CODEWITHSUNDEEP
phpsessionauthenticationpdo
Byakugan
Byakugan

Reputation: 981

How to use sessions in PDO?

I am still redoing and getting rid of old mysql_* commands in my code. I tried to transfer my session login form old code and this is what I got so far:

  public function login($user, $password)
  {
    if (!empty($user) && !empty($password))
    {    
      $password = $web->doHash($user, $password); // in this function is (return sha1(strtoupper($user).':'.strtoupper($password))
      $stmt = $db_login->prepare("SELECT * FROM account WHERE username=:user AND pass_hash=:password");
      $stmt->bindValue(':user', $user, PDO::PARAM_STR);
      $stmt->bindValue(':password', $password, PDO::PARAM_STR);
      $stmt->execute();
      $rows = $stmt->rowCount();

      if ($rows > 0)      
      {    
        $results_login = $stmt->fetch(PDO::FETCH_ASSOC);
        $_SESSION['user_name'] = $results_login['username'];
        $_SESSION['user_id'] = $results_login['id'];  
        return true;
      }
      else
      {
        return false;
      }
    }
    else
    {
      return false;
    }
  }

After that I am using checks if user logged on site:

  public function isLogged()
  {
    return (!empty($_SESSION['user_id']) && !empty($_SESSION['user_name']));
  }

But it seems - this function returns always empty because $_SESSION does not exists in PDO? And of course logout is used in this form on my sites:

  public function logout()
  { 
      unset($_SESSION['user_id']);
      unset($_SESSION['user_name']);       
  }

But I think PDO has different way of handling session? I did not find any so what is it can i somehow add $_SESSION in PDO withou changing code much?

I am using variables $_SESSION['user_name'] and $_SESSION['user_id'] in all over my web project.

Summary:

1) How to use sessions in PDO correctly?

2) What is difference between using $stmt->fetch(PDO::FETCH_ASSOC); and $stmt->fetchAll();

Thank you.

Upvotes: 2

Views: 14541

Answers (3)

Haroon
Haroon

Reputation: 1155

Answers:

1) Ensure session_start() is called at the start of all pages that use Sessions

2) Ensure that data is being returned from your query

Further information

PDO::FETCH_ASSOC retrieves the data indexed by column name. i.e. an associative array.

In my opinion it is always better to use the PDO::FETCH_ASSOC because it is quite clear what data is being fetched & processed.

You can also use this code to fetch all the rows in the associative array format if you choosefetchAll(PDO::FETCH_ASSOC)

For more information regarding the FetchAll PDO function have a look here

Upvotes: 1

Madara's Ghost
Madara's Ghost

Reputation: 174977

The answers are as follows:

  1. Call session_start() at the top of every page you are using sessions.
  2. The difference is that $stmt->fetch() will fetch one row, and fetchAll() will fetch the entire resultset.

Upvotes: 3

romainberger
romainberger

Reputation: 4558

PDOStatement::rowCount() does not work mysql, So $rows won't return anything. Plus, PDO has nothing to do with session, it's an extension to deal with databases.

If you want to count the number of result you can do 

$stmt->execute();
$results = $stmt->fetchAll();
$results = count($results);

Upvotes: 2

Related Questions