Form destroys my session
 

Hi. When I use the form, I am getting redirected to login.php:

<?
session_start();
include("connect.php");
$id = $_GET[id];


if(!isset($_SESSION['id'])){
header("location:login.php");
}else{
$query = "SELECT * FROM users WHERE id = '".$_SESSION['id']."'";

$result = mysql_query($query)or die("MySQL fejl: " . mysql_error());
$log = mysql_fetch_array($result);
$user = $log["user"];
echo"$user";
$query2 = "SELECT * FROM messages WHERE modtager = '$user' && laest = 'n'";
$result2 = mysql_query($query2)or die("MySQL fejl: " . mysql_error());
$log2 = mysql_fetch_array($result2);
if(isset($_POST[text])){

$query3 = "SELECT * FROM topics WHERE id_parent = '$id'";
$result3 = mysql_query($query3)or die("MySQL fejl: " . mysql_error());
$log3 = mysql_fetch_array($result3);

$sql = "INSERT INTO topics (titel,text,date,author,id_parent)
VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')";
$sql = sprintf($sql,
mysql_real_escape_string($log3['titel']),
mysql_real_escape_string($_POST['text']),
mysql_real_escape_string(now()),
mysql_real_escape_string($user),
mysql_real_escape_string($log3['id_parent'])
);

$res = mysql_query($sql) or die(mysql_error());

}


$foresp = mysql_query("SELECT * FROM topics where id_parent = '$id'") or die(mysql_error());

while ($row = mysql_fetch_array($foresp)) {
echo"<br><br>Titel: $row[titel]<br>Text: $row[text]<br>";

echo"<form method='post' action='$PHP_SELF'>
<textarea name='text'>Skriv en meddelelse</textarea>
<input type='submit'></form>";
}
}
?>

I've re-formatted your code to make it easier for others to read using the [php][/php] tags :-)

If you are being re-directed to login.php then I can only assume that login.php isn't setting $_SESSION['id'] correctly (or whatever script sets it).

Can you post that script as the rest of this script isn't being run by PHP if it is hitting the header(redirect) bit.

Alan

What do you mean?

Im sure $_SESSION['id'] is set. echo"$user" shows the username.

What happens if you echo $_SESSION['id'] though? Your if() check looks to see if $_SESSION['id'] is set. If it isn't, it redirects you to login.php. Since you are getting redirected there is a good chance that $_SESSION['id'] isn't set :-)

Alan

Okay. But I can run the script when I am "logged in", but as soon as I run the form when I am logged in, i am getting redirected.

lesP> If you really want some help solving this, post your login script code, at least the bit that pertains to setting any session data.

A good method to troubleshoot has already been suggested by Alan@CIT. At the top of each script you're accessing the session, do this
This will leave no doubt as to what session data is set. You may want to just create a separate test script to do nothing but check session data, as I've done many times.

The best advice I can give you, start in small increments while developing an application. Don't just throw a bunch of code together and hope the session or POST data gets through. Create your interface, then build the code to process it. Start with a script that does nothing but receive the data and let you view what's coming through. Once you're confident that the data is there, the next step is to validate, filter, check, escape etc ad nauseum. After all this is done, create the SQL and eventually finish with fine tuning the script logic.

HTH

I changed $id to $refid and then it solved it. But now it does not pick out the topics I need. It only shows the topics where id_parent = 1 no matter if id=1 or id=2 in the browserline.