How can I register a session based on a field from my MySQL table?
I have a simple login form that does a fine job of registering a session allowing the user to login based on the email and password in the USERS table. My checklogin.php does this:
// username and password sent from signup form
$myusername=$_POST['myuser
$mypassword=$_POST['mypass
$sql="SELECT * FROM $tbl_name WHERE Email='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result)
// Mysql_num_row is counting table row
$count=mysql_num_rows($res
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION["ClientID"] = $row['ClientID'];
and redirects to my welcome page. However, it doesn't seem to be creating the session that I want (ClientID). Am I doing something wrong?
Thanks!
Kevin
// username and password sent from signup form
$myusername=$_POST['myuser
$mypassword=$_POST['mypass
$sql="SELECT * FROM $tbl_name WHERE Email='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result)
// Mysql_num_row is counting table row
$count=mysql_num_rows($res
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION["ClientID"] = $row['ClientID'];
and redirects to my welcome page. However, it doesn't seem to be creating the session that I want (ClientID). Am I doing something wrong?
Thanks!
Kevin
Ray Paseur
Are you using session_start() on every page?
Might be helpful if you posted the entire script. The segments above omit error handling and reporting that is required if you want to diagnose an issue like this. Perhaps if we see the entire script we can help you put in some diagnostic code to find out where the issue lies.
Best, ~Ray
Best, ~Ray
Is the webpage you are redirecting to in the same domain as the one creating the clientid session variable? If not, that might be your problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@yodercm: Good point! Or even in the same subdomain or directory path! The default session handling sets a cookie that can be quite confusing. But my guess is that there is something more prosaic, like a failing query that is not recognized. If only we could get everyone here to learn about var_dump() we could take the weekend off!
Best regards, ~Ray
Best regards, ~Ray
@rameshfromind: just a thought. What do you think will happen if I post to your script with a password field that says, "Foo OR 1=1" ? It might be good to see the OP's actual complete code so we can help with things like unescaped or malicious form input, too. Alas, there are so many ways to make just a little mistake that can create a world of nightmares!
ASKER
domain is the same, so that's not the issue.
Please show us the "real code" -- we can show you how to put in some diagnostics that will make this easy to find and fix. Thanks, ~Ray
ASKER
Wow...it was just adding the session_start to the login code. I was not aware that it had to be in the login code itself, I just thought it had to be on actual pages.
Learn something new and simple every day :)
Thanks all!
Kevin
Learn something new and simple every day :)
Thanks all!
Kevin
Great!
Here is a thought you might want to consider going forward. Create a "config.php" script and include it as the first statement of all your PHP scripts. Inside that you can do all the basic stuff you need, such as session_start(), DB connections, etc.
Your scripts will all start something like this:
<?php // MY SCRIPT TO SHOW CONFIG
require_once('config.php')
A teaching sample for a config.php script is shown here:
Here is a thought you might want to consider going forward. Create a "config.php" script and include it as the first statement of all your PHP scripts. Inside that you can do all the basic stuff you need, such as session_start(), DB connections, etc.
Your scripts will all start something like this:
<?php // MY SCRIPT TO SHOW CONFIG
require_once('config.php')
A teaching sample for a config.php script is shown here:
<?php // RAY_sample_config.php
// DO NOT RUN THIS SCRIPT STANDALONE
if (count(get_included_files()) < 2) { header("HTTP/1.1 301 Moved Permanently"); header("Location: /"); exit; }
// SEE ALL ERRORS
error_reporting(E_ALL);
// ALWAYS START THE SESSION
session_start();
// CONNECTION AND SELECTION VARIABLES FOR THE DATABASE
$db_host = "localhost"; // PROBABLY THIS IS OK
$db_name = "??"; // GET THESE FROM YOUR HOSTING COMPANY
$db_user = "??";
$db_word = "??";
// CONNECT TO THE DATA BASE SERVER
if (!$db_connection = mysql_connect("$db_host", "$db_user", "$db_word"))
{
$errmsg = mysql_errno() . ' ' . mysql_error();
echo "<br/>NO DB CONNECTION: ";
echo "<br/> $errmsg <br/>";
}
// SELECT THE DATA BASE
if (!$db_sel = mysql_select_db($db_name, $db_connection))
{
$errmsg = mysql_errno() . ' ' . mysql_error();
echo "<br/>NO DB SELECTION: ";
echo "<br/> $errmsg <br/>";
die('NO DATA BASE');
}
// LOCAL CONSTANTS DEFINITIONS
DEFINE("TOKEN", "PuhCIz8dbaC6JEvtjO7SHy1JZ2CdS");
// LOCAL FUNCTIONS DEFINITIONS
function get_clean_integer_string($string)
{
return trim(ereg_replace("[^0-9\-]", "", $string)); // FORCE IT ALL NUMERIC
}
// INITIALIZATION CODE
list ($x, $y) = explode(" ", microtime());
$script_start_time = $x + $y;
// ETC ETC ETC...ASKER
Thanks to everyone! Great tip ray! I'll do that from now on.
@ksmithscs, at EE it is considered good form to award at least SOME of the points to the first correct answer you receive, such as the one I posted five minutes after your question arrived. You can use the "request attention" button to ask a moderator to help you change this. Thank you for your consideration, ~Ray