...

View Full Version : using mysql row as session



amcf1992
09-21-2011, 10:44 PM
ok well instead i am writing a login, and when I log out and go back to account.php, where the user data is, it is still there, so I'm thinking instead to doing this


while($row = mysql_fetch_array($result))
{
echo "<i>Dashboard</i>";
echo "<BR />";
//echo $row['firstname'] . " " . $row['lastname'];
echo "<BR />";
echo "<h5>Account Type:</h5> ";
if($row['account']=='')

echo "<h4><a href=\"setaccount.php\"> Select an account type </a></h4>";
else {

echo $row['account'];
}
echo "<BR />";
echo "<h5>Billing Address: </h5>";
echo $row['address'];


}




I can do this



while($row = mysql_fetch_array($sql)){

$_SESSION['id'] = $row['id'];
$_SESSION['password'] = $row['password'];
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['lastname'] = $row['lastname'];
$_SESSION['address'] = $row['address'];


}

Any help with this would be awesome. Thanks

Old Pedant
09-22-2011, 03:42 AM
Why would you use a while loop???

If you *do* get more than one record, then you will be setting the session values to only the *LAST* one of the multiple records.

I would think that the worst of all worlds would be to get more than one record from a login attempt.

amcf1992
09-22-2011, 04:36 AM
What would I use instead? Btw thank you for all your help on this and previous threads :D

Old Pedant
09-22-2011, 04:57 AM
I would think just if.


if($row = mysql_fetch_array($sql)){


Unless you have a really good reason, I wouldn't store the password in a session value. No point in having that vulnerability there. Yes, it's a remote vulnerability, but...

amcf1992
09-22-2011, 05:16 AM
well this is what I changed and I got an error:




if($row = mysql_fetch_array($sql)){

$_SESSION['id'] = $row['id'];
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['lastname'] = $row['lastname'];
$_SESSION['address'] = $row['address'];
//to be sure session variable are set, I echo them
echo $_SESSION['id'];
echo $_SESSION['firstname'];
echo $_SESSION['lastname'];
echo $_SESSION['address'];


}


Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /path/account.php on line 29

amcf1992
09-22-2011, 06:26 AM
Okay we'll I found the error
instead of

<?php
if($row = mysql_fetch_array($sql)){

$_SESSION['id'] = $row['id'];
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['lastname'] = $row['lastname'];
$_SESSION['address'] = $row['address'];

echo $_SESSION['id'];
echo $_SESSION['firstname'];
echo $_SESSION['lastname'];
echo $_SESSION['address'];


}



?>


I did


<?php
if($row = mysql_fetch_array($result)){

$_SESSION['id'] = $row['id'];
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['lastname'] = $row['lastname'];
$_SESSION['address'] = $row['address'];

echo $_SESSION['id'];
echo $_SESSION['firstname'];
echo $_SESSION['lastname'];
echo $_SESSION['address'];


}



?>

amcf1992
09-22-2011, 06:27 AM
In order to empty these variables (logout), what code do i need to write

Old Pedant
09-22-2011, 05:14 PM
http://php.net/manual/en/function.session-destroy.php

Again, I don't use PHP, but it was easy enough to find that page in the docs.

amcf1992
09-22-2011, 06:21 PM
I tried that already, this is my code


<?php

// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}

// Finally, destroy the session.
session_destroy();



echo '<META HTTP-EQUIV="Refresh" Content="0; URL=login.php">';
?>

Old Pedant
09-22-2011, 06:45 PM
Well, this is PHP question now, not MySQL. Out of my area. Sorry.

amcf1992
09-22-2011, 07:01 PM
thanks for your help! Ill post this in the php forum, take care :D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum