Enter UserID with data

[Dakotakid50]

I have an page on my site where users login and enter there own data to a data base using this code:
<?
include('auth.php');
include('db.php');
$result = @mysql_query("SELECT event FROM event");
$result2 = @mysql_query("SELECT Player FROM Player");

if (!$result) {
exit('<p>Error performing Event query: ' . mysql_error() . '</p>');
}
if (!$result2) {
exit('<p>Error performing Pros query: ' . mysql_error() . '</p>');
}
?>
Pick Your Team: &nbsp;&nbsp;
<form action="session.php" method="post">
Event Name:
<select name="event">
<option value=""></option>
<?
while ($row = mysql_fetch_array($result))
{
?>
<option value="<?=$row['event'];?>"><?=$row['event'];?>
</option>
<?
}
?>
</select>
<br><br>
<form action="session.php" method="post">
Poker Pro:
<select name="Player">
<option value=""></option>
<?
while ($row = mysql_fetch_array($result2))
{
?>
<option value="<?=$row['Pros'];?>"><?=$row['Pros'];?>
</option>
<?
}
?>
</select>
<br><br>

<input type="submit" value="Add Player to Event">
</form>
Everything is working for this code to enter the selected data to my data base except I can not get it to post the Users ID with the data so I can sort the data by User ID.
Here is the code from session.php
<?
include ("db.php");
mysql_connect or die(mysql_error());
mysql_select_db("my_database") or die(mysql_error());
$event=$_POST['event'];
$name=$_POST['Player'];
$sql="INSERT INTO picks SET UserID='$UserID', event='$event', Pros='$Pros' ";
if (@mysql_query($sql))
?>
In the picks table it is listing in the UserID field the UserID as 0 insted of giving it the correct UserID.
What do I need to do to fix this so each users ID is entered with his data entry.
Thanks,

[Dan Grossman]

You use $UserID in your query but you don't create any such variable in your code.

I imagine your login system probably sets the user ID in a session somewhere, which you would want to use here.

[Dakotakid50]

Here is the code from my login page that sets up the user session.

<?PHP
include('db.php');
mysql_select_db('my_database') or die("Couldn't select the database");
$_POST['user'] = addslashes($_POST['user']);
$_POST['pass'] = md5($_POST['pass']);
$result = mysql_query("SELECT count(UserID) FROM player WHERE Password='$_POST[pass]' AND Username='$_POST[user]'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);
if (!$num) {
echo "<body>
<body bgcolor='#ADD8FE'>
<h3>Team Member Login</h3>
<form action='login.php' method='post'>
Username: <input type='text' name='user'><br>
Password: <input type='password' name='pass'><br><br>
<input type='submit' value='Login'>
</form>";
}
else{

session_start();
$result = mysql_query("SELECT UserID FROM player WHERE Password='$_POST[pass]' AND Username='$_POST[user]'") or die("Couldn't query the user-database.");
while ($row = mysql_fetch_array($result)) {
$_SESSION['player'] = $_POST['player'];
$_SESSION['pass'] = $_POST['pass'];
$_SESSION['playerid'] = $row['UserID'];
include('player_page.php');
}
}

?>
I still dont see what I need to do to get it to record the UserID when submiting the data.

[Dan Grossman]

You put the user ID in the session as "playerid", so read it from the session to use in your query.

Add to your code where you insert the row:

PHP Code:

session_start();
$UserID = $_SESSION['playerid']; 


[Dakotakid50]

I changed where I forgot to change playerid to userid. It didnt help.
Then I added this to the login.

$checkstatus = mysql_query("SELECT UserID FROM user WHERE Password='$_POST[pass]' AND Username='$_POST[user]'") or die("Couldn't query the user-database.");
while ($row = mysql_fetch_array($checkstatus)) {
$UserID=$row['UserID'];

Now when I login to the home secure page I get the stats for that user, but when I go to another page and back again I loose the users stats, but stay login. Also it still doesnt post the userid only "0" with submitted data.