Page 1 of 1

session_start

Posted: Sat Nov 14, 2009 10:18 am
by chris_s_22
im trying to get to grips with using sessions

i have a page connection.php - this holds database details and connects to database and also uses session_start this page also does a php include to my functions.php page.

in my functions page in the login_user function i do

Code: Select all

// Now encrypt the data to be stored in the session
     $encrypted_id = md5($user['id']);
     $encrypted_name = md5($user['username']);
 
     // Store the data in the session
     $_SESSION['id'] = $id;
     $_SESSION['username'] = $username;
     $_SESSION['encrypted_id'] = $encrypted_id;
     $_SESSION['encrypted_name'] = $encrypted_name;
my questions are
on all other pages i create do i need to use session_start so the data is passed and ready for me to use? if not what do i do so i can use the session data to do checks.
do i still need to use session_start if on the page i do a php include to connection.php or would this be classed as doing the same thing since i do a session_start in my connection.php page.

last question if i have a form that send data to a page, that pages then checks data then calls for profile_edit function that i wanted to do a query to my database using something like this

Code: Select all

 
<?php
function profile_edit($forminput1)
$query = ("UPDATE users SET feild1='$forminput1' WHERE username='$username'");
$result = mysql_query ($query) or die ('Could not edit user.');
    if($result)
    {   
    // Reshow the form with an error
    $updateeditprofile_error = 'error';
    include 'profileeditform.php';
    exit;
    }
    else
    {
echo "hello";
    }
}
?>
 
how do i do some kind of check to make sure my code in the query is using the session data $username

Re: session_start

Posted: Mon Nov 16, 2009 10:13 am
by ceiroa
You need to have session_start() in every page, but if you have it in one file, such as connection.php, that is included in all other files that would be enough (include it at the top).

Regarding the last question, you could just assign a value to $username right before the query:

Code: Select all

$username = $_GET['username'];
$query = "UPDATE users SET feild1='$forminput1' WHERE username='$username'";
Or you can pass $username to the function as a parameter.

---------------
Carlos R. M. Eiroa
PHP Consultant