Reputation: 33
Place MYSQL data into session variable to pass to next page
I'm new to the world of PHP and have been researching things for days but appear to be stuck.
Im attempting to setup a small website to act as a customer account area with a MySQL database at the backend.
I have a webpage with a login form where a user enters their username and password. There is a php script that checks the SQL database to see if there is a match, if there is redirects them to the account page. I found a sample script online which i used to create this and this part works great.
I'm trying to take things a bit further and display data from the matched SQL record on the webpage. From the research ive done it appears the best way to do this is to pass session variables to the account page.
Here is what I have setup
Page 1 - index.php This is a login page with a form that has entry for username and password. On submit, it runs checklogin.php
Page 2 - checklogin.php
<?php
session_start();
$host="localhost:3306"; // Host name
$username="**********"; // Mysql username
$password="**********"; // Mysql password
$db_name="galactek_myecl"; // Database name
$tbl_name="clients"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// set variables
$_SESSION['office_name'] = mysql_query("SELECT office FROM $tbl_name WHERE username='$myusername' and password='$mypassword'");
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:myecl.php");
}
else {
header( 'Location: http://www.galactek.com/support/offmaint.html' );
}
?>
Page 3 - myecl.php This is the page where I would like to display that data. Currently im trying to display just the Office Name but it keeps coming up as 0. If I hard-code the office name into the variable on the checklogin.php page, it comes across no problem.
<?php
session_start();
//if(!session_is_registered(myusername)){
// header("location:index.php");
// }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>
<body>
<p>You're HERE!</p>
<?php
echo $_SESSION['office_name']
?>
</body>
</html>
I'm fairly certain im overlooking something. I haven't had much exposure to PHP to be able to distinguish what the issue is. Any help would be greatly appreciated.
Upvotes: 2
Views: 1735
Answers (2)
Reputation: 8577
I think the problem is here:
$_SESSION['office_name'] = mysql_query("SELECT office FROM $tbl_name WHERE username='$myusername' and password='$mypassword'");
The function mysql_query does not return a string, but an object containing the result of the query. (See the documentation.) But in fact you already have the office in a result from a previous query, so there is no need to do another one. You can just use the variable $result from the first query you made:
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$row = mysql_fetch_assoc($result); //Get an array with the results.
$office = $row["office"]; //Get the office.
session_register($office); //Register the office with the session.
session_register("username");
session_register("password");
header("location:myecl.php");
}
Some further notes:
First, the mysql_ functions should be avoided. They are deprecated and will be removed. On top of that they are prone to security issues. It is recommended to use PDO or MySQLi instead. Here is a good beginners guide on MySQLi.
Second, session_register("username"); does not register the variable $username but the literal string "username". I am not sure that is what you want to do.
Third, the documentation says the following about using session_register:
Warning: This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
Consider using code like this instead:
$_SESSION['office'] = $row["office"];
Upvotes: 2
Reputation: 134
Could it be as simple as your echo statement in myecl.php needs a semi-colon?
Upvotes: 1
Related Questions
- PHP Pass variable to next page
- Pass the variable to next page PHP
- Passing data from one page to another using PHP Sessions
- Session not passing on the next page
- how to pass session variable to next page in PHP
- Session Variable not sending to next page
- Sending PHP variables to another page using Sessions:
- PHP Session Variables - passing through pages
- PHP session variables between pages
- PHP: $_SESSION variables not passing to the next webpage