<?php $r = mysql_query("select * from tbl_student_master where email='@$_SESSION[email]'") or die(mysql_error());
There seems to be a problem with that. How do I properly enter the session variable within apostrophes?
Asked
Active
Viewed 55 times
-2
-
1Do you really want that `@`? That's doing error suppression, and if you're querying against your table using potentially missing session vars, you've got bigger fish to fry. – Madbreaks Jan 31 '14 at 23:41
-
Adn *what specifically* seems to be the problem with your code? What does mysql_error say? Or did you wonder why the stray @ does not lead to matches? – mario Jan 31 '14 at 23:41
1 Answers
2
First off, make sure that your $_SESSION variable is safe - I have no reason to assume that it isn't, but if you are initially getting it from $_GET or $_POST or $_REQUEST, you need to do this differently.
<?php $r = mysql_query("select * from tbl_student_master where email='" . $_SESSION["email"] . "'") or die(mysql_error());
That being said, mysql_query is deprecated, you should really look into either mysqli or PDO. I strongly recommend PDO.
If you are using the @ because it is sometimes not set, you should wrap it in
if (isset($_SESSION["email"])) {
$r = mysql_query("select * from tbl_student_master where email='" . $_SESSION["email"] . "'") or die(mysql_error());
}
else {
//what to do if there is no session email
}
dave
- 62,300
- 5
- 72
- 93