View Full Version : store username and use in protected pages to display

05-15-2008, 11:13 AM


// username and password sent from form

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

// Mysql_num_row is counting table row
// If result matched $myusername and $mypassword, table row must be 1 row

// Register $myusername, $mypassword and redirect to file "login_success.php"
else {
echo "Wrong Username or Password";


is $myusername a session? can i use it in protected pages to display show is logged in?

05-15-2008, 03:34 PM
myusername and mypasword are not sessions themselves, rather they are stored within a session value. However, there are a few things that can cause you problems:

Cookies must be on for this one to work. Regardless of what the session.use_trans_sid is set at and whether you require cookies or not in your php.ini, your header call doesn't actually send the session variable with the client. If you want to go without cookies, you will need to run with

ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 0);
ini_set('session.use_trans_sid', 1); // for auto appending of sessioin id

then in your header('Location: login_success.php'); you will need to add the constant SID (so header('Location: login_success.php?' . SID);
session_register() is a deprecated method. As in, it will work today, but it will be removed in PHP 6. session_register() requires that register_globals are enabled in order to write session variables.

To get around the register globals problem, use the session handling of session_start() instead.

// All my code here
$_SESSION['myusername'] = $username; // I think you see how its done.
unset($_SESSION['myusername']); // to destroy it

Session_start() would now be required at the top of all of your pages.