|
PHP - Make A Session Usable In A Sql Query
Hello all,
I've made this for users login, and now I want the user to only be able to see his info so how can I use the $_SESSION['userid'] to search the database for it's value and echo results? here is my code, I want to use the session value instead of get Code: [Select] <? if (isset($_GET['id'])) { $con = mysql_connect("supremecenter14.co.uk","teko_waw","tmisabro77"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("teko_waw", $con); $result = mysql_query("select * from users where id = '{$_GET['id']}'"); $row = @mysql_fetch_array($result); echo "<table width=98%>"; echo "<tr>"; echo "<td valign=\"top\" width=\"120px\">"; $rowid = $row['id']; echo "<td valign=\"top\">"; echo "<table> <tr> <td valign=\"top\" class=\"searchtitle\"> ".$row['fname']. ' ' .$row['mname']. ' ' .$row['lname']." </td> </tr>"; ?> and here is where they're set Code: [Select] if (isset($_POST['email'])) { $email = mysql_real_escape_string($_POST['email']); $password = mysql_real_escape_string($_POST['password']); //Query $results = mysql_query("SELECT * FROM users WHERE email = $email AND password = $password"); if(!result) { $_SESSION['error'] = '<span style="color: red">Login Failed. Email or Password is Incorrect <br/>'; } else { $row = mysql_fetch_assoc($results); $_SESSION['userid'] = $row['id']; $_SESSION['email'] = $email; $_SESSION['error'] = 'Login Successful<br/>. Welcome,'. $email; } Similar TutorialsJust curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. I'm restarting this under a new subject b/c I learned some things after I initially posted and the subject heading is no longer accurate. What would cause this behavior - when I populate session vars from a MYSQL query, they stick, if I populate them from an MSSQL query, they drop. It doesn't matter if I get to the next page using a header redirect or a form submit. I have two session vars I'm loading from a MYSQL query and they remain, the two loaded from MSSQL disappear. I have confirmed that all four session vars are loading ok initially and I can echo them out to the page, but when the application moves to next page via redirect or form submit, the two vars loaded from MSSQL are empty. Any ideas? Hi, So, I have two sessions. One's for displaying an array. Is there some kind of function to make a session invisible? Because when I display an error for not filling in, the previous words of the array show up behind the error message. Like this: $error = 'Please enter a word.' Output: Please enter a word.word word word So is there a way to make my Session Invisible (not removing any words from array)? $result = mysqli_query($con,"SELECT * FROM $_SESSION['datakey']"; I need help making $_SESSION['code'] match variable $code when executed. They're both accessing rand() but with different results. Code: [Select] <?php function create_user($params) { db_connect_posts(); $code = rand(11111111,99999999); $_SESSION['code'] = $code; $query = sprintf("INSERT INTO users SET users.screen_name = '%s', users.user_email = '%s', users.user_pwd = '%s', users.image = '%s', created_at = NOW(), users.code = $code, users.active = '0'" , mysql_real_escape_string($params['screen_name']), mysql_real_escape_string($params['user_email']), md5($params['user_pwd']), mysql_real_escape_string($params['image']) ); $result = mysql_query($query); if(!$result) { return false; } else { return true; } } ?> I am using the following code in PDO query
$this->query('SELECT * FROM users WHERE id = :id'); // line 11
$this->bind(':id', $_SESSION['users']['id']); // line 12
