I have a very strange problem.
Situation: Session handling over MySQL, PHP 5.2.4, wildcard cookies, FF/Opera/Safari/Chrome works, IE7/8 not.
When I save a variable into the session, the value is lost. The DB shows after the write action only "N" instead of "123456".
Example:
$bar = 123456;
$_SESSION['foo'] = $bar;
But when I save a constant in the session, it works.
$_SESSION['foo'] = 123456;
This is not really a client problem, but only in IE it doesn't work.
Any ideas?
Edit:
This is the session write function:
function _write($id, $data) {
$write = "UPDATE session SET time='".time()."', data='".mysql_real_escape_string($data)."' WHERE id='".mysql_real_escape_string($id)."'";
$result = #mysql_query($write);
if(mysql_affected_rows()) return $result;
else {
$write = "INSERT INTO session (id, time, data) VALUES ('".mysql_real_escape_string($id)."', '".time()."', '".mysql_real_escape_string($data)."')";
return #mysql_query($write);
}
}
When I print the update query ($write) everything looks fine. I can execute the SQL manually and it works, also with variables.
Maybe sessionId in cookie every time is refreshing in IE?
SO every time - new session
Related
so I want to make a notification with AJAX call, that checks the sum of rows in database, then compare it the amount from before.
when the AJAX access the php file, first it will check if $old_db is already defined or not, if not then define it.
then it will run the query(not using prepared statement yet because this still experimental to me) to check, num_row query and the store the value into $new_db.
after that it will compare the value and goes on.....
then finally it will assign $new_db value to $old_db
if(!(isset($old_db)) && empty($old_db)){
$old_db = "";
}
$sql = $con->query("SELECT * FROM produk");
$new_db = $sql->num_rows;
if($new_db > $old_db){
echo "ada";
echo "<br>".$old_db;
}
$old_db= $new_db;
now the problem whenever I run the php file, it never echoed the value of $old_db even though I already assign a value to it at the bottom of the script
I guess everytime I run the script the value got assigned as "" or null again? so how do I prevent that and keep the last value?
I'm thinking about storing it into Cookie....
after thinking about it if I only want to use it as notification then using Session is enough. thank you guys
session_start();
$_SESSION['old_db'] = $old_db;
if(!(isset($_SESSION['old_db']) && empty($_SESSION['old_db'])){
$_SESSION['old_db'] = "";
}
$sql = $con->query("SELECT * FROM produk");
$new_db = $sql->num_rows;
if($new_db > $_SESSION['old_db']){
echo "ada";
echo "<br>".$_SESSION['old_db'];
}
$_SESSION['old_db']= $new_db;
I am trying to retrieve a zone by running a PHP function based off of a place that has already been submitted.
Using FORM method GET, after submission, the variable that I am retrieving is:
$place = mysqli_real_escape_string($_GET['place]);
The variable immediately after is zone:
$zone = getZone($pol); // here is the PHP function call
Above both of these variables is the function getZone, which looks like this:
function getZone($place)
{
$searchZone = "SELECT ZONE FROM zones WHERE PLACE = '".$place."'";
$result = mysqli_query($dbc, $searchZone);
$row = mysqli_fetch_array($result);
return $row['ZONE'];
}
I can run the query in the database, and it returns the ZONE.
Now, the mysqli_fetch_array, which normally works for me, is failing to produce the result from the query.
Does anyone see what is wrong?
You've forgotten about PHP's variable scope rules:
$result = mysqli_query($dbc, $searchZone);
^^^^---- undefined
Since $dbc is undefined in the function, you're using a local null handle, which is invalid. If you'd had ANY kind of error handling in your code, you'd have been told about the problem.
Try
global $dbc;
$result = mysqli_query(...) or die(mysqli_error($dbc));
instead. Never assume success. Always assume failure, check for that failure, and treat success as a pleasant surprise.
This might help
//Assuming $dbc as connection variable
function getZone($dbc,$place)
{
$searchZone = "SELECT ZONE FROM zones WHERE PLACE = '".$place."'";
$result = mysqli_query($dbc, $searchZone);
$row = mysqli_fetch_array($result);
return $row['ZONE'];
}
include 'path/to/connectionfile';//Only if you haven't already done that
$zone = getZone($dbc,$pol);
Ok... I figured it out, thanks to the assistance of Marc B. I took into account that I was not providing my connection string, so I added it to the file. Problem is, I needed to add it to the actual function, like so:
function getZone($place)
{
include ("../include/database.php");
// then the rest of the code
After I included the database connection, I am now able to retrieve the zone.
Thank you.
echo $uid; // RETURNS INTEGER VALUE
if (isset ( $_POST ['cashpaid'] )) {
$queryfinal = "select * from " . $db_prefix . "customer_det
where `id` = '$uid'"; // UID RETURNS NULL
....
I've tried everything and every combination of globals and super globals that I could think of. There's just no way I can transfer the value over.
I pull $uid from a MySQL select and it assigns to an integer value. As you can see at the start of the code, that ending curly brace is the end of an IF statement which contains the value for $uid.
How can I assign the same value to $uid across all scopes?
This has been killing me for about two days. I'm sorry if this seems elementary but it's about to drive me nuts. I tried $GLOBALS['uid'] to no avail.
