form submission with post method?](https://stackoverflow.com/q/58230804/283366) – Phil Jan 05 '22 at 04:51

0 Answers0