it is working on local server, but on live server its giving some error or warning (i am not sure) PHP Notice:  Undefined index: users in ... on line 12 but the query is still working correctly. Please guide me what should i do to stop getting this error or warning or notice. Thanks🙂 Hey guys, i always get the error: Warning: Cannot modify header information - headers already sent by (output started at /home/worldw44/public_html/Newsletter/Admin/Admin.php:1) in /home/worldw44/public_html/Newsletter/Admin/Admin.php on line 6 when im tyring to run: <?php if(isset($_SESSION['adminlogin'])) { $run=yes; } else { header( 'Location: http://www.worldwidelighthouses.com/Newsletter/Admin/Log-In.php'); }?> <!DOCTYPE HTML> <html lang="en-GB"> <head> <meta charset="utf-8"> <!--Search Engine Meta Tags--> <meta name="author" content="Worldwide Lighthouses"> <meta name="keywords" content="Lighthouses,Lightships,Trinity House,Fog Signals,Fog Horns,Fresnel"> <meta name="description" content="Worldwide Lighthouses is the number 1 source of information, pictures and videos on the Subject of Lighthouses and Lightships"> <!--Stylesheets/Javascript--> <link rel="stylesheet" href="../../Page-Layout.css" media="screen and (min-width: 481px)"> <link rel="stylesheet" href="../../Mobile-Page-Layout.css" media="only screen and (max-width:480px)"> <!--Mobile Browser Support--> <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;"> <!--IE Support--> <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <link rel="stylesheet" href="../Page-Layout.css"><![endif]--> <meta name="application-name" content="Worldwide Lighthouses"> <meta name="msapplication-starturl" content="http://worldwidelighthouses.com/"> <meta name="msapplication-tooltip" content="Worldwide Lighthouses: Your number one source of Lighthouse Information, Videos and Pictures"> <meta name="msapplication-task" content="name=Lighthouses;action-uri=http://worldwidelighthouses.com/Lighthouses.php;icon-uri=http://worldwidelighthouses.com/IE9/Lighthouses.ico"> <meta name="msapplication-task" content="name=Lightships;action-uri=http://worldwidelighthouses.com/Lightships.php;icon-uri=http://worldwidelighthouses.com/IE9/Lightships.ico"> <meta name="msapplication-task" content="name=Fog Signals;action-uri=http://worldwidelighthouses.com/Fog-Signals.php;icon-uri=http://worldwidelighthouses.com/IE9/Fog-Signals.ico"> <meta name="msapplication-task" content="name=Glossary;action-uri=http://worldwidelighthouses.com/Glossary.php;icon-uri=http://worldwidelighthouses.com/IE9/Glossary.ico"> <title>Mailing List Administration | Worldwide Lighthouses</title> </head> <body> <header> <h1 id="WWLH">Worldwide Lighthouses</h1> <form method="get" action="http://www.worldwidelighthouses.com/Search/search.php" id="Search-Box"> <input type="search" placeholder="Search Worldwide Lighthouses" name="query" id="query" size="30" value="" autocomplete="off"> <input type="submit" value="Search"> <input type="hidden" name="search" value="1"> </form> </header> <nav> <ul id="Nav"> <li class="MenuButton" id="Index"><a href="../Index.php"><p class="Nav">Home</p></a></li> <li class="MenuButton" id="Lighthouses"><a href="../Lighthouses.php"><p class="Nav">Lighthouses</p></a></li> <li class="MenuButton" id="Lightships"><a href="../Lightships.php"><p class="Nav">Lightships</p></a></li> <li class="MenuButton" id="FogSignals"><a href="../Fog-Signals.php"><p class="Nav">Fog Signals</p></a></li> <li class="MenuButton" id="Daymarks"><a href="../Daymarks.php"><p class="Nav">Daymarks</p></a></li> <li class="MenuButton" id="Buoys"><a href="../Buoys.php"><p class="Nav">Buoys</p></a></li> <li id="MenuButtonLast"><a href="../Glossary.php"><p class="Nav">Glossary</p></a></li> </ul> </nav> <article> <h1 class="Title">Contact Admin Centre</h1> <div class="Textbox"> <div id="Social"> <a href="http://twitter.com/share" class="twitter-share-button" data-count="horizontal" data-via="WWlighthouses">Tweet</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script> <object id="Facebook" data="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fworldwidelighthouses.com/&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21"></object> </div> </div> </article> <footer> <ul> <li><a href="../About.php">About</a></li> <li><a href="../Contact-us.php">Contact</a></li> <li><a href="../Use-Our-Media.php">Use our media</a></li> <li><a href="../Search/search.php">Search</a></li> <li><a href="../Social-Networking.php">Social</a></li> <li><a href="#Top">Back to top</a></li> </ul> <br> <br> &#169; Worldwide Lighthouses <?php echo date("Y"); ?