Jump to content

[SOLVED] PHP sessions

ironman32

By ironman32
in PHP Coding Help

Recommended Posts

ironman32 Member

ironman32

Posted
Posted

I'm trying create a log in system so that when the user logs in their username will appear on the home page to welcome them. I have a form page that submits data to a process.php page. this page echoes out "Thank you '$username' " I want to carry the username over to a page called homepage.

 

insert.php

<?php
session_start();
$_SESSION['username'] = $_POST['username'];
?>

<?php
$con = mysql_connect("localhost","db_name","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("db_name", $con);

$sql="INSERT INTO user (username, email, password)
VALUES
('$_POST[username]','$_POST[email]','$_POST[password]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";
echo "Your username is ". $username . " Your password is" . $password . ".<br />";
echo "Thank you "." $username ";


mysql_close($con)
?>

 

homepage.php

<html>
<body>
<?php
session_start();
$username = $_SESSION['username'];
?>
<?php
echo "Welcome "." $username ";
?>

</body>
</html>

 

This is the current result.

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/work/public_html/workout/homepage.php:3) in /home/work/public_html/workout/homepage.php on line 4
Welcome paul

 

Any help/hints would be appreciated

 

Thanks

Link to comment
https://forums.phpfreaks.com/topic/148967-solved-php-sessions/
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

session_start() needs to be the first thing in the script:

 

<?php
session_start();
$username = $_SESSION['username'];
?>
<html>
<body>
<?php
echo "Welcome "." $username ";
?>

</body>
</html>

 

p.s. - your insert.php script is very vulnerable. you need to run any GET and POST data through mysql_real_escape_string() before inserting to avoid SQL injection:

<?php
session_start();
$_SESSION['username'] = $_POST['username'];
?>

<?php
$con = mysql_connect("localhost","db_name","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("db_name", $con);
$user = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['password']);
$sql="INSERT INTO user (username, email, password)
VALUES
('$user','$email','$pass')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";
echo "Your username is ". $username . " Your password is" . $password . ".<br />";
echo "Thank you "." $username ";

mysql_close($con)
?>

 

also, you should look into encrypting your passwords when you put them in the database

Link to comment
https://forums.phpfreaks.com/topic/148967-solved-php-sessions/#findComment-782186
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.