Solved

html5 php sessions

Posted on 2011-03-10
11
484 Views
Last Modified: 2012-05-11
I am having a problem that i think has been narrowed down to the session not storing my variable and keeping it throughout the pages.  The pages are all in html5, although their endings are .php

When the user logs in, it acts successful and routes them to the next page, but when it reaches the part that talks to the database information is not being entered. I echo'd the sql for the doInsert page and it shows a correct statement but has nothing for the username (which is the session variable) and if i hard code it it goes to the database correctly.

So the session must not be registering or keeping active through all the pages.  Does this have anything to do with html5?  I am using the session start at the beginning of every page.

The code below is what i have for login, i have tried so many different things now though trying to get this to work i can't remember what i started with.
<?php
	
	// start the session
	session_start();
	
	// open database connection
	include("includes/openDbConn.php");
	
	$username	= $_POST["username"];
	$passwd		= $_POST["password"];
	
	$sql = "SELECT userID FROM Users WHERE userID='".$username."' AND Passwd='".$passwd."'";
	
	 //echo $sql; // to check 
	
	$result = mysql_query($sql);
	$row = mysql_fetch_row($result);
	
	
	if ($row){ // they exist!!
		$_SESSION["username"] = $username;
		header("Location: testA-overheat.php");
		exit;
	}else{
		header("Location: error.php");
		exit;
	}

?>

Open in new window

0
Comment
Question by:newmie22
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 9

Expert Comment

by:Vampireofdarkness
ID: 35099569
First and foremost, you need to increase security. At the very least, change $sql to
	$sql = "SELECT userID FROM Users WHERE userID='".addslashes($username)."' AND Passwd='".addslashes($passwd)."' LIMIT 1";

Open in new window


Second, use mysql_num_rows rather than mysql_fetch_row for verification whether or not a line exists.

Third, use mysql_fetch_assoc instead of mysql_fetch_row when using $row variables. _row will return both a numeric and associative array (0 => 1, 'userID'=>1) effectively doubling the size of the array.

Fourth, does testA-overheat.php start with
session_start()

Open in new window

0
 
LVL 9

Expert Comment

by:Vampireofdarkness
ID: 35099580
Ignore the part about mysql_fetch_row returning a numeric and associative array.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35099795
IE has problems with HTML5 and sessions. Check the following likely causes

1) Check the server date. IE is sensitive to the date being served up and if the server date is wrong it could be expiring the cookie with the session in it.

2) Make sure the domain name has only W3C characters - no underscores and such. Most browsers aren't bothered but IE has

3) If a FRAME or IFRAME is in use the problem could be related to something in the other pages or you may need to create a P3P header for IE
0
 
LVL 20

Accepted Solution

by:
Mark Brady earned 500 total points
ID: 35099967
Just to tidy things up and to get you into some sort of normality when coding, you might like to try the sessions like this. Copy the text below and save it as "session.php" in the same folder as your site. Do this for every site you want to use sessions in. I also use a constants.php file that connects me to the database instead of typing the connection code each time.

<?php // session.php - include with ALL documents you need to work with php sessions()
session_start();
if(is_array($_REQUEST)) {
  foreach($_REQUEST as $key => $value){
    $_SESSION[$key]      = $value;
    }
}
?>

Now in your other pages and immediately after the opening tag include that file. I usually put it in a folder called "inc/" short for "includes"

<?php // index.php
include("inc/session.php");
include("inc/constants.php"); // this file is your database connection script



Here is the constants.php code if you are interested.

<?php // constants.php located in the 'inc' folder
/*
Turn all error warnings and displays off for security and on for debugging */
ini_set("display_errors","off");
error_reporting(0);  // Uncomment this line and comment out next line before making this script public
//error_reporting(E_ALL);
date_default_timezone_set('Antarctica/McMurdo'); // set your default time zone if required

define("DB_SERVER", "127.0.0.1"); // or localhost or your servername
define("DB_USER", "your-mysql-username");
define("DB_PASS", "your-mysql-password");
define("DB_PORT", "3316"); // only set the port number if required. Usually not required so delete this line
define("DB_NAME", "AFM"); // The database name. You can set as many as you need.
define("DB_NAME1", "AFM_SCHOOL"); // This is another DB I need to connect to in this site.
mysql_connect(DB_SERVER.':'.DB_PORT, DB_USER, DB_PASS); // If no port is required this line should read as below
// mysql_connect(DB_SERVER, DB_USER, DB_PASS);
mysql_select_db(DB_NAME); // You database to connect to. To swap databases throughout the website add this line: mysql_select_db(DB_NAME1);
?>


Place that file (constants.php) in the same folder (inc/) and include it like I have done above. Now you can be sure that you will connect every time to the DB AND that every page required to use sessions will have a session started so ALL posted or $GET variables are captured as $_SESSION['variables']; and can be used on ANY page you include the session.php file in.

If you change what you have to this idea then you can rule out that possibility that the session is not valid on one or more of your pages.
0
 

Author Comment

by:newmie22
ID: 35099977
i don't use internet explorer, i have tested in and experienced problems in safari, chrome, and firefox, the latest versions, so it must be my code, i'm not very experienced with php and html5 is new to me
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 20

Expert Comment

by:Mark Brady
ID: 35100249
I don't use explorer either I use chrome, safari and Firefox. The main thing that goes wrong in EE5.5 and EE6.0 is div heights which if less than 20px will display at 20px because it thinks you are going to have text in there and their miniumum text size is around 20px. That is easy to get around and all my sites comply with most browsers.

Try my suggestion and see if your problem is still persistent.
0
 

Author Comment

by:newmie22
ID: 35100351
ok, i will try when i get home tonight to see if that fixes the issue, thanks
0
 

Author Comment

by:newmie22
ID: 35101595
elvin, changes my pages to be the way you described but still nothing is entered into the database unless i hardcode what is supposed to be the session variable
0
 
LVL 9

Expert Comment

by:Vampireofdarkness
ID: 35105998
Please post your code. It'll be easier to debug if we can see what's going on.
0
 
LVL 20

Expert Comment

by:Mark Brady
ID: 35107482
Ok echo your posted variables to make certain they have values in them. Whatever is posted, echo them back and check. Once it has been posted, if there is values in the posted variables they will automatically be inserted into the session variables. So if your post a username like this

<input type="text" name="username" value="<?php echo $_SESSION['username']; ?>" />

That is in your form. Now on the recieving form or any other page with that session file included, you will be able to echo $_SESSION['username'];

Sounds to me like there is nothing in your posted data. Also, don't use the actual $_SESSION['variablename'] inside a mysql statement it for some reason doesn't work as it should always. I always start a new page with

$username = $_SESSION['username'];  etc etc..... So check your posted data for values first.
0
 

Author Closing Comment

by:newmie22
ID: 35140522
Thanks for the help, i got it to work after organizing the pages like you said and fixing some spelling errors buried in my code!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this tutorial viewers will learn how to style a corner ribbon overlay for an image using CSS Create a new class by typing ".Ribbon":  Define the class' "display:" as "inline-block": Define its "position:" as "relative": Define its "overflow:" as …
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now