Sessions is not getting id

:confused:
Hi I have a form that when I input the data goes to the db but does not recognize it on the next page session_start(); Can anyone tell me what it is I need to do to fix this or if I have to recode it somehow.

I get this error message.

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/ebermy5/public_html/login.php on line 34
Welcome,

This is my first codes for them to fill out then it should go to the next welcome page below codes.

 
<?phperror_reporting(E_ALL); 
ini_set("display_errors", 1); 
include_once ("Connections/connect_to_mysql.php");    
     $err=''; 
  $id='';   
  $firstname=''; 
  $lastname=''; 
  $country=''; 
  $email=''; 

  if(isset($_POST["submit"])){ 
      // Validate form data    if($_POST["firstname"]=='') 
$err.='Please enter First Name<br>';    
if($_POST["email"]=='') 
$err.='Please enter Email<br>'; 
    if($err==''){ 
       // Check if there are duplicate entries in the 'contacts' table 
      $results = mysql_query("SELECT id FROM `Members` WHERE firstname='".addslashes($_POST["firstname"])."' and Email='".addslashes($_POST["email"])."'"); 
      if($row = mysql_fetch_array($results)){ 
        $err.='Can not add duplicate entry<br>'; 
      }      else{        // adding new record to 'contacts' table 
        mysql_query("INSERT INTO Members(firstname,lastname,country,Email)                     values ('".addslashes($_POST["firstname"])."','".addslashes($_POST["lastname"])."','".addslashes($_POST["country"])."','".addslashes($_POST["email"])."')"); 
       // redirecting to success screen 
       if($results){ 
         header("Location: login.php"); 
}else die(mysql_error()); 
      } 
    } 
  } 
?> 
<html><head><title>Add New Contact</title></head><body><h2>Register with us</h2> 
<?php 
echo $err==''?'':('<p style="color:red;">'.$err.'</p>') ?> 
<form method="post" action="form.php"><table border="0"> 
<tr> 
<td valign="middle">First Name:</td> 
<td><input type="text" name="firstname" size="30" value="<?php echo htmlspecialchars($firstname) ?>"> 
</td> 
</tr> 
<tr> 
<td valign="middle">Last Name:</td><td><input type="text" name="lastname" size="30" value="<?php echo htmlspecialchars($lastname) ?>"> 
</td> 
</tr> 
<tr> 
<td valign="middle">Country:</td> 
<td><input type="text" name="country" size="30" value="<?php echo htmlspecialchars($country) ?>"></td> 
</tr> 
<tr> 
<td valign="middle">Email:</td><td><input type="text" name="email" size="30" value="<?php echo htmlspecialchars($email) ?>"></td> 
</tr> 
</table> 
<br><input type="submit" name="submit" value=" Submit! "> 
</form> 
</body> 
</html> 


WELCOME PAGE

 
<?php 
session_start(); 
session_id(); 
?> 
        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Welcome</title></head><body> 
<?php 
/* Program: login.php 
* Desc:    Displays the new member welcome page. Greets 
*            member by name and gives a choice to enter 
*            restricted section or go back to main page. 
*/ 
error_reporting(E_ALL); 
ini_set("display_errors", 1); 
$firstname = ''; 
$id = ''; 
if (isset($_SESSION['id'])) { 
         $id = $_SESSION['id']; 
} else { 
   echo "can not get id"; 
} include('Connections/connect_to_mysql.php'); 
$result = mysql_query("SELECT firstname FROM `Members` WHERE id=$id"); $row = mysql_fetch_array($result); 
            if ($firstname == ''){ //condition, is name equal to lower case firstname notice we use == and not = 
    echo "Welcome, $firstname"; 
} else { //so incase the condition is not as expected 
    echo "Sorry you are not $firstname";} 
?> 
<p>Your new Member accounts lets you enter the members only sectionof our web site. You'll find special discounts, a profile of matches,live advise from experts, and much more.</p><p>Your new Member ID and password were emailed to you. Store them carefully for future use.</p> 
<div style="text-align: center"><p style="margin-top: .5in; font-weight: bold">Glad you could join us!</p> 
<form action="profile.php" method="post">    <input type="submit" 
        value="Enter the Members Only Section"> 
        </form> 
<form action="index.php" method="post"> 
    <input type="submit" value="Go to Main Page"> 
   </form> 
                </div> 
</body> 
</html> 
Code: 

I don’t see anywhere that you set $_SESSION[‘id’] as the member’s ID. If that is supposed to be in the first set of code, then you need to start the session there, explicitly set the $_SESSION[‘id’] and then it will be available on the next page. session_id(); doesn’t set the ID you are looking for.

While we are at it, you should not use addslashes() for protection. You should use mysql_real_escape_string() as that provides much more security.

I had it as this

$firstname = ‘’;
$_SESSION[‘id’]=‘$id’;

but get the same error message. Should I change it to something else.

should I have phpmyadmin storage engine to InnoDB instead of MYISAM.

You would set it to the member’s ID after you get it from the database.


$results = mysql_query("SELECT id FROM `Members` WHERE firstname='".addslashes($_POST["firstname"])."' and Email='".addslashes($_POST["email"])."'"); 

This query would be getting that ID, but you never actually do anything with it. I am thinking that this is supposed to be checking to see if someone is already signed up under that name, but the idea is the same. Perhaps your login page code would be what to show, but it doesn’t really matter to the point.

When the user logs in, you need to get the ID from the database, then assign it to the $_SESSION[‘id’], then it will be available for use:


$results = mysql_query("SELECT id FROM `Members` WHERE firstname='".mysql_real_escape_string($_POST["firstname"])."' and Email='".mysql_real_escape_string($_POST["email"])."'"); 

$row = mysql_fetch_assoc( $results );

if ( array_key_exists( 'id', $row ) ) {

   $_SESSION['id'] = $row['id'];

}

As an example.

Also, $_SESSION[‘id’]=‘$id’; won’t work. Variables inside single quotes don’t parse. You would literally be setting $_SESSION[‘id’] to $id, not what $id represents.

should I have phpmyadmin storage engine to InnoDB instead of MYISAM.

That makes no difference to this issue.