[PHP-DB] Re: session variable in select query showing picture from database
Mika Jaaksi wrote: I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated... Where does $band_id come from? If from a form, and you have register_globals set to (sensibly) OFF then you will need to use the $_POST or $_GET array, depending on the METHOD of the form (POST or GET) to retrieve the value of $band_id Echoing $query will give you some useful information. Cheers -- David Robley I hate Chablis, Tom whined. Today is Pungenday, the 43rd day of Chaos in the YOLD 3175. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: session variable in select query showing picture from database
Thanks for the quick responce... to Valentin Nedkov: I have session_start() on another page. Session start gets band_id as a value when user logs in. I've tried to echo session variable on show_pic page and it works. And I belive that I can't set default value for band_id because the picture I want get is depended on who has logged in. to Jason Pruim: when I look at what show_pic shows, it's whole lot of this: ÿØÿà�JFIF��N�N��ÿÀ��âŠ�ÿÛ�„�. When I used plain number or WHERE band_id='{$band_id}' those weird markings(above) were identical. (They were different when not using these '{ }' ) And the code works with plain number so we must be closer to the truth now.. to David Robley: band_id is set to session variable when user logs in... -Mika Jaaksi 2009/2/12 Mika Jaaksi mika.jaa...@gmail.com I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated...
[PHP-DB] Re: session variable in select query showing picture from database
Still fighting with it... So, these work: $query=SELECT * FROM pic_upload; $query=SELECT * FROM pic_upload WHERE band_id=11; picture is shown on the other page but when adding variable into query it doesn't show the picture on the other page $query=SELECT * FROM pic_upload WHERE band_id='{$band_id}'; I'm out of ideas at the moment... ps. forget what I said about the weird markings... 2009/2/12 Mika Jaaksi mika.jaa...@gmail.com I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated...
[PHP-DB] Re: session variable in select query showing picture from database
I tried $query = SELECT * FROM pic_upload WHERE band_id = '.$_SESSION['session_var'].' ; didn't work. And I've tried to echo session variable and it has right data in it. I've also tried band_id=$band_id band_id='$band_id' band_id=$band_id band_id='{$band_id}' band_id={$band_id} Session variable is 11 in this case and the picture is shown when I use ...WHERE band_id=11... but not when I use variable. What could be the difference between plain number (11) and variable (I've echoed it so I know it's 11 too)?
[PHP-DB] Re: session variable in select query showing picture from database
Okay, I added it and got this SELECT * FROM pic_upload WHERE band_id=11 Seems to me that it's the way i should be. For some mystical reason it still doesn't work...
RE: [PHP-DB] Re: session variable in select query showing picture from database
Mika, Put the dollar sign (i.e., $) outside the curly brace. $query=SELECT * FROM pic_upload WHERE band_id='${band_id}'; A- -Original Message- From: Mika Jaaksi [mailto:mika.jaa...@gmail.com] Sent: Thursday, February 12, 2009 12:27 PM To: php-db@lists.php.net Subject: [PHP-DB] Re: session variable in select query showing picture from database Still fighting with it... So, these work: $query=SELECT * FROM pic_upload; $query=SELECT * FROM pic_upload WHERE band_id=11; picture is shown on the other page but when adding variable into query it doesn't show the picture on the other page $query=SELECT * FROM pic_upload WHERE band_id='{$band_id}'; I'm out of ideas at the moment... ps. forget what I said about the weird markings... 2009/2/12 Mika Jaaksi mika.jaa...@gmail.com I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: session variable in select query showing picture from database
Sorry, but this didn't work either $query=SELECT * FROM pic_upload WHERE band_id='${band_id}'; Thanks to everybody who has tried to help...
