mysql – Fetching Data for active session user in php msqli-ThrowExceptions

Exception or error:

I am new to PHP but working on this below. If I specify the email address, it will fetch the orders of the particular email address but I want it to pick the email address of the active session user and fetch the orders of the user. How do I work around this? Hoping to get helped.

$email = $_SESSION['email'];

    $stmt=$db->prepare("select * from user where email=email");

 $email = $_SESSION['email'];
$query=$db->query('select * from sellorder where email = "'.$_SESSION['email'].'"');
   <td><?php echo '<span class="text-dark">'.$roww["orderno"].'</span>'; ?></td>
   <td><?php echo '<span class="text-dark">'.$roww["date"].'</span>'; ?></td>
   <td><?php echo '<span class="text-dark">'.$roww["btcvalue"].'</span>'; ?></td>
   <td>$<?php echo '<span class="text-dark">'.$roww["usdvalue"].'</span>'; ?></td>
   <td>₦<?php echo '<span class="text-dark">'.$roww["nairavalue"].'</span>'; ?></td>
   <td><?php echo '<span class="text-dark">'.$roww["accountno"].'</span>'; ?></td>
         <td><?php echo '<span class="text-success">'.$roww["status"].'</span>'; ?></td> 
How to solve:

You’re not using placeholders correctly in the first query. You’re asking for all records where the email column equals the email column. It should be:

"select * from user where email=:email"

The second one does not have a placeholder at all which is a huge mistake. Always use placeholder values:

$stmt=$db->prepare('select * from sellorder where email = :email');
$stmt->execute(['email' => $_SESSION['email']]);


Leave a Reply

Your email address will not be published. Required fields are marked *