I have this problem. Session does not work when I use with $_POST. If I add 63 manualy it will works across pages. I can see the output 63.
$_SESSION['name'] = 63;
echo $_SESSION['name'] ;
but this below won't work when I switch between pages. The $row['id'] output is also 63.
$cari = "SELECT id FROM dns_soa WHERE `origin` = '".$_POST['origin']."'";
$keputusan = mysql_query($cari);
$row = mysql_fetch_array($keputusan);
$_SESSION['name'] = $row['id'];
echo $_SESSION['name'] ;
When I go to 2nd pages I can see the output but when I went back to 1st pages the output is gone. Any idea?
Because when you are coming back it will again set the session variable, as this time you don't have the $_POST[origin] variable that leads to $row['id']="" and the session variable also NULL...
What you should do is..
$cari = "SELECT id FROM dns_soa WHERE `origin` = '".$_POST['origin']."'";
$keputusan = mysql_query($cari);
$row = mysql_fetch_array($keputusan);
if(!isset($_SESSION['name']))
$_SESSION['name'] = $row['id'];
echo $_SESSION['name'] ;
When you go back to the page where you have used $_POST, $_POST becomes empty, unless your browser posts it again. So the SQL query returns no result. Hence, $_SESSION['name'] becomes empty.
Also make sure you have invoked session_start on every page before using $_SESSION
Related
I'm new to web programming and I have an issue with the way user $_SESSION variables are being handled. When a user logs into my website, I start a session like so -
session_start();
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['class'] = $row['class'];
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['level'] = $row['level'];
$_SESSION['exp'] = $row['exp'];
$_SESSION['health'] = $row['health'];
Currently, if I want to update one of these session variables -
$_SESSION['strength'] += 10;
$db->query("UPDATE player SET strength=strength+10 WHERE id={$_SESSION['id']}");
I am doing it this way, because after I query the database, my session variables are not updating as well. If I unset the session variable, it logs the user out of the website. What am I doing wrong?
EDIT: My issue was my understanding of how sessions worked, session variables are temporary and shouldn't be used for values that update inside the database. I should instead grab the variables directly from the database so that they update in real-time.
instead of "strength=strength+10" use in your query string
"strength={$_SESSION['strength']}"
i used this query to login and for creating session.
$username = $_REQUEST['user'];
$password = $_REQUEST['pass'];
$member = mysqli_query($conn,"SELECT * FROM `user` WHERE `email` = '".$username."' AND `password` = '".$password."' ");
$member1 = mysqli_fetch_assoc($member);
if ($member1>0)
{
$_SESSION['username']=$member1['fullName'];
$_SESSION['companyid']=$member1['comapanyId'];
header('Location: home.php');
}
else
{
header('Location: index.php');
}
i am able to create session means if i echo
$_session['companyid'];die; on this page it will print that id
perfectly.
Now, i will jump to home.php to use this session for that i write
session_start() on top of the page.
Now, If i print_r($_SESSION['companyid']) i will get error Notice:
Undefined index: companyid
for this problem i used isset function like this,
if (isset($_SESSION['companyid'])) {
echo $_SESSION['companyid'];
}
but i am again failed to print $_SESSION in home.php I dont know what
i am doing wrong.
i am able to create session means if i echo
$_session['companyid'];die; on this page it will print that id
perfectly.
The array $_session is different than the superglobal array $_SESSION due to case sensitivity. On top of that, you will need session_start() at the top of each PHP page that will be accessing this array.
If you change $_session to $_SESSION, PHP will know that you are calling the same array.
I am passing the following variables from a query through a link:
<a href="middle.php?name=<?php echo $name; ?>&id=<?php echo $id1; ?>&rowid=<?php echo $rowid; ?>&record=<?php echo $record; ?>">
The variables are being passed to this page:
session_start();
//$id = ($_GET['id']);
if (isset($_GET["record"])) {
$_SESSION["record"] = $_GET["record"];
}
if (isset($_GET["id"])) {
$_SESSION["id"] = $_GET["id"];
}
if (isset($_GET["rowid"])) {
$_SESSION["rowid"] = $_GET["rowid"];
}
if (isset($_GET["name"])) {
$_SESSION["name"] = $_GET["name"];
}
if (isset($_GET["store"])) {
$_SESSION["store"] = $_GET["store"];
}
and then users are redirected to this page where Im trying to use the assign the session variables to variables in the page like this:
session_start();
$id = $_SESSION[id];
$rowid = $_SESSION[rowid];
$name = $_SESSION[name];
$record = $_SESSION[record];
The variables arent accessible as I need them to be on this page. Am I missing quotes? What is the best way to use the session variables again?
