webguync Posted May 18, 2010 Share Posted May 18, 2010 I am trying to store a session variable just from a SQL query, but it's not holding. I am probably doing it wrong. I am not getting the info from any kind of form input so the info is only coming from the Query. My Query code is: $sql = "SELECT username,password,candidate_name FROM Candidates WHERE password = '$password' AND username='$username'"; then further down the page I have... $_SESSION['candidate_name'] = $sql->candidate_name; and then on a different page I have at the top... session_start(); and further down You are now logged in <span class='red'>" . $_SESSION['candidate_name'] . "</span> nothin for candidate_name BTW candidate name is a field in the MySQL table. Quote Link to comment Share on other sites More sharing options...
JAY6390 Posted May 18, 2010 Share Posted May 18, 2010 Could be a number of things Have you put session_start() at the top of the file that's setting the session? What method are you using to extract the row data from mysql? Have you checked that the query isn't returning errors? Quote Link to comment Share on other sites More sharing options...
webguync Posted May 18, 2010 Author Share Posted May 18, 2010 ok, here is the PHP login script I am using to process the info and set the SESSION var for candidate_name. The SQL seems to be working, and I have started a session at the top. <?php session_start(); $db_user = "user"; $db_pass = "pass"; $db = "DBName"; mysql_connect('localhost',$db_user,$db_pass); mysql_select_db($db); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string(md5($_POST['password'])); $sql = "SELECT username,password,candidate_name FROM Candidates WHERE password = '$password' AND username='$username'"; $dat = time() + 3600; $sql_update ="UPDATE Candidates SET login_timestamp = DATE_ADD(NOW(), INTERVAL 2 HOUR) WHERE username = '$username' AND password = '$password'"; $query = mysql_query($sql); $num_rows = mysql_num_rows($query); $query = mysql_query($sql) or die("Query Failed: $sql - " . mysql_error()); if ($num_rows == '1') { $_SESSION['candidate_name'] = $sql->candidate_name; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; echo '1'; } else { echo '0'; } ?> Quote Link to comment Share on other sites More sharing options...
JAY6390 Posted May 18, 2010 Share Posted May 18, 2010 Wow, OK well you need to query the database once, yet you have $query = mysql_query($sql) running twice for some reason You also don't have any line that fetches the rows of data from the query Finally you are trying to use the $sql string as an object. The $sql won't magically change into the query results I suggest you take a good read through a tutorial on this to grasp it a little easier http://www.w3schools.com/php/php_mysql_intro.asp is a good source for learning this Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted May 18, 2010 Share Posted May 18, 2010 Furthermore, you do not need to use mysql_real_escape_string() on an already hashed variable ($password). Quote Link to comment Share on other sites More sharing options...
webguync Posted May 18, 2010 Author Share Posted May 18, 2010 thanks for the replies to this point. My code now looks like this, but I still am not getting the candidate_name variable to display on the next page. <?php session_start(); $db_user = "user"; $db_pass = "pass"; $db = "DB_Name"; mysql_connect('localhost',$db_user,$db_pass); mysql_select_db($db); $username = mysql_real_escape_string($_POST['username']); $password =(md5($_POST['password'])); $sql = "SELECT username,password,candidate_name FROM Candidates WHERE password = '$password' AND username='$username'"; $dat = time() + 3600; $sql_update ="UPDATE Candidates SET login_timestamp = DATE_ADD(NOW(), INTERVAL 2 HOUR) WHERE username = '$username' AND password = '$password'"; $query = mysql_query($sql) or die("Query Failed: $sql - " . mysql_error()); $num_rows = mysql_num_rows($query); $row = mysql_fetch_array($query) or die(mysql_error()); if ($num_rows == '1') { $_SESSION['candidate_name'] = $row->candidate_name; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; echo '1'; } else { echo '0'; } ?> Quote Link to comment Share on other sites More sharing options...
JAY6390 Posted May 18, 2010 Share Posted May 18, 2010 Very close, you need to change ONE of the following Either change mysql_fetch_array to mysql_fetch_object OR change $row->candidate_name to $row['candidate_name'] Quote Link to comment Share on other sites More sharing options...
webguync Posted May 18, 2010 Author Share Posted May 18, 2010 ok, thanks for all the help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.