Re: [PHP-DB] Re: session variable in select query showing picture from database
Don't see session_start() in your script. If you work with SESSION, you must have it on the first lines of the file (before any output and work with $_SESSION so it's good to put it on the first lines). And it must be in every file which works with them (except for included files). It should look like this: ?php session_start(); // open session function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? Mika Jaaksi napsal(a): Still fighting with it... So, these work: $query=SELECT * FROM pic_upload; $query=SELECT * FROM pic_upload WHERE band_id=11; picture is shown on the other page but when adding variable into query it doesn't show the picture on the other page $query=SELECT * FROM pic_upload WHERE band_id='{$band_id}'; I'm out of ideas at the moment... ps. forget what I said about the weird markings... 2009/2/12 Mika Jaaksi mika.jaa...@gmail.com I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated... -- S pozdravem Daniel Tlach Freelance webdeveloper Email: m...@danaketh.com ICQ: 160914875 MSN: danak...@hotmail.com Jabber: danak...@jabbim.cz
[PHP-DB] Re: session variable in select query showing picture from database
$band_id = 11; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; print_r($_SESSION); gives this: Array ( [session_var] = 11 ) and picture is shown on the page And about the session start: I have session start on the index2.php page when user has logged in. Page that should show the picture is in its own div on index2 page...
[PHP-DB] Re: session variable in select query showing picture from database
*Answer to Rick: in your code below it looks like you're simply hard-coding your $band_id value (as 11) -- so of course it's going to work. *Yes, I did that because one of you helpers asked me to try that. I'll try to be clearer on whom I'm answering to...
[PHP-DB] Re: session variable in select query showing picture from database
With these: $band_id = $_SESSION['session_var']; echo band_id: . $band_id; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; echo query: . $query; I get these: band_id: 11 query: SELECT * FROM pic_upload WHERE band_id=11 SQL injections: Are these what I should use? $db = new mysqli(localhost, user, pass, database); $stmt = $db - prepare(SELECT priv FROM testUsers WHERE username=? AND password=?); $stmt - bind_param(ss, $user, $pass); $stmt - execute(); And $title = $_POST['title']; // user input from site $dirtystuff = array(\, \\, /, *, ', =, -, #, ;, , , +, %); // define the cleaner // clean user input (if it finds any of the values above, it will replace it with whatever is in the quotes - in this example, it replaces the value with nothing) $title = str_replace($dirtystuff, , $title); and should I add something like these everywhere where user can input data into database?
Re: [PHP-DB] Re: session variable in select query showing picture from database
On Fri, Feb 13, 2009 at 6:01 PM, Mika Jaaksi mika.jaa...@gmail.com wrote: With these: $band_id = $_SESSION['session_var']; echo band_id: . $band_id; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; echo query: . $query; I get these: band_id: 11 query: SELECT * FROM pic_upload WHERE band_id=11 SQL injections: Are these what I should use? $db = new mysqli(localhost, user, pass, database); $stmt = $db - prepare(SELECT priv FROM testUsers WHERE username=? AND password=?); $stmt - bind_param(ss, $user, $pass); $stmt - execute(); Yes. $title = $_POST['title']; // user input from site $dirtystuff = array(\, \\, /, *, ', =, -, #, ;, , , +, %); // define the cleaner // clean user input (if it finds any of the values above, it will replace it with whatever is in the quotes - in this example, it replaces the value with nothing) No. There's so many ways to get around that (use htmlentity values for example). If you're not using bind params use mysql_real_escape_string(). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Session Problem
snip Forget to tell you, that if I used http://localhost http://localhost/ , the session running well... But if I change with http://hostname http://hostname/ , the session wasn't running... /snip http://localhost and http://hostname/ are 2 COMPLETELY different things and can reflect NOTHING to do with privlidges. However if localhost works and hostname does not and hostname hits back to your machine than you have a problem more likely with your module. I think 5.2 had the issues with directives handling sessions. Update your PHP now, never use an older version. NEVER! You should never use an older version of anything net related in my opinion. Your crazy if you do, your inline to be attacked if so and your also in line to have problems like this that are generally out dated because the newer release normally fixes common errors. It's like contacting Microsoft for help on Windows 98 now, they won't offer any. Same applies here, update all your modules and the problem will more likely be fixed and people will be even more happier to help you. It's hard to help someone if I have installed a different version than you. But can you do an update? Sessions can be so tricky at times, even if you think you have it all right they seem to always give you grief. Goodluck with it. J
