Can some explain to me the best way to store a $_GET variable in a session and the only way the sessions changes is when we verify the data the session is being change to is different from the GET variable.
Currently i have
$tid = clean_get($_GET['tid']);
in a global file which is included on every page the problem with that is the value of $tid will be erased and not stored in a session like i want it to once the user is not on a page with $tid set in the url.
If you get $_GET['tid'] in url then set session again by that new value otherwise restore it from session. Thats it.
session_start();
$tid = (isset($_GET['tid']) && $_GET['tid']!="") ? clean_get($_GET['tid']) : $_SESSION['tid'];
Try this and tell me is it solved?
Use a function like isset() to see if it is being sent. Only then should you replace it:
if(isset($_GET['tid']))
{
$tid = clean_get($_GET['tid'])
// Do stuff to change session data.
}
I think what you are looking for is something like
session_start();
foreach ($_GET as $key=>$value) {
$_SESSION['getValues'][$key] = clean_get($value);
}
This will store all the values in $_GET in the $_SESSION. To retrieve the values later, you just have to use $_SESSION['getValues']['tid'] after calling session_start().
Here I'm assuming that clean_get() is just something that formats and/or escapes data that came in from forms, so calling it on each value before sticking into the session will do all that cleaning when needed.
Note: only call session_start() once, and make sure you do so before doing anything with $_SESSION, otherwise you'll get error messages.
Related
I'm a noob programmer so I apologies in advance for any obvious mistakes. I've spent the past week creating a product database kinda thing. I've got too the point where I can add products using a form, view all products added etc. I've being using sessions which are created via the form input data. I'm struggling to include get a delete product page working, I've tried using unset to clear the variable but can't get it too work.
ADD Product page which sets the session variable:
$_SESSION['Products'][] = $_POST; //is how i set the session on the add products page.
unset $_SESSION['Products'][]; //is how i have tried to clear the session although it does not work.
Any point in the right direction will be appreciated!
You can unset session variable using:
session_unset - Frees all session variables (It is equal to using: $_SESSION = array(); for older deprecated code)
unset($_SESSION['Products']); - Unset only Products index in session variable. (Remember: You have to use like a function, not as you used)
session_destroy — Destroys all data registered to a session
To know the difference between using session_unset and session_destroy, read this SO answer. That helps.
I am including this answer in case someone comes to this page for the same reason I did. I just wasted an embarrassing amount of time trying to track the problem down. I was calling:
unset($_SESSION['myVar']);
from a logout script. Then navigating to a page that required login, and the server still thought I was logged in. The problem was that the logout script was not calling:
session_start();
Unsetting a session var DOES NOT WORK unless you start the session first.
Unset is a function. Therefore you have to submit which variable has to be destroyed.
unset($var);
In your case
unset ($_SESSION["products"]);
If you need to reset whole session variable just call
session_destroy ();
If you completely want to clear the session you can use this:
session_unset();
session_destroy();
Actually both are not neccessary but it does not hurt.
If you want to clear only a specific part I think you need this:
unset($_SESSION['Products']);
//or
$_SESSION['Products'] = "";
depending on what you need.
unset is a function, not an operator. Use it like unset($_SESSION['key']); to unset that session key. You can, however, use session_destroy(); as well. (Make sure to start the session with session_start(); as well)
Destroying a PHP Session
A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.
Here is the example to unset a single variable
<?php unset($_SESSION['counter']); ?>
Here is the call which will destroy all the session variables
<?php session_destroy(); ?>
// set
$_SESSION['test'] = 1;
// destroy
unset($_SESSION['test']);
$_SESSION['Poducts'] = 1; // set
unset($_SESSION['Products']); //unset
All the answer about unset are correct but one thing is needed to be corrected. If you did not use session_start() the unset() will never work. I recommend doing it this way
session_start();
unset($_SESSION['productID']);
I'm a noob programmer so I apologies in advance for any obvious mistakes. I've spent the past week creating a product database kinda thing. I've got too the point where I can add products using a form, view all products added etc. I've being using sessions which are created via the form input data. I'm struggling to include get a delete product page working, I've tried using unset to clear the variable but can't get it too work.
ADD Product page which sets the session variable:
$_SESSION['Products'][] = $_POST; //is how i set the session on the add products page.
unset $_SESSION['Products'][]; //is how i have tried to clear the session although it does not work.
Any point in the right direction will be appreciated!
You can unset session variable using:
session_unset - Frees all session variables (It is equal to using: $_SESSION = array(); for older deprecated code)
unset($_SESSION['Products']); - Unset only Products index in session variable. (Remember: You have to use like a function, not as you used)
session_destroy — Destroys all data registered to a session
To know the difference between using session_unset and session_destroy, read this SO answer. That helps.
I am including this answer in case someone comes to this page for the same reason I did. I just wasted an embarrassing amount of time trying to track the problem down. I was calling:
unset($_SESSION['myVar']);
from a logout script. Then navigating to a page that required login, and the server still thought I was logged in. The problem was that the logout script was not calling:
session_start();
Unsetting a session var DOES NOT WORK unless you start the session first.
