Page 1 of 1

session variable help for newbie?

Posted: Wed Oct 17, 2007 2:58 am
by dennis73
Hi

I am developing an app to allow parents to access their children's academic reports online. I previously did this in asp.net and used the pupil id no. as the session variable to limit all the subsequent recordsets to show data only for that pupil. Can anyone advise on how I can do this in PHP? The pupil id is seffectively the password, and I want the to carry to the next pages to use in the MySQL queries on those pages. Can I do this or is there a better method? I want to keep security high as I don't want parents to see the wrong reports :oops: !

Thanks all.

Posted: Wed Oct 17, 2007 4:37 am
by s.dot
Sure, just put it in your session data. ;)

Code: Select all

//must be called at the top of every page you want to use session information on
session_start();

//store student's id
$_SESSION['student_id'] = $student_id;

Posted: Wed Oct 17, 2007 4:45 am
by dennis73
Great, thanks for that. however when i try to call the variable in a MySql query ("SELECT pupilID, UPN, forename, surname FROM pupils WHERE UPN = $_session['UPN']";) I get a bad syntax message for near ['UPN']. UPN is the pupilid number i am using in this case and i have set the variable as you suggested.

Thanks

Posted: Wed Oct 17, 2007 4:53 am
by s.dot
You have to concatenate it. ;)

Code: Select all

mysql_query("SELECT pupilID, UPN, forename, surname FROM pupils WHERE UPN = '" . $_SESSION['UPN'] . "'");
However, PHP is case sensitive. Meaning that $_session['upn'] is not the same as $_SESSION['UPN']. $_SESSION must always be capitalized.

Posted: Wed Oct 17, 2007 5:11 am
by dennis73
Great, thanks for your prompt and accurate help! :D