Page 1 of 1
cookies/sessions
Posted: Tue Jan 17, 2006 12:57 pm
by robojob
i have this code which sets a session upon login:
Code: Select all
<?php
session_start();
$dbHost = "***";
$dbUser = "****";
$dbPass = "**";
$dbname = "***";
$username = $_POST['username'];
$password = $_POST['password'];
$db = mysql_connect($dbHost,$dbUser,$dbPass);
mysql_select_db($dbname,$db);
$query = "SELECT user, pass FROM rwdlogin WHERE user = '$username'
AND pass = '$password'";
$result = mysql_query($query, $db);
if(mysql_num_rows($result)) {
$_SESSION['loggedin'] = 1;
header('Location: index.php');
exit(); }
else {
header('Location: login.php');
exit(); }
?>
how can i add to this a second session/cookie that stores the username so that i can do further queries on other members pages related to that user...?
Posted: Tue Jan 17, 2006 1:05 pm
by John Cartwright
Code: Select all
$result = mysql_query($query, $db);
if(mysql_num_rows($result)) {
//fetch results
$row = mysql_fetch_assoc($result);
$_SESSION['loggedin'] = 1;
//assign 'user' to session
$_SESSION['user'] = $row['user'];
header('Location: index.php');
exit();
}
Posted: Tue Jan 17, 2006 2:31 pm
by robojob
and how would i then recieve the session on any page and for example use it in an sql query?
Posted: Tue Jan 17, 2006 2:45 pm
by duk
i think you need to read the manual about $_SESSION
in other page you just need to access $_SESSION['user'] but anyway if you use a COOKIE will be more simple maybe...
search in manual for function setcookie
Posted: Tue Jan 17, 2006 3:29 pm
by robojob
ok so i am setting the session with the code that jcart supplied and in theory to display the value in the session i should be able to use this?
Code: Select all
<?php
session_start();
echo " Welcome " $user;
?>
However this gives me the following error:
Parse error: parse error, unexpected T_VARIABLE, expecting ',' or ';' in blah/blah/blah/test.php on line 3
HELP!!

Posted: Tue Jan 17, 2006 4:38 pm
by duk
sometimes you got your code problems resolved just by reading the manual...
http://www.php.net/manual/en/features.sessions.php
anyway in that case could be
Code: Select all
session_start();
if(isset($_SESSION['user'])) {
echo $_SESSION['user'];
}
Posted: Tue Jan 17, 2006 7:04 pm
by John Cartwright
robojob wrote:
Code: Select all
<?php
session_start();
echo " Welcome " $user;
?>
...
Parse error: parse error, unexpected T_VARIABLE, expecting ',' or ';' in blah/blah/blah/test.php on line 3
I would also recommend you reading the manual on
strings
This is how you would do it using double quotes
If your using single quotes, then you'll have to escape the string if you want to parse a variable
Posted: Tue Jan 17, 2006 8:00 pm
by raghavan20
robojob wrote:ok so i am setting the session with the code that jcart supplied and in theory to display the value in the session i should be able to use this?
Code: Select all
<?php
session_start();
echo " Welcome " $user;
?>
However this gives me the following error:
Parse error: parse error, unexpected T_VARIABLE, expecting ',' or ';' in blah/blah/blah/test.php on line 3
HELP!!

are you using global variables...then stop using it...access through $_SESSION["user"]
Posted: Wed Jan 18, 2006 12:52 pm
by robojob
i know i should use the manual but i find it more confusing than simple help that you can get here, the below works, but how can i use that in an sql query, for example, where user = the session value...
Posted: Wed Jan 18, 2006 12:58 pm
by neophyte
Right an sql statement similart to what's been posted.
Code: Select all
$user = $_SESSION['user'];
$sql = "SELECT * FROM users WHERE user='$user'";
Something like that will work.
Posted: Wed Jan 18, 2006 1:15 pm
by robojob
k i tried this:
Code: Select all
<?
mysql_connect("***","***","****");
mysql_select_db("blahblah");
if(!isset($cmd))
{
$user = $_SESSION['user'];
$result = mysql_query("SELECT * FROM users WHERE user='$user'");
while($r=mysql_fetch_array($result))
{
$user=$r["user"];
$pass=$r["pass"];
echo "<li>$user - $pass";
echo "<br>";
}
}
?>
and get this error: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource
Posted: Wed Jan 18, 2006 4:36 pm
by raghavan20
The $user global variable you are using might not contain any value and when you tried a select on it, it should have returned no results.
Two steps to counter it...
1. before doing a select operation, make sure inputs are valid,,,i.e user here
2. After select has been run, check for validity of result...simply if (!$result) display error;