Solved

looping through mysql for php session

Posted on 2011-02-10
10
240 Views
Last Modified: 2012-05-11
I would like to validate new users email address, and the way I thought would be best is store a PHP session_id() in the mysql table users under the new user and then send an email, with a link containing the sessionId to click on: where my problem is, im looping through the result in the users to see if the sessionId already exists, and seems that I put myself in an infinite loop the code I have is below please help
function getSessionId()
	{
		$mySession = session_id();
		$goodSession = false;
		while(!$goodSession)
		{
			dbConnect("website.com","website","website","website");
			$verifySessionIdQuery = mysql_query("SELECT accountOpeningSessionId FROM accounts WHERE accountOpeningSessionId='" . $mySession . "'") or die(mysql_error());
			if(mysql_num_rows($verifySessionIdQuery))
			{
				$goodSession = false;
				$mySession = session_regenerate_id();					
			}
			else
			{
				$goodSession = true;
				break;
			}
			dbDisconnect();				
		}
		return $mySession;
	}

Open in new window

0
Comment
Question by:prowebinteractiveinc
10 Comments
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 34866968
Hi prowebinteractiveinc,

What are you testing for in line 9?
0
 

Author Comment

by:prowebinteractiveinc
ID: 34867024
im checking to see if the new session_id already exists
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 34867046
Okay, try this:

if(mysql_num_rows($verifySessionIdQuery) > 0)
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:prowebinteractiveinc
ID: 34867130
this is not where my problem is....  its the first loop, Im thinking
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 34867146
The while() loop? That looks correct.

What I'm thinking is your if() test as written always evaluates to true and that would send this process into a death spiral.
0
 

Author Comment

by:prowebinteractiveinc
ID: 34867156
can the same php_session be created ?

on the other hand the if will only return true if there is a record...
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 34867169
>> on the other hand the if will only return true if there is a record...

I think mysql_num_rows() returns a value of 0, not null.  So even when there is no record, the if() still evaluates to true due to the presence of the integer.

Test it.  It's three keystrokes to prove me right or wrong.
0
 

Author Comment

by:prowebinteractiveinc
ID: 34867206
I tried: if(mysql_num_rows($verifySessionIdQuery) > 0) as you suggested, it didnt work !
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 34867660
"while(!$goodSession)" will never exit unless there is a match.  So if there isn't a match in your database, you're stuck right there.  It will repeatedly connect to the database and run the same query.
0
 
LVL 2

Accepted Solution

by:
requeue earned 500 total points
ID: 34868501
I agree with DaveBaldwin.

What's the purpose of the loop ?
the code below is enough, isn't it?

function getSessionId()
	{
		$mySession = session_id();
		dbConnect("website.com","website","website","website");
		$verifySessionIdQuery = mysql_query("SELECT accountOpeningSessionId FROM accounts WHERE accountOpeningSessionId='" . $mySession . "'") or die(mysql_error());
		if(mysql_num_rows($verifySessionIdQuery) == 0)
		{
			// no record exists, refresh session ID
			$mySession = session_regenerate_id();
		}
		dbDisconnect();				
		return $mySession;
	}

Open in new window

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question