> </footer> </body> Cany anyone offer some suggestions as to why? Note i have no ability to change phpconfig. Login.php Code: [Select] <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $username = $_POST['username']; $password = $_POST['pass']; if (isset($_POST["submit"])) { $log = "SELECT * FROM regis WHERE username = '$username'"; $login = mysql_query($log); $row = mysql_fetch_array($login); $number = mysql_num_rows($login); if ($number > 0) { $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; if($_SESSION['userlevel']==1) { $_SESSION['is_logged_in'] == 1; header("Location: form2.php"); } else if($_SESSION['userlevel']== 0) { $_SESSION['is_logged_in'] == 1; header("Location: registration.php"); } } Registration.php Code: [Select] <?php echo 'Welcome:' .$_SESSION['is_logged_in'];?> form2.php Code: [Select] <?php session_start(); if (empty($_SESSION['is_logged_in'])) { header("Location:chatframe.php"); die(); // just to make sure no scripts execute } ?> <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $a=$_SESSION['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$a','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> In this registration.php when im called back its appear nothing im means the number is not showing and the login code even im had also put the "$_SESSION['is_logged_in'] == 1;" outside if else userlevel statement and then i put $d= $_SESSION['is_logged_in'] == 1; and im echoing back but it is nothing im thinks something wrong in session is login and also still it cannot redirect to admin -form2.php when session is login in is 1 I want to select 20 sites randomly. But when I generate a random number and use it in my query to extract the site information. But if an ID doesn't exist with that random number, it doesn't display information. How can this be fixed? $amount_get = mysql_query("SELECT id FROM users"); $random = rand(0,mysql_num_rows($amount_get)); for($amount = $random; $amount > 30; $amount = $random) { $query = mysql_query("SELECT site_url,username,id FROM users WHERE id='$amount' LIMIT 150"); $data_grab = mysql_fetch_assoc($query); echo $data_grab['site_url']."<input type='submit'>"; } Ok, so this seems kinda vague, cus normally thats what you do, however I am talking about a differnt kinds of output from a query... Here is what i am a talking about: My Query Code: $query = "SELECT * FROM settings WHERE storeid='store350' "; $which = $handle_db2; $result = mysql_query($query,$which); $num = mysql_num_rows ($result); $id = mysql_result($result,$i,"id"); $storeid = mysql_result($result,$i,"storeid"); $tinypass = mysql_result($result,$i,"tinypass"); $taxsetting = mysql_result($result,$i,"taxsetting"); $gst = mysql_result($result,$i,"gst"); $pst = mysql_result($result,$i,"pst"); $hst = mysql_result($result,$i,"hst"); $canpar = mysql_result($result,$i,"canpar"); $cp_fuelcharge = mysql_result($result,$i,"cp_fuelcharge"); $cp_markup = mysql_result($result,$i,"cp_markup"); $fedex = mysql_result($result,$i,"fedex"); $fe_fuelcharge = mysql_result($result,$i,"fe_fuelcharge"); $fe_markup = mysql_result($result,$i,"fe_markup"); $dhl = mysql_result($result,$i,"dhl"); $dh_fuelcharge = mysql_result($result,$i,"dh_fuelcharge"); $dh_markup = mysql_result($result,$i,"dh_markup"); $tnt = mysql_result($result,$i,"tnt"); $tn_fuelcharge = mysql_result($result,$i,"tn_fuelcharge"); $tn_markup = mysql_result($result,$i,"tn_markup"); As you can see, my variables are the same as my table column names... now if this "project" goes thorugh I could have hundreds of columns, I would hate to have to define each one making my file even larger. Is there a way to make it dynamically create the variables via an array or something Theoriticaly something like this: $query = "SELECT * FROM settings WHERE storeid='store350' "; $which = $handle_db2; $result = mysql_query($query,$which); $num = mysql_num_rows ($result); (While