FYI they're mainly being used in other queries like this:
"SELECT * FROM mgap_orders WHERE mgap_ska_id = '" . $_SESSION['id'] . "' AND mgap_status = 0 GROUP BY mgap_ska_report_category LIMIT 5";
Am I missing quotes?
Yes. You say you're accessing them like this:
$id = $_SESSION[id];
That should be this:
$id = $_SESSION['id'];
But even more to the point, why do you need to use session here at all? The way you describe the situation is:
User makes a request with query string values in the link.
In the response you forward the user to another page (presumably using the location header?).
On the last page the values need to be present.
If they're query string values, keep them as query string values in the redirect. So where you may have something like this:
header('Location: somePage.php');
you can include the values:
header('Location: somePage.php?name=' . $name');
and so on for the remainder of the values, just like you do when building the original link for the page which performs the redirect.
Also, while you don't show your data access, you do show your query which appears to be vulnerable to SQL Injection attacks. Ultimately the values you're using are coming from user input (query string) so you shouldn't directly concatenate them into SQL queries.
I have the following login script, where i do use sessions.
<?php
session_start();
if(isset($_SESSION['logged_in'])){
$id = $_SESSION['id'];
header("Location: start.php?id=$id");
exit();
}
if(isset($_POST['submit'])){
$x1 = $_POST['x1'];
$x2 = $_POST['x2'];
...
$query = $db->query("SELECT * FROM table WHERE x1='".$x1."' AND x2='".$x2."'");
if($query->num_rows === 1){
$row = $query->fetch_object();
$id = $row->id;
$_SESSION['logged_in'] = true;
$_SESSION['id'] = $id;
header("Location: start.php?id=$id");
3more queries
exit();
start.php will be just:
<?php
echo $_GET['id'];
?>
I thought $_GET['id'] would be stored on the server so that $_GET should be displayed. The fetch_object is working. I know that, because it will be displayed the right way at "id=$id" at the browser. So would someone be that friendly and could help me out. Thanks!
The $_GET superglobal is defined as part of the URL string:
http://example.org/index.php?foo=bar&baz=1
In index.php:
echo $_GET['foo']; // bar
echo $_GET['baz']; // 1
So $_GET is not stored on the server, but is passed with each HTTP request, as is $_POST, but that is passed in the HTTP headers rather than simply appened to the end of the URL.
$_GET variables are those passed via the URL, i.e. index.php?foo=bar&baz=qux (foo equals bar, baz equals qux).
These variables are not stored on the server as a part of the session, but rather only exist with that request. If you want to store information on the server as a part of the session, you should use $_SESSION instead, which will exist within the current session, regardless of the request.
i want to keep some variable alive so that it is available to all the pages of the site ;
i tried global but that don't work with these kind of problem ;
i use the following code :
while($result1 = mysql_fetch_array( $result))
{
$adm_no = $result1['adm_no'];
$adm_dt = $result1['adm_dt'];
$name = $result1['name'];
$dob = $result1['dob'];
$f_name = $result1['f_name'];
$f_office = $result1['f_office'];
$f_o_no = $result1['f_o_no'];
$m_name = $result1['m_name'];
$m_office = $result1['m_office'];
$addr = $result1['addr'];
$pho_no = $result['pho_no'];
these same variable in another page called tc.php . how can i do that ????
If you want to access all that data again in another page I would recommend storing the information needed to retrieve data from your mysql table in a session rather than the result of the query. This means you don't have a load of trivial data in your session space. For example.
Imagine I have a person table and want to get bits of information for that person on different pages I just store the person_id in a session like so:
//home.php
$_SESSION['personID'] = $personID;
Then on any page I want to retrieve person information on I just get the person id from the session and run the query to get the specific information I need.
//profile.php
$personID = $_SESSION['personID'];
//Get specific information here
If you really cant change the way that you are doing this which I really hope you can as it'll make your life a hell of a lot easier then just changing your code to this:
//make sure that you have started a session at the top of your page before you do anything else
session_start();
while($result1 = mysql_fetch_array($result)) {
$_SESSION['adm_no'] = $result1['adm_no'];
$_SESSION['adm_dt'] = $result1['adm_dt'];
$_SESSION['name'] = $result1['name'];
$_SESSION['dob'] = $result1['dob'];
//etc
}
Use
$_SESSION['myvar']= "your value";
echo $_SESSION['myvar'];
will can access any page
Fetch data again in tc.php - it is the best way in this case I think.
You can also set that data to the session, and in tc.php get it from there.