regarding php session

[ravi951]

tell me how to do
1)check session is present or not
2)until there is a session then it must redirect to page "products.php"
3)if there is no session also create one session and then redirect to the
page "products.php"

[JShor]

PHP Code:

<?php

session_start();

if(isset($_SESSION['session_variable_name'])) {
// session is set.
} else {
// Session is not set.

// Create session.
$_SESSION['session_name'] = "content";

//  Redirect to "products.php".
header("Location: products.php");
}

?>

[ravi951]

when session_start() itself creates session then why again u explicitly
created session as below
// Create session.
$_SESSION['session_name'] = "content";

[djr33]

There's no need for anything that complex, especially if you don't understand sessions yet. There are very few circumstances in which you need to check if a session exists, or anything like that.

This is very simple. Add this to the very beginning of every page on your site. Remember that you do not need it on included pages because the session will already be started by the main page.

<?php session_start(); ?>

Or, if you have more PHP:

<?php
session_start();
.....

[ravi951]

when we write a code as
<?php
session_start();
//program continue
//
?>
then we will be in the session only till we close the window or when we
explicitly declare session_destroy()
right

[djr33]

Generally, yes. The session can also end if it is not renewed within a certain amount of time, sometimes 15 minutes, sometimes longer. You can control some of this if you want, using php.ini (or some functions in your pages), but usually it will not matter. Closing the window also won't always destroy the session, but closing the browser (entire program) will.


Sessions are easy to use, and they last for a "session". You can also use session_destory() to end it intentionally. Everything else is not usually important.

[ravi951]

then what is the difference between session_destroy() and session_unset()

[djr33]

session_destroy() turns sessions off. session_unset() deletes the information in the session but continues the session. It is like session_destory() + session_start().

For information on specific functions, please learn to use php.net. The function reference section is easy to use and has all of the information you will need about most functions.

[ravi951]

PHP Code:

<?php

session_start();

if(isset($_SESSION['session_variable_name'])) {
// session is set.
} else {
// Session is not set.

// Create session.
$_SESSION['session_name'] = "content";

//  Redirect to "products.php".
header("Location: products.php");
}

?>

hi
tell me whether this code is correct or not

PHP Code:

<?php 
session_start();
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()"); 
$result = mysql_query("SELECT * FROM login WHERE username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'"); 
$rows=mysql_num_rows($result);
if(!isset($_SESSION['username']))
{
$_SESSION['username'] = $_POST['username'];
header("Location:products.php");
} 
else 
{
$_SESSION['username']= time();
header("Location:products.php");
}
?>

[JShor]

Your code is valid, but it seems like setting the username as a POST variable is a huge security issue. You should check whether the username:
1. Exists.
2. Matches a POSTed password.

You should also sanitize the input. A malicious user can create HTTP/MySQL injections.

Also, this doesn't work: or die("mysql_error()"); . mysql_error() is a function, not a variable. Remove the double quotes and it should be fine.