[PHP-DB] Re: session
And I've forgot to mention the fact that my session_set_cookie_params (); even if I've supplies a url and a domain, e.g. $_SESSION['username'] = 'abc123'; session_set_cookie_params (time () + 3600, /myurl/, .mydomain.com); And with session_get_cookie_params (); I don't even get any values as for for lifetime, url and host. Regards and thank again. Shahmat Dahlan wrote: In my php.ini I've enabled session.use_cookies=1 Everytime I initialize a session, it create the session storage file in my /tmp At the top my script, I've added session_start (); In my test login function, this was what I did: $_SESSION['username'] = 'abcdef'; session_set_cookie_params (time () + 3600); Whereas, in my logout function: unset ($_SESSION['username']); setcookie ('PHPSESSID', '', time () -1); Everytime I load this page, this is what it does: echo p{$_SESSION['username']}; Everytime load this page a session id is generated, which means, a session file name sess_current session_id is created, and my session variable $_SESSION['username'] get stored in there. Now, everytime I perform a logout, it creates a sess_session id file under /tmp, and when I perform a login again, it creates yet another sess_session id. I'm not exactly sure why does it do this. My intention is actually, to use register a session variable to denote login status, and session_set_cookie_params (); to set the expiry date for the cookie for my session. And every the page loads, to use session_get_cookie_params (); to check whether the cookie has expired, if it has, force for a new login (via redirect or link), if it hasn't expired, display the appropriate authenticated page content. Thanks. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Session confusion
Stuart, I am fairly new to PHP, but it is my understanding that you have to run the session_start() command on every page that you want to be part of the session and to access the session variables. Here is a link of a tutorial about using sessions: http://www.phpfreaks.com/tutorials/41/3.php Look for the word MUST in red and read that paragraph. It should tell you what you need to know. Hope that helps, Aaron Stuart Felenstein [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Back to my multi page form again ;) I am going to try it with Session variables . So, one thing is confusing me. The page requires the user to be logged in and is being tracked via authentication. Do I still need to do a session_start();, at the beginning of the form process ? Stuart -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Session confusion
Okay, I will read the tutorial. I also want to clarify a bit more. I guess it's my intention to not have the form session relying on the auth session, since I want to expire the form session , either at the end of the transaction or if user cancel out on the form. So either the cookie or session dies at that point. Whichever one they are using. Stuart --- Aaron Todd [EMAIL PROTECTED] wrote: Stuart, I am fairly new to PHP, but it is my understanding that you have to run the session_start() command on every page that you want to be part of the session and to access the session variables. Here is a link of a tutorial about using sessions: http://www.phpfreaks.com/tutorials/41/3.php Look for the word MUST in red and read that paragraph. It should tell you what you need to know. Hope that helps, Aaron Stuart Felenstein [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Back to my multi page form again ;) I am going to try it with Session variables . So, one thing is confusing me. The page requires the user to be logged in and is being tracked via authentication. Do I still need to do a session_start();, at the beginning of the form process ? Stuart -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: Session Values Change
