Session variable help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mickyc1
Forum Newbie
Posts: 4
Joined: Mon Aug 22, 2005 10:36 am

Session variable help

Post by mickyc1 »

hi i want to take the persons username and assign it to a session variable so that on the welcome screen says something like "welcome 'username'" etc. its probably easy, but im new to php so go easy on me :!:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

basics:

Code: Select all

<?php

session_start();

$_SESSION['username'] = 'larry';

?>
<html>
 <body>
  Welcome <?php echo $_SESSION['username']; ?>.
 </body>
</html>
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Code: Select all

session_start();
$_SESSION['username'] = 'Jcart';
session_start(); has to be on line 1 of your script, or atleast before ANY output. Now this will assign your session variable to 'Jcart'. Now to access this variable on any other page you must have session_start(); before any output, and then simply echo $_SESSION['username'];
mickyc1
Forum Newbie
Posts: 4
Joined: Mon Aug 22, 2005 10:36 am

Post by mickyc1 »

cheers. how do i get the info from the users input in the username field :?:
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

That all depends? Do they login in through a form?

If that is the case when they submit the form simply have a $_SESSION['username'] = $_POST['username'];
that is of course assuming username is the field name. You might want to look into validating the input fields aswell.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

most basic form (unsecure)

Code: Select all

<?php

session_start();
$_SESSION['username'] = $_POST['username'];

?>
pilau
Forum Regular
Posts: 594
Joined: Sat Jul 09, 2005 10:22 am
Location: Israel

Post by pilau »

Why is it unsecure?
And what can you do to secure it?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

inherant security in trusting anything from an outside source is low, typically. Granted, this example is less benign, but still has potential exploitation factors.

For instance, with the code as I wrote the example, if someone sent HTML along with it, that html would be sent to the user viewing it. Which could potentially do various things, such as give out information about the internals of the server, or execute some Javascript..
pilau
Forum Regular
Posts: 594
Joined: Sat Jul 09, 2005 10:22 am
Location: Israel

Post by pilau »

And what can you do to secure it?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

validate, filter, and/or translate the information into something valid or puke it back at the user with an error... The security board is a good place to read up on how these things are done.
Post Reply