[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 510
  • Last Modified:

html5 php sessions

I am having a problem that i think has been narrowed down to the session not storing my variable and keeping it throughout the pages.  The pages are all in html5, although their endings are .php

When the user logs in, it acts successful and routes them to the next page, but when it reaches the part that talks to the database information is not being entered. I echo'd the sql for the doInsert page and it shows a correct statement but has nothing for the username (which is the session variable) and if i hard code it it goes to the database correctly.

So the session must not be registering or keeping active through all the pages.  Does this have anything to do with html5?  I am using the session start at the beginning of every page.

The code below is what i have for login, i have tried so many different things now though trying to get this to work i can't remember what i started with.
<?php
	
	// start the session
	session_start();
	
	// open database connection
	include("includes/openDbConn.php");
	
	$username	= $_POST["username"];
	$passwd		= $_POST["password"];
	
	$sql = "SELECT userID FROM Users WHERE userID='".$username."' AND Passwd='".$passwd."'";
	
	 //echo $sql; // to check 
	
	$result = mysql_query($sql);
	$row = mysql_fetch_row($result);
	
	
	if ($row){ // they exist!!
		$_SESSION["username"] = $username;
		header("Location: testA-overheat.php");
		exit;
	}else{
		header("Location: error.php");
		exit;
	}

?>

Open in new window

0
newmie22
Asked:
newmie22
  • 4
  • 3
  • 3
  • +1
1 Solution
 
VampireofdarknessCommented:
First and foremost, you need to increase security. At the very least, change $sql to
	$sql = "SELECT userID FROM Users WHERE userID='".addslashes($username)."' AND Passwd='".addslashes($passwd)."' LIMIT 1";

Open in new window


Second, use mysql_num_rows rather than mysql_fetch_row for verification whether or not a line exists.

Third, use mysql_fetch_assoc instead of mysql_fetch_row when using $row variables. _row will return both a numeric and associative array (0 => 1, 'userID'=>1) effectively doubling the size of the array.

Fourth, does testA-overheat.php start with
session_start()

Open in new window

0
 
VampireofdarknessCommented:
Ignore the part about mysql_fetch_row returning a numeric and associative array.
0
 
Beverley PortlockCommented:
IE has problems with HTML5 and sessions. Check the following likely causes

1) Check the server date. IE is sensitive to the date being served up and if the server date is wrong it could be expiring the cookie with the session in it.

2) Make sure the domain name has only W3C characters - no underscores and such. Most browsers aren't bothered but IE has

3) If a FRAME or IFRAME is in use the problem could be related to something in the other pages or you may need to create a P3P header for IE
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Mark BradyCommented:
Just to tidy things up and to get you into some sort of normality when coding, you might like to try the sessions like this. Copy the text below and save it as "session.php" in the same folder as your site. Do this for every site you want to use sessions in. I also use a constants.php file that connects me to the database instead of typing the connection code each time.

<?php // session.php - include with ALL documents you need to work with php sessions()
session_start();
if(is_array($_REQUEST)) {
  foreach($_REQUEST as $key => $value){
    $_SESSION[$key]      = $value;
    }
}
?>

Now in your other pages and immediately after the opening tag include that file. I usually put it in a folder called "inc/" short for "includes"

<?php // index.php
include("inc/session.php");
include("inc/constants.php"); // this file is your database connection script



Here is the constants.php code if you are interested.

<?php // constants.php located in the 'inc' folder
/*
Turn all error warnings and displays off for security and on for debugging */
ini_set("display_errors","off");
error_reporting(0);  // Uncomment this line and comment out next line before making this script public
//error_reporting(E_ALL);
date_default_timezone_set('Antarctica/McMurdo'); // set your default time zone if required

define("DB_SERVER", "127.0.0.1"); // or localhost or your servername
define("DB_USER", "your-mysql-username");
define("DB_PASS", "your-mysql-password");
define("DB_PORT", "3316"); // only set the port number if required. Usually not required so delete this line
define("DB_NAME", "AFM"); // The database name. You can set as many as you need.
define("DB_NAME1", "AFM_SCHOOL"); // This is another DB I need to connect to in this site.
mysql_connect(DB_SERVER.':'.DB_PORT, DB_USER, DB_PASS); // If no port is required this line should read as below
// mysql_connect(DB_SERVER, DB_USER, DB_PASS);
mysql_select_db(DB_NAME); // You database to connect to. To swap databases throughout the website add this line: mysql_select_db(DB_NAME1);
?>


Place that file (constants.php) in the same folder (inc/) and include it like I have done above. Now you can be sure that you will connect every time to the DB AND that every page required to use sessions will have a session started so ALL posted or $GET variables are captured as $_SESSION['variables']; and can be used on ANY page you include the session.php file in.

If you change what you have to this idea then you can rule out that possibility that the session is not valid on one or more of your pages.
0
 
newmie22Author Commented:
i don't use internet explorer, i have tested in and experienced problems in safari, chrome, and firefox, the latest versions, so it must be my code, i'm not very experienced with php and html5 is new to me
0
 
Mark BradyCommented:
I don't use explorer either I use chrome, safari and Firefox. The main thing that goes wrong in EE5.5 and EE6.0 is div heights which if less than 20px will display at 20px because it thinks you are going to have text in there and their miniumum text size is around 20px. That is easy to get around and all my sites comply with most browsers.

Try my suggestion and see if your problem is still persistent.
0
 
newmie22Author Commented:
ok, i will try when i get home tonight to see if that fixes the issue, thanks
0
 
newmie22Author Commented:
elvin, changes my pages to be the way you described but still nothing is entered into the database unless i hardcode what is supposed to be the session variable
0
 
VampireofdarknessCommented:
Please post your code. It'll be easier to debug if we can see what's going on.
0
 
Mark BradyCommented:
Ok echo your posted variables to make certain they have values in them. Whatever is posted, echo them back and check. Once it has been posted, if there is values in the posted variables they will automatically be inserted into the session variables. So if your post a username like this

<input type="text" name="username" value="<?php echo $_SESSION['username']; ?>" />

That is in your form. Now on the recieving form or any other page with that session file included, you will be able to echo $_SESSION['username'];

Sounds to me like there is nothing in your posted data. Also, don't use the actual $_SESSION['variablename'] inside a mysql statement it for some reason doesn't work as it should always. I always start a new page with

$username = $_SESSION['username'];  etc etc..... So check your posted data for values first.
0
 
newmie22Author Commented:
Thanks for the help, i got it to work after organizing the pages like you said and fixing some spelling errors buried in my code!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now