|
PHP - Setting Mysql Result As Php Session
Hey guys,
Currently Im using: $row = mysql_fetch_array($result) or die(mysql_error()); echo $row['user_family']. " - ". $row['user_registered']; $row['user_family'] = $fam; $_SESSION['family'] = $fam; to take data from a mysql table & set it as SESSION family. However, I cant seem to get this to set. The information IS being taken from mysql because its being echo'd earlier up in the code, but its just not passing to the session. Any ideas? Similar TutorialsWhen I run 'select 1700-price as blah from goldclose as t2 order by dayid desc limit 1' by itself in mysql I get a numerical result: one row, one column. In my php script, the 1700 is actually a variable. so here it is $changequery = sprintf("select $goldprice-price as change from goldclose order by dayid desc limit 1"); $change = mysql_query(changequery); while ($row = mysql_fetch_array($change)) { printf("$row[0]"); } mysql_free_result($changeresult); I get the following error, Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/root/fuzzy/htmlmain4.php on line 99 Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in <b>/root/fuzzy/htmlmain4.php on line 103 Not sure why? All i want is to get the result of that select statement into a variable such as $change I have created a test account in my database with a user level of -1 and i think my code might be wrong but i am hoping someone can spot where i have gone wrong as i cannot, also a similar problem with another session variable loggedIn this is what i get when i login this is on the index page.
Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11 Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17 You must be logged in to view this page!Index page source code:
<?php
session_start();
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');
require 'connect.php';
if($_SESSION['loggedIn'] == 1) {
//Do Nothing
exit();
} else if($_SESSION['loggedIn'] != 1) {
echo "You must be logged in to view this page!";
exit();
}
if($_SESSION['user_level'] == -1) {
header("Location: banned.php");
} if(isset($_SESSION['username'])) {
echo "<div id='welcome'> Welcome, ". $_SESSION['username'] ." <br> </div> ";
}
?>
Also if you need my login source code:
<?php
error_reporting(E_ALL | E_NOTICE);
require 'connect.php';
session_start();
if (isset($_POST['submit'])) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if (empty($username)) {
echo "You did not enter a username, Redirecting...";
echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
exit();
}
if (empty($password)) {
echo "You did not enter a password, Redirecting...";
echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
exit();
}
//Prevent hackers from using SQL Injection to hack into Database
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$result = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'");
$row = $result->fetch_array();
$user_level = $row['user_level'];
// check to make sure query did execute. If it did not then trigger error use mysqli::error to see why it failed
if($result->num_rows > 0)
{
//Set default user
$_SESSION['loggedIn'] == 1;
$_SESSION['user_level'] == 1;
$_SESSION['username'] == trim($_POST['username']);
header("Location: index.php");
exit();
} else if($row['user_level'] == 1) {
$_SESSION['user_level'] == 1;
//Location admin
header("Location: admin.php");
exit();
} else if($row['user_level'] == -1) {
$_SESSION['user_level'] == -1;
$_SESSION['username'] == trim($_POST['username']);
//Location banned
header("Location: banned.php");
exit();
} else if($_SESSION['loggedIn'] == true) {
//Location default user home page
header("index.php");
} else {
echo "Invalid Username/Password";
}
//Kill unwanted session
} if(isset($_POST['killsession'])) {
session_destroy();
echo "<br> <br> The Session Destroyed. (Basically means you have been logged out)";
exit();
}
?>
I appreciate all help
Hi guys,
I would like to have a security measure in place to prevent unauthorized access to my site without a valid log on.
At the moment, it would let anyone in without destroying the session and redirecting to index page.
What would i "use" that's created in the session? what's the "best" practice
My understanding is that the session variable is stored in the browser, after a successful log in, that session variable is like baton or a key that's "passed" onto the next page.
- if someone tried to bypass the log on with the session then access is denied or redirected away.
So on my index page to start i have:
<?php session_start(); /* clear all session variable */ $_SESSION = array(); /* set a session variable for later use */ $_SESSION['what_page'] = "admin00"; ?>What do i need to have to use the session against unauthorized access? my guess is:
if(!isset($_SESSION['what_page']) || $_SESSION['what_page'] != "index.php") {
$_SESSION = array();
session_destroy();
header("Location: index.php");
exit();
}
So to me that means;
- if 'what_page' is not set from the index page, don't go any further, re-direct (back to index)
If i remove this and use a known username and password, i am able to log into the correct page, but this session validation is the bit that's not working
please could you help?