Jacob, Here is my solution. At the top, it checks to see if you are passing a new name via a querystring. If not, it checks to see if a name is present in the session yet. If not, it initializes the session to Jacob. It puts the session's value into the variable $view. If you passed a name, it stores the name in the session and has it in the variable $view. Now, $view will have a name that the SQL statement can use. At the bottom, where you choose a name, it simply passes the name selection back to the page via a querystring field. Try the following (notice the changes at the top and the links around the names at the bottom): ?php session_start(); $view = $_GET['view']; if ($view == '') { if (! isset($_SESSION['view'])) { $_SESSION['view'] = Jacob; } $view = $_SESSION['view']; } else { $_SESSION['view'] = $view; } ? #FORMATTING CODE HERE $dbuser='php' ; $dbpass=''; $dbhost='localhost'; $conn = mysql_connect ( $dbhost , $dbuser , $dbpass ); //mysql_select_db ( web ); $sql = 'Select UNIX_TIMESTAMP(date) AS date,title,article from web.blog where user='.$view.' order by date desc LIMIT 10'; $result = mysql_query($sql); //Execute For Future Use: SELECT DATE_FORMAT(date,'%W, %D %M, %Y %l:%i%p') content FROM blog while ( $dataRow = mysql_fetch_row ( $result ) ) { $date=date(F dS Y h:i:s A, $dataRow[0]); echo 'a name='.$date.'/a'; echo ' div class=date'.$date. '/div'; echo ' h3'.$dataRow[1].'/h3'; echo ' p'.$dataRow[2].'/pbr'; #echo $sql ; } mysql_close ( $conn ); #FORMATTING CODE HERE div id=footer p Other Users: br a href=pagename.php?view=JacobJacob Hackamack/a | a href=pagename.php?view=JulieJulie Hackamack/a | a href=pagename.php?view=DavidDavid Hackamack/a/p /div -Original Message- From: Jacob Hackamack [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 10:21 PM To: [EMAIL PROTECTED] Subject: Session Values Change Hello, I am trying to start a blog page where the person selects their person they want to view (bottom of the page) and then it somehow changes the session variable (top of the code) and then accesses the database. I was wondering, what is the correct way to do something like this. I have tried a couple of options (a hrefs) but they didn¹t seem to work and was wondering if anybody had any suggestions. Thank You In Advance Jacob ?php session_start(); if (! isset($_SESSION['view'])) { $_SESSION['view'] = Jacob; } ? #FORMATTING CODE HERE $dbuser='php' ; $dbpass=''; $dbhost='localhost'; $conn = mysql_connect ( $dbhost , $dbuser , $dbpass ); //mysql_select_db ( web ); $sql = 'Select UNIX_TIMESTAMP(date) AS date,title,article from web.blog where user='.$view.' order by date desc LIMIT 10'; $result = mysql_query($sql); //Execute For Future Use: SELECT DATE_FORMAT(date,'%W, %D %M, %Y %l:%i%p') content FROM blog while ( $dataRow = mysql_fetch_row ( $result ) ) { $date=date(F dS Y h:i:s A, $dataRow[0]); echo 'a name='.$date.'/a'; echo ' div class=date'.$date. '/div'; echo ' h3'.$dataRow[1].'/h3'; echo ' p'.$dataRow[2].'/pbr'; #echo $sql ; } mysql_close ( $conn ); #FORMATTING CODE HERE div id=footer p Other Users: br Jacob Hackamack | Julie Hackamack | David Hackamack/p /div -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Session
Hi, Regarding the recent thread on sessions. If you want cookies to expire after the user leaves the sie or closes the browser do not leave the expiry date emty. 9 times out of 10 the cookie will remain. All you need to do is set a date that has passed. Like 1st Jan 2000. Most set it way back to 1980 because some people reset their dates and what not for Program hijacking etc. So 1980 is a good limit. You can use any date passed and it will expire, any future date it won't expire until the date has been reached/passed. Regarding using $ variables. I have seen on some servers you can easily use $the vairable but some servers don't like the user of $ . I have never seen an explaination to why this occours, so thought I'd mention it. If the session is unset 9 out of 10 times the $ may be a problem on your server and you will need to look at alternative methods. J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: session variables when accessing the same page
Figured it out. I was trying to use the same associative array under the form tag as I was trying to save under the session. Using two different variable constructs worked. Andy Cantrell wrote: Working with storing and reusing session variables. If I use t1.php to generate a form, and the form calls t2.php, the session vars are available. If upgrade t1.php to recognize if it is the first time it has been called versus the second time e.g. if (isset($some_session_var)) { generate_second_page(); } else { # set $some_sesson_var in the function # and use session_register() for that var. # I have verified that I'm using global $some_session_var # under here as well as generate_second_page(). generate_initial_page(); }; Under this scenario, I'm unable to find any session vars. That is, $some_session_var is never set the second time I call t1.php. If I change the form tag to call t2.php that has the code for 'generate_second_page()' than all seems to work ok. Am I missing something? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: Session help...
Thanks for the responses. I ended up resolving this by fixing the form destination. I had hard coded a location in there, and did not realize this. Once I replaced this with the PHP variable everything magically started to work. My bad on that. Thanks again for the feedback though. -Original Message- From: Ow Mun Heng [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 11:13 PM To: NIPP, SCOTT V (SBCSI); [EMAIL PROTECTED] Subject: RE: Session help... As mentioned previously in this list, $_SESSION and session_register, session_is_register, is not compatible with each other. Anyway, I used your idea as inspiration for my own code.. My code works.. Try to change From: if (!session_is_registered(valid_user)) { To: if ($_SESSION['valid_user']){ //your code } Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -Original Message- From: NIPP, SCOTT V (SBCSI) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 9:19 PM To: [EMAIL PROTECTED] Subject: Session help... Sorry for the slightly off-topic post... I have a couple pages that use a login page. If the user tries to bring up one of these pages without being logged in, then the pages redirects him to the login page. After successful login, the user is directed back to the page they were attempting to originally load. For some reason, this is not working and I have been looking at this off and on for two days now without much luck. The first section of code is the snippet that directs users to the login page, and the second snippet is the code from the login page that sends users back. First code snippet... session_start(); if ($sbcuid $passwd) { mysql_select_db($database, $Prod); $query = select * from contacts_sa . where sbcuid='$sbcuid' and passwd='$passwd'; $result = mysql_query($query, $Prod) or die(mysql_error()); # $data = mysql_fetch_assoc($result); $test = mysql_num_rows($result); if (mysql_num_rows($result) 0 ) { $valid_user = $sbcuid; $_SESSION['valid_user'] = $sbcuid; } } if (!session_is_registered(valid_user)) { $return_url = $_SERVER['PHP_SELF']; $_SESSION['return_url'] = $return_url; header('Location: http://ldsa.sbcld.sbc.com/DW/sa_login.php'); exit(); } else { $sbcuid = $valid_user; } End of first snippet... Second code snippet... session_start(); if ($sbcuid $passwd) { if (isset($_SESSION['return_url'])) { $link = $_SESSION['return_url']; } else { $link = 'oncall_log.php'; } mysql_select_db($database, $Prod); $query = select * from contacts_sa . where sbcuid='$sbcuid' and passwd='$passwd'; $result = mysql_query($query, $Prod) or die(mysql_error()); # $data = mysql_fetch_assoc($result); $test = mysql_num_rows($result); if (mysql_num_rows($result) 0 ) { $valid_user = $sbcuid; # session_register(valid_user); $_SESSION['valid_user'] = $sbcuid; header(Location: http://.$_SERVER['HTTP_HOST'].$link); } } End of second snippet... Thanks in advance for any help. Scott Nipp Phone: (214) 858-1289 E-mail: [EMAIL PROTECTED] Web: http:\\ldsa.sbcld.sbc.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: Session help...
