Page 1 of 1

cookies/sessions

Posted: Tue Jan 17, 2006 12:57 pm
by robojob
i have this code which sets a session upon login:

Code: Select all

<?php
session_start();

$dbHost = "***"; 
$dbUser = "****"; 
$dbPass = "**"; 
$dbname = "***"; 
$username = $_POST['username'];
$password = $_POST['password'];

$db = mysql_connect($dbHost,$dbUser,$dbPass); 
mysql_select_db($dbname,$db);                 

$query = "SELECT user, pass FROM rwdlogin WHERE user = '$username'
AND pass = '$password'";
$result = mysql_query($query, $db);
if(mysql_num_rows($result)) {
   $_SESSION['loggedin'] = 1;
   header('Location: index.php');
   exit(); }
else {
   header('Location: login.php');
   exit(); }
?>
how can i add to this a second session/cookie that stores the username so that i can do further queries on other members pages related to that user...?

Posted: Tue Jan 17, 2006 1:05 pm
by John Cartwright

Code: Select all

$result = mysql_query($query, $db);
if(mysql_num_rows($result)) {
   //fetch results
   $row = mysql_fetch_assoc($result);
   $_SESSION['loggedin'] = 1;
   //assign 'user' to session
   $_SESSION['user'] = $row['user'];
   header('Location: index.php');
   exit(); 
}

Posted: Tue Jan 17, 2006 2:31 pm
by robojob
and how would i then recieve the session on any page and for example use it in an sql query?

Posted: Tue Jan 17, 2006 2:45 pm
by duk
i think you need to read the manual about $_SESSION

in other page you just need to access $_SESSION['user'] but anyway if you use a COOKIE will be more simple maybe...

search in manual for function setcookie

Posted: Tue Jan 17, 2006 3:29 pm
by robojob
ok so i am setting the session with the code that jcart supplied and in theory to display the value in the session i should be able to use this?

Code: Select all

<?php 
session_start(); 
echo " Welcome " $user; 
?>
However this gives me the following error:

Parse error: parse error, unexpected T_VARIABLE, expecting ',' or ';' in blah/blah/blah/test.php on line 3

HELP!! :)

Posted: Tue Jan 17, 2006 4:38 pm
by duk
sometimes you got your code problems resolved just by reading the manual...

http://www.php.net/manual/en/features.sessions.php

anyway in that case could be

Code: Select all

session_start();
if(isset($_SESSION['user'])) { 
      echo $_SESSION['user']; 
}

Posted: Tue Jan 17, 2006 7:04 pm
by John Cartwright
robojob wrote:

Code: Select all

<?php 
session_start(); 
echo " Welcome " $user; 
?>
...
Parse error: parse error, unexpected T_VARIABLE, expecting ',' or ';' in blah/blah/blah/test.php on line 3
I would also recommend you reading the manual on strings

This is how you would do it using double quotes

Code: Select all

echo "Welcome $user";
If your using single quotes, then you'll have to escape the string if you want to parse a variable

Code: Select all

echo 'Welcome '.$user;

Posted: Tue Jan 17, 2006 8:00 pm
by raghavan20
robojob wrote:ok so i am setting the session with the code that jcart supplied and in theory to display the value in the session i should be able to use this?

Code: Select all

<?php 
session_start(); 
echo " Welcome " $user; 
?>
However this gives me the following error:

Parse error: parse error, unexpected T_VARIABLE, expecting ',' or ';' in blah/blah/blah/test.php on line 3

HELP!! :)
are you using global variables...then stop using it...access through $_SESSION["user"]

Posted: Wed Jan 18, 2006 12:52 pm
by robojob
i know i should use the manual but i find it more confusing than simple help that you can get here, the below works, but how can i use that in an sql query, for example, where user = the session value...
duk wrote:sometimes you got your code problems resolved just by reading the manual...

http://www.php.net/manual/en/features.sessions.php

anyway in that case could be

Code: Select all

session_start();
if(isset($_SESSION['user'])) { 
      echo $_SESSION['user']; 
}

Posted: Wed Jan 18, 2006 12:58 pm
by neophyte
Right an sql statement similart to what's been posted.

Code: Select all

$user = $_SESSION['user'];
$sql = "SELECT * FROM users WHERE user='$user'";
Something like that will work.

Posted: Wed Jan 18, 2006 1:15 pm
by robojob
k i tried this:

Code: Select all

<? 

mysql_connect("***","***","****"); 
	

mysql_select_db("blahblah"); 


if(!isset($cmd)) 
{
  
   $user = $_SESSION['user'];
   $result = mysql_query("SELECT * FROM users WHERE user='$user'"); 
   
   
   while($r=mysql_fetch_array($result)) 
   { 
      
      $user=$r["user"];
      $pass=$r["pass"];
     
	
      echo "<li>$user - $pass";
      echo "<br>";
    }
}
?>
and get this error: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

Posted: Wed Jan 18, 2006 4:36 pm
by raghavan20
The $user global variable you are using might not contain any value and when you tried a select on it, it should have returned no results.

Two steps to counter it...
1. before doing a select operation, make sure inputs are valid,,,i.e user here
2. After select has been run, check for validity of result...simply if (!$result) display error;