There are two solutions to this. The first is to define a new variable to contain the $_SESSION['user']['username']
value and the second is to enclose $_SESSION['user']['username']
in curly braces (see: Strings - variable parsing for more information).
Solution 1
$username = $_SESSION['user']['username'];
mysql_query("SELECT * FROM clients WHERE user = '$username'")
or die(mysql_error());
Solution 2
mysql_query("SELECT * FROM clients WHERE user = '{$_SESSION['user']['username']}'")
or die(mysql_error());
In addition to this, if one is only accessing the top-level of the array (e.g. $_SESSION['username']
rather than $_SESSION['user']['username']
) one can simply remove the quotes around the key name:
mysql_query("SELECT * FROM clients WHERE user = '$_SESSION[username]'")
or die(mysql_error());
However, it should be worth pointing out that mysql
functions are deprecated and that your code is vulnerable to SQL injection. You should look into using PDO
or mysqli
prepared statements.