As mentioned previously in this list, $_SESSION and session_register, session_is_register, is not compatible with each other. Anyway, I used your idea as inspiration for my own code.. My code works.. Try to change From: if (!session_is_registered(valid_user)) { To: if ($_SESSION['valid_user']){ //your code } Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -Original Message- From: NIPP, SCOTT V (SBCSI) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 9:19 PM To: [EMAIL PROTECTED] Subject: Session help... Sorry for the slightly off-topic post... I have a couple pages that use a login page. If the user tries to bring up one of these pages without being logged in, then the pages redirects him to the login page. After successful login, the user is directed back to the page they were attempting to originally load. For some reason, this is not working and I have been looking at this off and on for two days now without much luck. The first section of code is the snippet that directs users to the login page, and the second snippet is the code from the login page that sends users back. First code snippet... session_start(); if ($sbcuid $passwd) { mysql_select_db($database, $Prod); $query = select * from contacts_sa . where sbcuid='$sbcuid' and passwd='$passwd'; $result = mysql_query($query, $Prod) or die(mysql_error()); # $data = mysql_fetch_assoc($result); $test = mysql_num_rows($result); if (mysql_num_rows($result) 0 ) { $valid_user = $sbcuid; $_SESSION['valid_user'] = $sbcuid; } } if (!session_is_registered(valid_user)) { $return_url = $_SERVER['PHP_SELF']; $_SESSION['return_url'] = $return_url; header('Location: http://ldsa.sbcld.sbc.com/DW/sa_login.php'); exit(); } else { $sbcuid = $valid_user; } End of first snippet... Second code snippet... session_start(); if ($sbcuid $passwd) { if (isset($_SESSION['return_url'])) { $link = $_SESSION['return_url']; } else { $link = 'oncall_log.php'; } mysql_select_db($database, $Prod); $query = select * from contacts_sa . where sbcuid='$sbcuid' and passwd='$passwd'; $result = mysql_query($query, $Prod) or die(mysql_error()); # $data = mysql_fetch_assoc($result); $test = mysql_num_rows($result); if (mysql_num_rows($result) 0 ) { $valid_user = $sbcuid; # session_register(valid_user); $_SESSION['valid_user'] = $sbcuid; header(Location: http://.$_SERVER['HTTP_HOST'].$link); } } End of second snippet... Thanks in advance for any help. Scott Nipp Phone: (214) 858-1289 E-mail: [EMAIL PROTECTED] Web: http:\\ldsa.sbcld.sbc.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Session on PHP with MySQL
Dear Bayu, Sunday, January 12, 2003, 10:27:50 AM, you wrote: BS it seem to me you didn't use session at all, BS so where is the session problem? yup now I use seesion,here my script [hope you ca help me] ? include common.php; include setup.php; global $user_name, $user_pass; banner(); function auth($user_name, $user_pass) { $sql = select user_name from iduser where user_name='$user_name' and ; $sql = $sql . user_pass = '$user_pass' ; if (! $tampil = mysql_query($sql,$dbh)) { echo mysql_error(); return 0; } $result = mysql_query($sql); if ( mysql_num_rows($result)==0) { echo font face=verdana size=2User ID atau Password yang anda masukkan tidak benar /font; } else { echo centerfont face=verdana size=2 Welcome strong$user_name/strong /font/centerbr; } } function login_form() { global $PHP_SELF; ? html head titleLogin Page/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 /head body background=./image/bg.gif form method=post action=?echo $PHP_SELF;? table width=30% align=center border=0 tr td height=40 colspan=2div align=center font size=4 face=VerdanastrongLogin Requiredbr /strong/font/div/td/tr tr td width=34%font size=2 face=VerdanaNama/font/td td width=66%input name=user_name type=text id=user_name/td /tr tr tdfont size=2 face=VerdanaPassword/font/td tdinput name=user_pass type=password id=user_pass/td /tr tr td colspan=2div align=center input type=submit name=Submit value=Login input type=reset name=Reset value=Clear /div/td/tr /table /form centerfont size=2 face=verdanaHave No LoginID please a HREF=./registrasi.phpRegister/font/a/centerbr /body /html ? } session_start(); if (!isset($user_name)) { login_form(); exit; } else { session_register(user_name,user_pass); $name = auth($user_name,$user_pass); if (!$name) { echo Wrong Authentication, pls relogin; exit; } else echo welcome my $user_name; } footer(); ? BS it's very helping if you send us the error message, for error mesage i just tell to user whit this script session_register(user_name,user_pass); $name = auth($user_name,$user_pass); if (!$name) { echo Wrong Authentication, pls relogin; exit; } BS is it from the mysql,php,or something else? I use php+mysql, thanks for yr support -- Warm regards, Afif mailto:[EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Session data not being deleted on browser close.
