getting session into each page

Question

i want to insert into a table depending on the id of the session:

here the code in class.php:

 public function activate($activation, $id,$change,$userID){
    $stm1= $this->conn->prepare("INSERT INTO `log` (`date`,`change`) VALUES(CURRENT_TIMESTAMP(),'$change') WHERE `user_id` =$userID");
    ($stm1->execute());
    $stmt = $this->conn->prepare("UPDATE `segments` SET `activation` = '$activation' WHERE `id` = '$id'")
    or die($this->conn->error);
    if ($stmt->execute()) {
        $stmt->close();
        $this->conn->close();
        return TRUE;
    }
}

at the top of the page i have this:

require './config.php';session_start();$userID = $_SESSION['user_id'];

and in action.php where the action go i have this:

     $conn = new db_class();
    $conn->activate($activation, $id,$change,$userID);
    echo "Updated successfully.";
    exit;

the first query insert into log is not working \ please help

Answer 1

This should be a comment but I don't have the rep yet...

Primarily, you don't do that type of insert with a WHERE clause. The insert will fail.

As an aside, that insert is open to sql injection. Bind your your parameters. Also, you should add error handling. If you had that, you would see the insert fails. Quick example (1 way...there are other ways...and I assumed $change is a string and $userId is an int...)

    $sql = 'INSERT INTO log
                    SET `date`  = CURRENT_TIMESTAMP(),
                        change  = :change,
                        user_id = :user_id;';
    $stmt      = $this->conn->prepare( $sql );
    $stmt->bindParam( ':change',  $change, PDO::PARAM_STR );
    $stmt->bindParam( ':user_id', $userID, PDO::PARAM_INT );

    $result = $stmt->execute();

    if (!$result) {
        // failure -> get and handle the error
        $error_array = $stmt->errorInfo();
    } else {
        // do something
    }

The docs can help > pdo::execute, pdo::errorinfo