Session variable help
Moderator: General Moderators
Session variable help
hi i want to take the persons username and assign it to a session variable so that on the welcome screen says something like "welcome 'username'" etc. its probably easy, but im new to php so go easy on me 
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
basics:
Code: Select all
<?php
session_start();
$_SESSION['username'] = 'larry';
?>
<html>
<body>
Welcome <?php echo $_SESSION['username']; ?>.
</body>
</html>- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Code: Select all
session_start();
$_SESSION['username'] = 'Jcart';- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
most basic form (unsecure)
Code: Select all
<?php
session_start();
$_SESSION['username'] = $_POST['username'];
?>- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
inherant security in trusting anything from an outside source is low, typically. Granted, this example is less benign, but still has potential exploitation factors.
For instance, with the code as I wrote the example, if someone sent HTML along with it, that html would be sent to the user viewing it. Which could potentially do various things, such as give out information about the internals of the server, or execute some Javascript..
For instance, with the code as I wrote the example, if someone sent HTML along with it, that html would be sent to the user viewing it. Which could potentially do various things, such as give out information about the internals of the server, or execute some Javascript..