Don't cross post such question... All you need to understand is how cookie is managed unless you are passing session id via URL. Read RFC2965 and RFC2964. You probably want to read netscape cookie spec also. -- Yasuo Ohgaki Youngie wrote: Why would my session data not be deleted after my browser is closed? I can set some session variables, close my browser, reopen them and the old values are still present, I can verify this by seeing that the file still containts my session data and values. Thanks John. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Session Problem, Please Help.....
Hayan AL Mamoun wrote: try this logon.phtml: ? session_start(); $CLIENTID=SOMEVALUE; session_register(CLIENTID); header(Location: clients/editclient.phtml); ? -- clients/editclient.phtml: ? session_start(); echo CLient ID VALUE IS : $CLIENTID; ? the deZayner -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Session management
Hi Danny, you could use a cookie to store the user's username and password once they first successfully login the first time or even better upon signing up to your site. Then, on the login page(or whatever page is displayed prompting a login) you could check for the cookie at the top and redirect them to the appropriate page. If they don't have the cookie, prompt for a login action. Hope this helps, Joe :) Danny Kelly [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I am trying to set up a session management system for my site. Check out my site (under development) http://www.planttel.com/newsite2/home.php I have a user auth system installed already. What I want is when a customer clicks on log in that it will prompt them for a user name and password (which I have established) with a check box that says Remember my password So when the user comes to the site they will already be logged.. Can some one shed some lite on that for me.. A TOTAL NEWBIE!!! -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: session vars between two host servers
Your solution sounds good. That's what I use too. [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Problem: hosts http://www.; and https://secure.; of the same domain need to work with the same browser session_id. This is a login/authenticate/redirect scenario. In this case the session data store is a common MySQL database, so the issues of /tmp sharing, NFS, etc. are set aside. My platform is Apache 1.3.22 and RH Linux 7.1. What PHP v4.1.x method of exchanging the session_id and session_name is most secure, most effective, and generally makes good soup? I've had some success with initial tests in appending '?PHPSESSID=29AE490...' to the URL and link hrefs, but that really seems ugly and unnecessary. hopefully there's a better way!? This question seems to get asked a lot in the archives but there doesn't seem to be a guideline resolution. PLEASE and THANK YOU! RF. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: Session across Multiple Hosts
Hi Hayan Thechnically yes - for instance you could send it as a form hidden input. But I wonder whether there is sense in it. regards Ivo Hayan Al Mamoun [EMAIL PROTECTED] wrote in message 000401c1a8a9$838d4ee0$5e00a8c0@cybernation">news:000401c1a8a9$838d4ee0$5e00a8c0@cybernation... Dear all, I was wondering, can session variables be transfered across multiple hosts, i.e. if I send a request from http://host1/page1.phtml, to http://host2/page1.phtml where I started the session by SessionRegister() or some other way and I gave the variable VAR1 some value, then I went back with header(Location: http://host1/page2.phtml;), does the VAR1 still hold the value? if not, please advice with the way I can do this (transfere database results from one host to another without remote access). Best Regards Hayan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Re: Session across Multiple Hosts
i did something like that once. I passed the session variables using an encrypted query string ( could be using a hidden input, anyway i think it is a good idea to encrypt the value). I didnt like it because of the unnecesary use of a second server, but i'm sure sometimes you just have to go that way hope this helps you, andrés Ivo Stoykov [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Hayan Thechnically yes - for instance you could send it as a form hidden input. But I wonder whether there is sense in it. regards Ivo Hayan Al Mamoun [EMAIL PROTECTED] wrote in message 000401c1a8a9$838d4ee0$5e00a8c0@cybernation">news:000401c1a8a9$838d4ee0$5e00a8c0@cybernation... Dear all, I was wondering, can session variables be transfered across multiple hosts, i.e. if I send a request from http://host1/page1.phtml, to http://host2/page1.phtml where I started the session by SessionRegister() or some other way and I gave the variable VAR1 some value, then I went back with header(Location: http://host1/page2.phtml;), does the VAR1 still hold the value? if not, please advice with the way I can do this (transfere database results from one host to another without remote access). Best Regards Hayan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: Session limitations