Unset is a function. Therefore you have to submit which variable has to be destroyed.
unset($var);
In your case
unset ($_SESSION["products"]);
If you need to reset whole session variable just call
session_destroy ();
If you completely want to clear the session you can use this:
session_unset();
session_destroy();
Actually both are not neccessary but it does not hurt.
If you want to clear only a specific part I think you need this:
unset($_SESSION['Products']);
//or
$_SESSION['Products'] = "";
depending on what you need.
unset is a function, not an operator. Use it like unset($_SESSION['key']); to unset that session key. You can, however, use session_destroy(); as well. (Make sure to start the session with session_start(); as well)
Destroying a PHP Session
A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.
Here is the example to unset a single variable
<?php unset($_SESSION['counter']); ?>
Here is the call which will destroy all the session variables
<?php session_destroy(); ?>
// set
$_SESSION['test'] = 1;
// destroy
unset($_SESSION['test']);
$_SESSION['Poducts'] = 1; // set
unset($_SESSION['Products']); //unset
All the answer about unset are correct but one thing is needed to be corrected. If you did not use session_start() the unset() will never work. I recommend doing it this way
session_start();
unset($_SESSION['productID']);
I have a PHP file (approvals.php) that only gets executed on an AJAX call. It has a postgresql query that searches a table and uses a customer id, which is set as a session variable. Problem is, it seems I can't access this session variable in this file. My query is like:
$query = "SELECT merchant_id FROM ndovu_merchant_users WHERE customer_id={$_SESSION['customer_id']}";
$result = pg_query($query);
I have tried to echo the session variable $_SESSION['customer_id'] but nothing. However on passing a fixed value to the query, it returns a result.
In your case, i would have checked if the session is set in the first place.
//this should be put at the header of the page
session_start();
if(isset($_SESSION['customer_id']) && !empty($_SESSION['customer_id'])){
echo $_SESSION['customer_id'];
}else{
echo 'session is not set';
}
You need to place session_start(); above the code section where you use it; the top of the page is usually the best place to place it.
Also, it should be noted; you have what is potentially a large security flaw here, by passing in unescaped data.
You should look into using prepared statements if possible; or at least escape your inputs.
The user session is not accesed when the script is called by an ajax request.
The session token wich php requires to obtain the session data is stored in the client side(user) inside a session cookie.
You can read more here
https://stackoverflow.com/a/1535712/3922692
Just pass the user id with GET or POST in the ajax request.
There is not enough code presented but if you realy need to get the id from the session you can use an iframe (which is not recommended), process fetch data server side and output it in the iframe.
I want to save some values to the $_SESSION variable, I tried to create sessions like this:
if(isset($row_WADAsarenewals['AgreeNum'])) {
$_SESSION['AgreeNum'] = $row_WADAsarenewals['AgreeNum'];
}
But when I try to display this session like this it does not show up? echo($AgreeNum); What am I doing wrong?
To echo your session you will need to call the session-variable, not a regular variable with the same name as the the session-variable. So your echo would be:
echo $_SESSION["AgreeNum"];
Also, if you are having problems writing to your session, you might have to call session_start() prior to writing anything to your session.
You need to use
session_start()
at the beginning of your new script.
You need to use session_start(); prior to store something on the $_SESSION.
Then on the page you want to display the stored values, resume the session by calling again the session_start(); function. And retrieve the stored data like $AgreeNum = $_SESSION['AgreeNum'];
A call to echo($AgreeNum); should output the stored value.
You need to do;
echo $_SESSION['AgreeNum'];
Your solution just work when you have http://www.php.net/manual/en/security.globals.php turned on, which is not recommended. Because then $AgreeNum can came from $_GET for example.
Question related to PHP memory-handling from someone not yet very experienced in PHP:
If I set a PHP session variable of a particular name, and then set a session variable of the exact same name elsewhere (during the same session), is the original variable over-written, or does junk accumulate in the session?
In other words, should I be destroying a previous session variable before creating a new one of the same name?
Thank you.
$_SESSION works just like any other array, so if you use the same key each time, the value is overwritten.
Tom,
It depends on how you use the session variable, but it generally means "erasing" that variable (replacing the old value by the new value, to be exact).
A session variable can store a string, a number or even an object.
<?php
# file1.php
session_start();
$_SESSION['favcolor'] = 'green';
$_SESSION['favfood'] = array('sushi', 'sashimi');
?>
After this, the $_SESSION['favcolor'] variable and the $_SESSION['favfood'] variable is stored on the server side (as a file by default). If the same user visit another page, the page can get the data out from, or write to the same storage, thus giving the user an illusion that the server "remembers" him/her.
<?php
# file2.php
session_start();
echo $_SESSION['favcolor'], '<br />';
foreach ($_SESSION['favfood'] as $value) {
echo $value, '<br />';
}
?>
Of course, you may modify the $_SESSION variable in the way you want: you may unset() any variable, append the array in the example by $_SESSION['favfood'][] = 'hamburger'; and so on. It will all be stored to the session file (a file by default, but could be a database). But please beware that the $_SESSION variable acts magically only after a call to session_start(). That means in general, if you use sessions, you have to call session_start() at the beginning of every page of your site. Otherwise, $_SESSION is just a normal variable and no magic happens :-).
Please see the PHP reference here for more information.