Jump to content

how to set a session var after extracting info from DB via SQL

webguync

By webguync
in PHP Coding Help

 Share

Recommended Posts

webguync Advanced Member

webguync

Posted
Posted

I am trying to store a session variable just from a SQL query, but it's not holding. I am probably doing it wrong. I am not getting the info from any kind of form input so the info is only coming from the Query.

 

My Query code is:

 

$sql = "SELECT username,password,candidate_name
           FROM   Candidates
           WHERE
           password = '$password'
           AND
           username='$username'";

 

 

then further down the page I have...

$_SESSION['candidate_name'] = $sql->candidate_name;

 

and then on a different page I have at the top...

 

session_start();

 

and further down

You are now logged in <span class='red'>" . $_SESSION['candidate_name'] . "</span>

 

nothin for candidate_name

 

BTW candidate name is a field in the MySQL table.

Link to comment
Share on other sites
JAY6390 Newbie

JAY6390

Posted
Posted

Could be a number of things

Have you put session_start() at the top of the file that's setting the session?

What method are you using to extract the row data from mysql?

Have you checked that the query isn't returning errors?

Link to comment
Share on other sites
webguync Advanced Member

webguync

Posted
  • Author
Posted

ok, here is the PHP login script I am using to process the info and set the SESSION var for candidate_name. The SQL seems to be working, and I have started a session at the top.

 

<?php
session_start();
$db_user = "user";
$db_pass = "pass";
$db = "DBName";

mysql_connect('localhost',$db_user,$db_pass);
mysql_select_db($db);

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));

$sql = "SELECT username,password,candidate_name
           FROM   Candidates
           WHERE
           password = '$password'
           AND
           username='$username'";
$dat = time() + 3600;
	   
$sql_update ="UPDATE Candidates
          SET login_timestamp = DATE_ADD(NOW(), INTERVAL 2 HOUR)
          WHERE username = '$username'
          AND password = '$password'"; 

$query = mysql_query($sql);
$num_rows = mysql_num_rows($query);

     


$query = mysql_query($sql) or die("Query Failed: $sql - " . mysql_error());

if ($num_rows == '1')
{
$_SESSION['candidate_name'] = $sql->candidate_name;
$_SESSION['username'] = $username;
$_SESSION['sid'] = session_id(); 
// Make it more secure by storing the user's IP address.
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];

echo '1';
} else
{
echo '0';
}

?>

Link to comment
Share on other sites
JAY6390 Newbie

JAY6390

Posted
Posted

Wow, OK well you need to query the database once, yet you have

$query = mysql_query($sql)

running twice for some reason

You also don't have any line that fetches the rows of data from the query

Finally you are trying to use the $sql string as an object. The $sql won't magically change into the query results

I suggest you take a good read through a tutorial on this to grasp it a little easier

 

http://www.w3schools.com/php/php_mysql_intro.asp is a good source for learning this

Link to comment
Share on other sites
webguync Advanced Member

webguync

Posted
  • Author
Posted

thanks for the replies to this point.

 

My code now looks like this, but I still am not getting the candidate_name variable to display on the next page.

<?php
session_start();
$db_user = "user";
$db_pass = "pass";
$db = "DB_Name";

mysql_connect('localhost',$db_user,$db_pass);
mysql_select_db($db);

$username = mysql_real_escape_string($_POST['username']);
$password =(md5($_POST['password']));

$sql = "SELECT username,password,candidate_name
           FROM   Candidates
           WHERE
           password = '$password'
           AND
           username='$username'";
$dat = time() + 3600;
	   
$sql_update ="UPDATE Candidates
          SET login_timestamp = DATE_ADD(NOW(), INTERVAL 2 HOUR)
          WHERE username = '$username'
          AND password = '$password'"; 


$query = mysql_query($sql) or die("Query Failed: $sql - " . mysql_error());
$num_rows = mysql_num_rows($query);
$row = mysql_fetch_array($query) or die(mysql_error());


if ($num_rows == '1')
{
$_SESSION['candidate_name'] = $row->candidate_name;
$_SESSION['username'] = $username;
$_SESSION['sid'] = session_id(); 
// Make it more secure by storing the user's IP address.
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];



echo '1';
} else
{
echo '0';
}

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.