Include PHP $_SESSION var on INSERT, UPDATE & DELETE

Include PHP $_SESSION var on INSERT, UPDATE & DELETE

sendtextsendtext Posts: 5Questions: 0Answers: 0
edited November 2012 in Editor
I'm using Editor, and trying to find a way to make database actions include a PHP $_SESSION variable for the currently logged in user. I am using the PHP libraries provided with Editor. This is a multi-user web app where users manage their own records, so and I really need queries to look something like this...

[code]
INSERT INTO table (name, age, user_id) VALUES ($name, $age, $_SESSION['user_id'])
[/code]

Without hacking the PHP libraries, what are my options?

Note: "user_id" is a field I'm NOT exposing in DataTables.

Replies

  • allanallan Posts: 63,534Questions: 1Answers: 10,475 Site admin
    edited November 2012
    Perhaps something like this would do for you:

    [code]
    $data = $_POST;
    $data['session_id'] = $_SESSION['id'];

    Editor::inst( $db, 'browsers' )
    ->fields(
    ...
    )
    ->process( $data )
    ->json();
    [/code]

    i.e. just modify the data that Editor is sending to the PHP classes before the data is processed. You'd also need to include a field for the session_id of course - to the Editor class it will look like Editor has submitted the value. But we know differently ;-).

    Allan
  • sendtextsendtext Posts: 5Questions: 0Answers: 0
    That's exactly what I need, but when I try to assign the $_POST[] array to $data as you have it written, I get the following PHP error... (I'm on PHP 5.3)

    [quote]
    PHP Fatal error: Cannot use [] for reading in ...
    [/quote]
  • allanallan Posts: 63,534Questions: 1Answers: 10,475 Site admin
    Sorry - in my post I had:

    > $data = $_POST[];

    It should have been:

    [code]
    $data = $_POST;
    [/code]

    I've edited the above post incase anyone else also wants to use this method.

    Allan
  • sendtextsendtext Posts: 5Questions: 0Answers: 0
    edited November 2012
    I tried that as well, but it still didn't work, so I ended up adding a line in Editor.php's insert function. I also make use Editor's WHERE method (to filter queries based on user_id), so I just call session_start() from my table.mytable.php.

    [code]
    private function _insert( )
    {
    $set = array();

    $set['user_id'] = $_SESSION['user_id']; //Modify insert to include user_id
    [/code]

    As far as I can tell this shouldn't break anything.
This discussion has been closed.