I have a form where users enter name, username, password etc. The values are posted to a MySQL table where I also have a field called 'ID' that auto increments. I want to store that ID in a SESSION variable that I can carry over to other pages. Need help in doing this please. Record set has 2 text fields in the form which is set in a full repeat recordset browse. So, we get a long list of every record in the database. However, I want to be able to click on a single record and make another page appear. I can do this if the display is set as a table without using a text field form -- just the record variable and using a hyperlink. But, I want to use the text field. Wrapping the form only gets me the value of the last record displayed. Help would be appreciated. Hi all, Yesterday I moved a web application from a normal cookie session to a use_trans_sid session because some users' browser didn't accept cookies. This works great, but the session used to last for 45 minutes (set with session.gc_maxlifetime), but after the change the session times out faster. (How) can I set the session length if I use use_trans_sid? Thanks, Base PS: PHP version 5.2.13-1 I am using sprintf( mysql_insert_id()); to print primary key but I can save this in a varible and echo this. But I would like to know how to save this in to a session and use this one another page. Hi girls and boys I am trying to set a variable if a session OR a cookie has been set, but am unsure on how to write the statement... if (isset($_SESSION['name'])||isset($_COOKIE['name'])) {$variable = $_SESSION['name']||$_COOKIE['name'];} Obviously not working there, but just need a pointer here. any help is appreciated... i'm creating a page counter which updates a value in a database each time the page is loaded. I'm trying to make it so that it checks to see if a session has been set, if not, it updates the database, and then sets the session. This way it wont update every time someone refreshes the page. $id=$_GET['id']; if(!isset($_SESSION[$id])){ $_SESSION[$id]= $id; $views = $row['views'] + 1; $update_views=mysql_query("UPDATE topic SET views='".$views."' WHERE topic_id='".$id."'") i want to set the session variable as that of the page id ($id) The problem is that it keeps updating the database everytime the page is reloaded. I'm not sure if i'm setting the session variable correctly. Any ideas would be great Thanks hey guys, Im trying to register a session from a login im making and for some reason its not working. here is my code: <?php session_start(); if(isset($_POST['username'])){ $username = $_POST['username']; //name of the text field for usernames $password = $_POST['password']; //likewise here just for the password //connect to the db $user = 'root'; $pswd = ''; $db = 'chat'; $conn = mysql_connect('localhost', $user, $pswd); mysql_select_db($db, $conn); //run the query to search for the username and password the match $query = "SELECT * FROM users WHERE username = '$username' AND password ='$password'"; $result = mysql_query($query) or die("Unable to verify user because : " . mysql_error()); //this is where the actual verification happens if(mysql_num_rows($result) == 1){ //the username and password match //so e set the session to true $_SESSION['username'] = $username; $_SESSION['uID'] = $result['user_id']; //$_SESSION['email'] = $result['email']; //and then move them to the index page or the page to which they need to go header('Location: index.php'); }else{ $err = 'Incorrect username / password.' ; } //then just above your login form or where ever you want the error to be displayed you just put in echo $err; } else ?> Im trying to make it so it also gets the user_id of the user logging in and creates a session for it. It works for the username part, and Im able to echo the username im logged in with, but for some reason it does want to work for the user_id part. This is what doesnt register $_SESSION['uID'] = $result['user_id']; Thanks for the upcoming help. Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. HI. I am talking about this website. http://www.elfster.com/ Please browse this website. Can any one tell me how database structure / queries will work? (i know PHP / MYSQL) Can any one guide me a little bit. I would really appreciate it, Thanks Waiting for reply. How can I check if a returned mysql value is equal to '' i.e. nothing? I keep getting an error where the page won't load because the returned value is '' so i need to check for it Two part question: 1) I have a MySql table called "lang_key", which will store all of the common text for a site, which will allow easy site modifications from the "non tech" admin. Now, I am creating a recordest that will pull the information from the table, and create a basic list of variables in php. For example: I connect to the database, and do a wildcard select. I can figure out how to set a basic php variable like the example below: Code: [Select] $query1 = "SELECT * FROM lang_key"; $result = mysql_query($query1); while($row = mysql_fetch_array($result)) { $template = $row['common_text']; } There are three fields in my lang_key table (unique_id, string_id, and common_text') What I want to do is take it a step further from the example and I want $template to be the value of "common_text" Where string_id = "curr_template" I hope this makes sense? I really just want to create my recordset and then populate the website with the recordset info. Part II Do you recommend that I use a lang_key database, or would it be simpler and more efficient to just create a lang page with static variables, and use the php file write option to update the page? Thanks!!! Im not sure where to post this but since it includes php il post it here instead of in the mysql forum. ok so, i have a table and i get the values using while($row = mysql_fetch_array($result)){ and then echo them in rows. that works fine but i need to add a class to the last row of my table. I would need somehow to fetch the last row of the array and make it echo something different. Any help is appreciated Thank you Hello, i created this script for a client and have ran into an annoying error with the results displaying on a new line for each result instead of side by side, any help is welcome Cheers Code: [Select] <?php $subcat = mysql_real_escape_string(strip_tags(htmlspecialchars(protect($_GET['subcat'])))); $cat = mysql_real_escape_string(strip_tags(htmlspecialchars(protect($_GET['cat'])))); $sql = @mysql_query("SELECT * FROM cakes WHERE category =\"$cat\" AND sub_cat=\"$subcat\" ORDER BY id DESC"); while ($row = mysql_fetch_array($sql)) { $reference = $row['reference']; $image = $row['image']; echo ("<p><img src='./images/cakes/$image' height='289px' width='177px' alt='IMAGE OF CAKE'></img><br />"); echo ("<b>Reference:</b>$reference"."</p>"); } if (!$reference) { echo 'There are no cakes in this category yet.'; } ?> I know the errors only going to be something small i'm missing, but i've been coding all day hello I'm using this code: Code: [Select] $query="SELECT * FROM `second_content` WHERE CHANGED =0 limit 0,1";to query first row data when I want see it and echo it I recived : Code: [Select] Resource id #2can anyone help me ? thank you Hi, I don't know anything about php and Mysql but I found a tutorial for a shopping cart and everything is working. The only thing is they don't have the email part in the totorial so I'm kind of stuck with my file. Anyone know how to email the resul to me via email with this code? <? include("includes/db.php"); include("includes/functions.php"); if($_REQUEST['command']=='update'){ $name=$_REQUEST['name']; $email=$_REQUEST['email']; $address=$_REQUEST['address']; $phone=$_REQUEST['phone']; $result=mysql_query("insert into customers values('','$name','$email','$address','$phone')"); $customerid=mysql_insert_id(); $date=date('Y-m-d'); $result=mysql_query("insert into orders values('','$date','$customerid')"); $orderid=mysql_insert_id(); $max=count($_SESSION['cart']); for($i=0;$i<$max;$i++){ $pid=$_SESSION['cart'][$i]['productid']; $q=$_SESSION['cart'][$i]['qty']; $price=get_price($pid); mysql_query("insert into order_detail values ($orderid,$pid,$q,$price)"); } die('Thank You! your order has been placed!'); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Billing Info</title> <script language="javascript"> function validate(){ var f=document.form1; if(f.name.value==''){ alert('Your name is required'); f.name.focus(); return false; } f.command.value='update'; f.submit(); } </script> </head> <body> <form name="form1" onsubmit="return validate()"> <input type="hidden" name="command" /> <div align="center"> <h1 align="center">Billing information</h1> <table border="0" cellpadding="2px"> <tr><td>Total:</td><td><?=get_order_total()?></td></tr> <tr><td>Name :</td><td><input type="text" name="name" /></td></tr> <tr><td>Address :</td><td><input type="text" name="address" /></td></tr> <tr><td>Email :</td><td><input type="text" name="email" /></td></tr> <tr><td>Phone :</td><td><input type="text" name="phone" /></td></tr> <tr><td> </td><td><input type="submit" value="Place Order" /></td></tr> </table> </div> </form> </body> </html> Hi I'm having a problem getting a query to work. I have a simple form with user input for start and end date with format: 2009-03-19 (todays date): $Startdate = $_POST['date']; This works well when something is entered into the form, and afterwards using my query: SELECT COUNT(*) as total FROM mydb WHERE Date BETWEEN '$Startdate' AND '$EndDate' ........ Problem is if user submits the form without entering anything in the date input fields, which makes sense. I want to check if inputs has been made, and if not set af default date, but can't make it work:
if (isset($_POST['date']) && $_POST['date'] !='') {
$Startdate = $_POST['date'];}
else { $Startdate = '1980-01-01';}
How can I set $Startdate to something that can be used in the query as below doesn't work? |
|||||||