loop here) $Table_name_var = mysql_result($result,$i,"table_name"); (end while loop) Possible? If I have a db with these fields: displayname, title and I run a successful query on the db, will this code: if (mysql_num_rows($results) == 0) { return "!fail"; } else { while ($row = mysql_fetch_assoc($results)) { extract($row); } return $row; } create an associative array of $var = array(array('displayname' => value, 'title' => value), array('displayname' => value, 'title' => value)...) If not, is there a way to do so, especially when I will not know the names or number of fields in a db table? Is there a cleaner way to do this? $query = "SELECT branches.Language FROM eua_users, branches WHERE eua_users.AssignedBranch = branches.country" ; include("dbconnectlocal.php") ; $result = mysql_query($query) ; $row = mysql_fetch_object($result) ; $usrlang = $row->Language ; $query = "SELECT UserName, Email FROM eua_users WHERE UserName = '$user'" ; include("dbconnectlocal.php") ; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_object($result) ; $branchmail = $row->Email ; $query = "SELECT $usrlang FROM autoreplies WHERE ReplyID = '0'" ; include("dbconnectlocal.php") ; $result = mysql_query($query) or die(mysql_error()) ; $row = mysql_fetch_object($result) ; $message = $row->$usrlang ; $query = "SELECT $usrlang FROM autoreplies WHERE ReplyID = '1'" ; include("dbconnectlocal.php") ; $result = mysql_query($query) or die(mysql_error()) ; $row = mysql_fetch_object($result) ; $url = $row->$usrlang ; $query = "SELECT $usrlang FROM autoreplies WHERE ReplyID = '2'" ; include("dbconnectlocal.php") ; $result = mysql_query($query) or die(mysql_error()) ; $row = mysql_fetch_object($result) ; $subject = $row->$usrlang ; Hi, I have a regular MySQL query that displays it's results to the screen in a browser as an HTML table, all nice and fruity. The managers who use this function like to send out the results to staff, currently they simply take a screen shot and paste it into an email to send out to everyone - quite an overhead on the email system, company network, not to mention the time taken to do the screen shot and paste it into an email in the first place. It would be good if I could include a standard HTML form button (preferably) or link on the results page to shove the displayed results to Outlook as an email, that contains the table all ready for the manager to add in what ever they want to the email and then send (usually to 'all@mysite.com' but it would be useful if they could change or add to this as they see fit). This is kind of what happens with a normal mailto HTML tag, except I want it to contain the MySQL query result too. This is the existing table output routine (something I inherited): Code: [Select] /* Output data into a HTMl table */ echo "<p>"; echo "<table align=center width=800 border=\"1\">"; echo "<tr>"; echo "<td BGCOLOR=\"#ffcc00\"><strong>Agent name</strong></td> <td BGCOLOR=\"#ffcc00\"><strong>Number of calls made / handled</strong></td> <td BGCOLOR=\"#ffcc00\"><strong>Average call minutes</strong></td> <td BGCOLOR=\"#ffcc00\"><strong>Total mins (inc hours + secs rounded)</strong></td> </tr>"; while($row = mysql_fetch_row($numresults)) { echo "<tr>"; for($i=0; $i < mysql_num_fields($numresults); $i++) { echo "<td align=center width=443>$row[$i]</td>"; } echo "</tr>\n"; } echo "</table></p>"; I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. Here is my code: // Start MySQL Query for Records $query = "SELECT codes_update_no_join_1b" . "SET orig_code_1 = new_code_1, orig_code_2 = new_code_2" . "WHERE concat(orig_code_1, orig_code_2) = concat(old_code_1, old_code_2)"; $results = mysql_query($query) or die(mysql_error()); // End MySQL Query for Records This query runs perfectly fine when run direct as SQL in phpMyAdmin, but throws this error when running in my script??? Why is this??? Code: [Select] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= new_code_1, orig_code_2 = new_code_2WHERE concat(orig_code_1, orig_c' at line 1 |
|||||||