I use variables in different php files without using session_start(). What am I missing about session_start() and when should I use this function?

Question

I am new to PHP. I am doing a little project (where I read data, a password, from a database) to learn PHP and I am using some variables that I obtain in a form in different PHP files. I thought I should use session_start() and the global variable $_SESSION to use the same variables in different PHP files. Below it is my code, I have this files in one folder: index.php(HTML and forms), conn.php(connection to the database), login.php (file where I read data from database)

Can someone explain to me why I don't need to use session_start() in this case and in what specific situations I need to use the global variable $_SESSION?

index.php:

<?php
include_once "conn.php";

?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Document</title>
    <link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>

    <form id="login" method="POST" action="login.php">
        <label for="loginUsername">Username</label>
        <input type="text" id="loginUsername" name="loginUsername">
        <br>
        <label for="loginPassword">Password</label>
        <input type="password" name="loginPassword" id="loginPassword"><br>
        <input type="submit" name="login" value="Login">
    </form>
</body>
</html>

conn.php:

<?php
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "loginsystem";

    $conn = mysqli_connect($servername, $username, $password, $dbname);

login.php:

<?php
    include_once "conn.php";


    if(isset($_POST["login"])){

        $username = $_POST["loginUsername"];
        $password = $_POST["loginPassword"];

        echo $password;
        $sql = "SELECT password FROM users WHERE username=?;";

        $stmt = mysqli_stmt_init($conn);

        mysqli_stmt_prepare($stmt, $sql);
        mysqli_stmt_bind_param($stmt, 's', $username);
        mysqli_stmt_execute($stmt);

        $result = mysqli_stmt_get_result($stmt);
        while($row=mysqli_fetch_assoc($result)){
            echo $row["password"];
        }

    }

Answer 1

if I understood you correctly you are wondering why you can access variables from one script in an other script.

The answer is simple: whenever you call include or require, everything in your included code - all variables and methods - are available in the caller script. This means that every single line of code of the included script is executed in the caller script.

This means that you have to be carefully how you handle includes: if you define a function in a script and include the script twice, PHP will throw an error where it says that the function with this name is already defined. To avoid this, you can use include_once or require_once.

Answer 2

You don't need sessions to use a variable in different php files. However you can use sessions to store and access data from different requests.

It could be the next step in your project. After a user logs in, she might be authorized to do . You don't want her to login for every task. So you need a way to allow her to perform those tasks without transmitting her password again.

This is an example where sessions could help you (or you could solve it in a different way).

But for the code you have now you don't need a session, it's fine as it is.

Answer 3

you need to use session_start in the first place,you can only use $ _SESSION variable after session_start I recommend you write the first line of config.php.