Jump to content


php session help

  • Please log in to reply
1 reply to this topic

#1 puja

  • Members
  • PipPipPip
  • Advanced Member
  • 39 posts

Posted 18 April 2006 - 02:02 PM

hi im trying to get the sessions working for my login page
the code doesnt give me any error messages but it doesnt seem to restrict any access either
this is wot i have so far:


$query = ("select * from customers
where user_name='" . $_SESSION['user_name'] . "' and password='" . $_SESSION['password'] . "'");

$result = @mysql_query($query, $connection) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);

if ($_SESSION['user_name'] == $row['user_name'] AND $_SESSION['password'] == $row['password']){

this then leads to the either successful or unsuccessful login page
hope somebody can help

#2 wisewood

  • Members
  • PipPipPip
  • Advanced Member
  • 226 posts
  • LocationRotherham, England

Posted 18 April 2006 - 02:13 PM

What you need to do, is use the POST[username] and POST[password] variables in your query to the database. If the database finds a result for that username and password combination, THEN set the session variable with the username.


$query = "SELECT * FROM users WHERE username='$_POST[username]' AND password='$_POST[password]'";
$result = mysql_query($query);

if($result=="1") { $_SESSION[username]=$_POST[username]; echo "Hello $_SESSION[username], you're logged in"; }
else { echo "Thou art imposter!"; }

Once the session variable is set, you can then use that as your security measure... each page that you want protected should have something like this

<?php session_start();

if(!isset($_SESSION[username])) { echo "go away"; } else { 

// Your content here.


Send me a PM if you want any further help & I'll send you the code for the login procedure i use.
wisewood: proven fact, I am both wise, and wooden.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users