tell me how to do
1)check session is present or not
2)until there is a session then it must redirect to page "products.php"
3)if there is no session also create one session and then redirect to the
page "products.php"
Printable View
tell me how to do
1)check session is present or not
2)until there is a session then it must redirect to page "products.php"
3)if there is no session also create one session and then redirect to the
page "products.php"
PHP Code:<?php
session_start();
if(isset($_SESSION['session_variable_name'])) {
// session is set.
} else {
// Session is not set.
// Create session.
$_SESSION['session_name'] = "content";
// Redirect to "products.php".
header("Location: products.php");
}
?>
when session_start() itself creates session then why again u explicitly
created session as below
// Create session.
$_SESSION['session_name'] = "content";
There's no need for anything that complex, especially if you don't understand sessions yet. There are very few circumstances in which you need to check if a session exists, or anything like that.
This is very simple. Add this to the very beginning of every page on your site. Remember that you do not need it on included pages because the session will already be started by the main page.
<?php session_start(); ?>
Or, if you have more PHP:
<?php
session_start();
.....
when we write a code as
<?php
session_start();
//program continue
//
?>
then we will be in the session only till we close the window or when we
explicitly declare session_destroy()
right
Generally, yes. The session can also end if it is not renewed within a certain amount of time, sometimes 15 minutes, sometimes longer. You can control some of this if you want, using php.ini (or some functions in your pages), but usually it will not matter. Closing the window also won't always destroy the session, but closing the browser (entire program) will.
Sessions are easy to use, and they last for a "session". You can also use session_destory() to end it intentionally. Everything else is not usually important.
then what is the difference between session_destroy() and session_unset()
session_destroy() turns sessions off. session_unset() deletes the information in the session but continues the session. It is like session_destory() + session_start().
For information on specific functions, please learn to use php.net. The function reference section is easy to use and has all of the information you will need about most functions.
hiQuote:
Originally Posted by JShor
tell me whether this code is correct or not
PHP Code:<?php
session_start();
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()");
$result = mysql_query("SELECT * FROM login WHERE username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'");
$rows=mysql_num_rows($result);
if(!isset($_SESSION['username']))
{
$_SESSION['username'] = $_POST['username'];
header("Location:products.php");
}
else
{
$_SESSION['username']= time();
header("Location:products.php");
}
?>
Your code is valid, but it seems like setting the username as a POST variable is a huge security issue. You should check whether the username:
1. Exists.
2. Matches a POSTed password.
You should also sanitize the input. A malicious user can create HTTP/MySQL injections.
Also, this doesn't work:or die("mysql_error()");.mysql_error()is a function, not a variable. Remove the double quotes and it should be fine.
hi please tell me how to modify the code as u mentioned
PHP Code:<?php
session_start();
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("shopping") or die(mysql_error());
$result = mysql_query("SELECT * FROM login WHERE username='" . mysql_escape_string($_POST['username']) . "' AND password='" . mysql_escape_string($_POST['password']) . "'");
// The array of data returned from MySQL.
$r = mysql_fetch_array($result);
$rows=mysql_num_rows($result);
if(!isset($_SESSION['username']))
{
// Check if the username/password matches, THEN set a session.
if($rows > 0) {
// Set session.
$_SESSION['username'] = $_POST['username'];
}
header("Location:products.php");
}
else
{
$_SESSION['username']= time();
header("Location:products.php");
}
?>
thank you it helped me a lot
in line $r = mysql_fetch_array($result);
the variable $r is never used any where in the code u posted
Whoops. I meant to change this line:
...to this:PHP Code:$_SESSION['username'] = $_POST['username'];
PHP Code:$_SESSION['username'] = $r["username"];
whats the difference $_POST['username'] and $r['username']
make
They're different variables. $r is the row from the mysql query. $_POST is the post data as originally sent during the request from the browser (usually from a form).
hi,Quote:
Originally Posted by JShor
in the else part below
else
{
$_SESSION['username']= time();
header("Location:products.php");
}
this will be reached when both the username and password not matched.right..
my question is if both username and password are internally in the database
then there is no way of changing it.
since there is no way the passwords matching fails
then it will never direct to else part.is that so...
The query searches for the password based on the submitted (POST) username and submitted (POST) password. If any result is found that means the correct username and password were submitted. So, checking for a result is the same as verifying that the stored password is the same as the submitted password.
Honestly, I think you need to go through some introductory PHP tutorials, maybe some for MySQL also, so that you understand the basics. It's not easy to start with complicated scripts, but it won't at all to keep guessing about these things.
A good exercise to learn is to go through code and add comments for every line. What does that line do? Why is it there? How does it interact with code before and after? Once you understand what each line does, then you need to think about how it all fits together toward your goal. Then you'll begin to understand how PHP works.