There is no limit AFAIK if you are using the default 'files' handling code for sessions, however if you're writing the session data to a database, there will be a limit depending on the type of field you use to store the data; i.e.: mysql text fields can store up to 64K Hayan Al Mamoun [EMAIL PROTECTED] wrote in message news:000401c1a412$ac536e40$5e00a8c0@cybernation... Is there any risk in assigning a very big values to a session variable ( I mean to let one variable have the value of the content of a whole page), and what is the limitation?? Best Regards Hayan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: Session and authentication questions in frames
I realized that I was not doing a page_close(); In the other site, there is a footer that all pages use, that automatically does this for me. I just forgot it. It had nothing to do with frames. Just a dumb thing that I forgot. Tjaybelt [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a successful website with authenticatin and logons. There are sections that I allow anyone to get to, but the others have to be authenticated. This site is not using frames at all. its a page by page, with the unit that does the authentication and sessions being included in each page. I've taken these same units to another site. I altered the pieces neccesary to hit the new sites database and users. This site is using frames. the outer frames are not using the authentication or sessions. However, internal pages do. As I enter a section that needs a logon, it prompts me. Then it goes to the correct page. But the next page it goes too, it wants to get a logon again. These pages are in a row, and they all use the same sessions stuff that the other site uses. I know that they all have to include the same units, so once it needs to logon, it'll prompt that, but it should pass this session info from here to there, and not have to logon again. Its driving me nuts. The only thing I can think of thats different is the frames. I even took the same code from the other site ( the one that does work without frames), and plugged it in. So the session logon was for the other site and other db. It'd prompt me each time too. I am not sure what to do now... help please. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: session
session_start() must be the first line of your script. I hope this help. Leila Its Me [EMAIL PROTECTED] escreveu nas notícias de mensagem:[EMAIL PROTECTED] Cannot send session cache limiter - headers already sent (output started at C:\apache\htdocs\mall\menu.php:9) in C:\apache\htdocs\mall\menu.php on line 10 this message appear when i make session_start() on a page?? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: Session with php and mysql problem!
I'm still at the start of trying to get to grips with PHP so these comments should be treated with a healthy scepticism. Most of the examples I have seen and used involving sessions will start the session at the start of the script. If you want to continue checking on a particular user's name you can then pass a variable using session_register in order to track the user's name during the session. In your example this might involve placing the start_session at the start of the script and then carrying out a separate check to see if the user is a valid user. You can then control the program flow on subsequent sessions by again checking if the user is valid and presenting appropriate messages to them if they are not. Hope this helps, Michael Egan Koutsogiannopoulos Karolos wrote: Hello all... i have the following script which checks a username and pass from a db and if it is correct it starts a session.. The problem is that when i go to next page the session is gone.!! What must i do to start the session and keep it permanent until the uses logs off??? $handle=mysql_connect(localhost,root,s); $db = mysql_select_db(cosmonaut,$handle); $auth=mysql_query(select * from users where user_name='$username' and user_pass='$password',$handle); $match=mysql_num_rows($auth); if ($match 0) { session_start(); $userid = session_id(); echo $userid; include(index.php); } else { echo wrong pass; } __ _ PGP KEY ID: 0xA86600E9 ___ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: Session with php and mysql problem!
session_start(); should do it on the second page Steve Koutsogiannopoulos Karolos [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello all... i have the following script which checks a username and pass from a db and if it is correct it starts a session.. The problem is that when i go to next page the session is gone.!! What must i do to start the session and keep it permanent until the uses logs off??? $handle=mysql_connect(localhost,root,s); $db = mysql_select_db(cosmonaut,$handle); $auth=mysql_query(select * from users where user_name='$username' and user_pass='$password',$handle); $match=mysql_num_rows($auth); if ($match 0) { session_start(); $userid = session_id(); echo $userid; include(index.php); } else { echo wrong pass; } __ _ PGP KEY ID: 0xA86600E9 ___ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]