You could try with a setter/getter function declared once in the global scope, but it doesn't do much more than accessing GLOBALS anyway.
function globalUid($value = False)
{
GLOBAL $__uid;
if (!isset($__uid))
$__uid = False;
if (False === $value)
return $__uid;
$__uid = $value;
}
Then instead of echoing $uid, try globalUid($uid) and, later, $saved_uid = globalUid();.
But I think it's possible the two scopes are executing across two different calls, so you might need to save the UID in the session variables.
I am storing session information in an array called 'Auth'. That array contains 2 session information: id and password. My problem is when I am using the id info for quering, it is not working. I am pretty sure it is due to the fact that the id info in my table is an int, and the one from the session array isn't. So my question is to know how to convert that session id variable into an int. Here below the function in which I am using $_SESSION(['Auth']['id']). Thank you in advance for your replies. Cheers. Marc
The PHP code where I am using the session info:
<?php
session_start();
header('Content-Type: text/html; charset=utf-8');
require("connect.inc.php");
function isLogged(){
if(isset($_SESSION['Auth']) && isset($_SESSION['Auth']['id']) && isset($_SESSION['Auth']['pass'])){
extract($_SESSION['Auth']);
$result = mysql_query("SELECT * FROM usr_users WHERE usr_id = '$id' AND usr_pass = '$pass'");
if(mysql_num_rows($result)==1){
return true;
}
else{
return false;
}
}
}
?>
Here the PHP code where I set the session info:
<?php
session_start();
header('Content-Type: text/html; charset=utf-8');
require("connect.inc.php");
$identifiant = mysql_real_escape_string($_POST['identifiant']);
$pass = sha1($_POST['pass']);
$result = mysql_query("SELECT * FROM users WHERE usr_pseudo = '$identifiant' AND usr_pass = '$pass'");
if(mysql_num_rows($result)==1){
$data=mysql_fetch_assoc($result);
$_SESSION['Auth']=array(
'id'=>$data['usr_id'],
'pass'=>$pass
);
}
echo mysql_num_rows($result);
?>
extract() is a horribly ugly function, and you should wipe its existence out of your mind.
There's no need for it, since it's purely a holdover from PHP's early "lazy" days, when it tried to do everything for you, causing in part the miserable security reputation PHP has.
You can directly embed session variables wherever you want, even when it's an arbitrarily "deep" array reference like your session is:
$sql = "SELECT ... WHERE id={$_SESSION['Auth']['id']} ...";
or even
$id = $_SESSION['Auth']['id']'
$sql = "SELECT ... WHERE id=$id";
will both work the same way, and not litter your variable namespace with useless junk.
You can cast any variable into any type by using the cast methods.
$usr_id = (int)$data['usr_id']
This would return a type of integer. If the id includes anything else but integers, 0 is returned.
http://php.net/manual/en/language.types.type-juggling.php
You should not query DB each time you'd like to check if the user is logged in. And you don't need to store password in the seesion.
You have to query db only once when you login user (your second part of the code).
And it would be better if you create a simple wrapper for your auth logic. Something like this simple class with static functions:
<?php
class Auth
{
public static function login($identifiant, $password)
{
// query db then
// $_SESSION['Auth']['id'] = value from db
return self::id();
}
public static function isLogged()
{
return (bool)self::id()
}
public static function id()
{
return (isset($_SESSION['Auth']['id'])) ? $_SESSION['Auth']['id'] : false)
}
public static function logout()
{
$_SESSION['Auth'] = array();
}
}
// usage
Auth::login($_POST['identifiant'], $_POST['password']);
if (Auth::isLogged()) {
$sql = "select * from posts where user = " . Auth::id() . "";
}
Auth::logout();
If you are "pretty sure it is due to the fact that the id info in (your) table is an int, and the one from the session array isn't".
Then here's a simple way to convert your session id from array into a variable (cast it).
$id = (int)$_SESSION['id'];
Hope it helps.
you should not enclose integers in single quotes in the SQL
try this
$result = mysql_query("SELECT * FROM usr_users WHERE usr_id = $id AND usr_pass = '$pass'");
I have a class that handle SESSION in my code and store session data in DB. In Read callback function I write a query and load data from DB and return the value but when dump $_SESSION this is empty!
I trace the code and my query is corrent and data load but not set session value. this problem apear in subdomains but session_id and COOKIE is correct.
my read function code:
function read($session_id)
{
$result = #mysql_query("
SELECT
session_data
FROM
session_table
WHERE
session_id = '".$session_id."' AND
session_expire > '".time()."'
");
if (is_resource($result) && #mysql_num_rows($result) > 0) {
$fields = #mysql_fetch_assoc($result);
return $fields["session_data"];
}
return "";
}
My Log:
read function log:
SELECT
session_data
FROM
sessions_table
WHERE
session_id = '389dd7fc7bc19ffead7274c0ad860896' AND
session_expire > '1295954400'
read function result log:
Array
(
[session_data] => corret serialized data
)
write function log:
UPDATE
sessions_table
SET
session_data = '',
session_expire = '1295955840'
WHERE
session_id = '389dd7fc7bc19ffead7274c0ad860896'
Don't use the error supression operator (#). That's what prevents you from seeing the errors you made in your code. That's why you don't know where the error is in your code. That's why you have to ask where the error is in your code.
Actually, I do not see any errors in your code either, but e.g. if the database was not set up up correctly or there were an error in your SQL syntax, mysql_query would tell you that.