We Keep Coding

How do I update $_SESSION variable when the mysqli table is updated?

I'm new to web programming and I have an issue with the way user $_SESSION variables are being handled. When a user logs into my website, I start a session like so -
session_start();
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['class'] = $row['class'];
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['level'] = $row['level'];
$_SESSION['exp'] = $row['exp'];
$_SESSION['health'] = $row['health'];
Currently, if I want to update one of these session variables -
$_SESSION['strength'] += 10;
$db->query("UPDATE player SET strength=strength+10 WHERE id={$_SESSION['id']}");
I am doing it this way, because after I query the database, my session variables are not updating as well. If I unset the session variable, it logs the user out of the website. What am I doing wrong?
EDIT: My issue was my understanding of how sessions worked, session variables are temporary and shouldn't be used for values that update inside the database. I should instead grab the variables directly from the database so that they update in real-time.

instead of "strength=strength+10" use in your query string
"strength={$_SESSION['strength']}"

how to insert data in current logged in user's account?

i want insert data to current logged in user i changed 4 to session id but error please help me how to store id in session and use here
login.php
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
home.php
<?php
//Get current user ID from session
$userId = 4;
//Get user data from database
$result = $db->query("SELECT * FROM user WHERE id = $userId");
$row = $result->fetch_assoc();
?>

Try this.Directly add the value to session array.It will updated with session
session_start();
$_SESSION['user_id'] = 4;
$userId =$_SESSION['user_id']

executing the function call 'session_id()' returns the id of the session for the vistor, the session is actually a file kept in a directory of your server, the session_id will point to this file in all instances that I've personally seen.
to actually access the session you need to use $_SESSION to set and read data :) Happy Coding!

How to create session for login in core php?

i used this query to login and for creating session.
$username = $_REQUEST['user'];
$password = $_REQUEST['pass'];
$member = mysqli_query($conn,"SELECT * FROM `user` WHERE `email` = '".$username."' AND `password` = '".$password."' ");
$member1 = mysqli_fetch_assoc($member);
if ($member1>0)
{
$_SESSION['username']=$member1['fullName'];
$_SESSION['companyid']=$member1['comapanyId'];
header('Location: home.php');
}
else
{
header('Location: index.php');
}
i am able to create session means if i echo
$_session['companyid'];die; on this page it will print that id
perfectly.
Now, i will jump to home.php to use this session for that i write
session_start() on top of the page.
Now, If i print_r($_SESSION['companyid']) i will get error Notice:
Undefined index: companyid
for this problem i used isset function like this,
if (isset($_SESSION['companyid'])) {
echo $_SESSION['companyid'];
}
but i am again failed to print $_SESSION in home.php I dont know what
i am doing wrong.

i am able to create session means if i echo
$_session['companyid'];die; on this page it will print that id
perfectly.
The array $_session is different than the superglobal array $_SESSION due to case sensitivity. On top of that, you will need session_start() at the top of each PHP page that will be accessing this array.
If you change $_session to $_SESSION, PHP will know that you are calling the same array.

How to use $_SESSION in right way?

At the moment I am writing a little media library in PHP and i want to set sessions, so the user stays logged in and get's echoed his name at the front page.
[index.php]
if(isset($_SESSION['loggedin']))
{
//ECHO $USERNAME
}else{
echo '<p>To start, please login or register.</p>';
}
?>
I want, if theres an session id set, that PHP echoes out the $username.
[signup.php]
<?php
session_start();
$conn = mysqli_connect("$host", "$user", "$pass", "$db");
$uid = ($_POST['uid']);
$pw = ($_POST['pw1']);
$pw2 = ($_POST['pw2']);
if ($pw == $pw2) {
$sql = "INSERT INTO user (uid, pw) VALUES ('$uid', '$pw')";
$result = mysqli_query($conn, $sql);
echo "Registration succeeded.";
}else{
echo "Please check your information.";
}
header ("Refresh: 3; ../index.php");
So, after PHP successfully compares my $pw1 and $pw2 i want to start a session, then it should put the $username in the $_SESSION array.
Of course next to the secure session id.
I repeat, after this i want to echo the $username out at front page.
What is the best way to do it?
Thanks.

$sql="SELECT username FROM users WHERE userid=$uid";
$result=mysqli_query($conn,$sql);
$row=mysqli_fetch_assoc($result);
$_SESSION['username']=$row['username'];
You can do something like this.

Usage of $_SESSION super global array (compact version)
session_start(); //To init
$_SESSION['username'] = 'Bob'; // Store value
echo $_SESSION['username']; // Treat like normal array
Detailed example
To use a session, you have to init it first.
session_start();
After that you access the session vars via the super global
$_SESSION
A good way is always to store a value in your variables you want to use:
// init session
session_start();
// check if session var is set, if not init the field with value in the super global array
if(!isset($_SESSION['auth'])) $_SESSION['auth'] = false;
if(!$_SESSION['auth']) {
//do auth here like eg.
header('Location: signup.php'); // if auth is okay -> $_SESSION['auth] = true + redirect to this (main) script
die(); // This is really necessary because a header redirect can be ignored.
}
// if auth okay, do fancy stuff here
For security read the following
Remember to escape your user input, always!
How can I prevent SQL injection in PHP?
The session_id is stored in cookies normally.
Or - the old way via URL parameter.
You do not have to secure the session_id.
Read also advices about XSS/CSRF.
Plus tokens are also good.
May be this is what you mean with secure session_id.
Stackoverflow: preventing csrf in php
OWASP: https://www.owasp.org/index.php/PHP_CSRF_Guard
OWASP: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

checking session data using id, and changing id within a loop

I'm doing a little server-side project, where I need to check if a session variable is set, using session id's that are stored in my database.
The problem I'm getting, is that I don't want to destroy the session after I've checked if the variable is set. So I need a way to either check the variable without having to start the session, or find a way to change to a different session id while the session is started,
or duplicate the session to a different session that I can destroy.
Here's what I have:
while(true) {
$stmt=$db->prepare("SELECT sessionid FROM sessions");
$stmt->execute();
while($row=$stmt->fetch(PDO::FETCH_ASSOC) {
session_id($row['sessionid']);
session_start();
if(!isset($_SESSION['value'])) {
$stmt=$db->prepare("DELETE FROM sessions WHERE sessionid=:sessionid");
$stmt->bindValue(':sessionid',$row['sessionid'],PDO::PARAM_STR);
$stmt->execute();
}
session_destroy();
}
sleep(5);
}

Done it Lol ...
while(true) {
$stmt=$db->prepare("SELECT sessionid FROM sessions");
$stmt->execute();
while($row=$stmt->fetch(PDO::FETCH_ASSOC) {
session_id($row['sessionid']);
session_start();
session_regenerate_id(false);
$newsessionid=session_id();
session_write_close();
session_id($newsessionid);
session_start();
if(!isset($_SESSION['value'])) {
$stmt=$db->prepare("DELETE FROM sessions WHERE sessionid=:sessionid");
$stmt->bindValue(':sessionid',$row['sessionid'],PDO::PARAM_STR);
$stmt->execute();
}
session_destroy();
}
sleep(5);
}
Reference: http://uk1.php.net/manual/en/function.session-regenerate-id.php