0

When a user visits a certain page on my site the script below runs once. This works perfectly, but for some reason after it runs the one time, the session is cleared and is set to "0".

The session name is "user_zip" and here is the code that is somehow clearing the session.

$user_zip_query = "SELECT * FROM dev_cities WHERE city_zip = '".$_SESSION['user_zip']."'";
$user_zip = mysql_query($user_zip_query);
$userziprow = mysql_fetch_assoc($user_zip);
$state = $userziprow['city_state'];
$county = $userziprow['city_county'];
$city = $userziprow['city_name'];

Any idea what could be causing this?

The Session is started in an included class file with this code...

 public function __construct() {

        include_once("includes/userconfig.php");                  // include database constants        

        if ($this->checkDatabase()) {                   // check for database connection

            session_start();                            // create session
Budove
  • 403
  • 2
  • 8
  • 19

2 Answers2

1

Your code has quotes in the session which is also surrounding by quotes which is cancelling out the session change it to this:

$uzip = $_SESSION['user_zip'];
//highly recommend use add SQL injecton prevention here how ever
$user_zip_query = mysql_query("SELECT * FROM dev_cities WHERE city_zip = '$uzip'") or die(mysql_error());

$row = mysql_fetch_assoc($user_zip_query);
$state = $row['city_state'];
$county = $row['city_county'];
$city = $row['city_name'];
Sir
  • 8,135
  • 17
  • 83
  • 146
  • It is there and the variables are being used, it's just that this one variable "user_zip" is being cleared after running the script on this page and using the variable one time. – Budove Dec 31 '12 at 06:32
  • Can you update the script showing where you have session_Start(); i feel it is been unset some where else tan that particular snippet of code :) – Sir Dec 31 '12 at 06:32
  • I updated the original post to show where session_Start() is located. It's in an included class that is called from the beginning of all my pages. – Budove Jan 01 '13 at 18:24
  • before this query `$user_zip_query` echo the session and see if it ouputs any thing or if its not outputting anything. – Sir Jan 01 '13 at 20:12
  • Good thought. I did it and yes the session user_zip is displayed and is accurate in that position. Reloading the page though removed it and displays "0" – Budove Jan 01 '13 at 21:01
  • I echoed the session user_zip 'after' the snippet of code and it returned "Resource id #7". Is there some conflict with the name of my query? – Budove Jan 01 '13 at 21:04
  • How is it setting it in the first place? Some kind form submit? – Sir Jan 01 '13 at 21:05
  • Your query is fine from what i can see. But try this for more error info: http://www.paste.to/MjE3MzI4Mw== – Sir Jan 01 '13 at 21:07
  • @Budove add `echo 'test';` in `if ($this->checkDatabase()) { ` then refresh if you do not see test then we know session_start(); has not occured. At least it narrows down the possible causes. – Sir Jan 01 '13 at 21:11
  • Ok, when I echo 'test' there I'm getting this output... test Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at .../classes/Login.class.php:32) in .../classes/Login.class.php on line 33 – Budove Jan 01 '13 at 21:18
  • That is expected because you echo'test'; before the session_start(); but we were just testing it so you can remove that echo now. Now after this line: $userziprow = mysql_fetch_assoc($user_zip); echo the session user_zip... we need to find the precise line where the session becomes 0. – Sir Jan 01 '13 at 21:22
  • The echo $_SESSION['user_zip']; returns Resource id #7 after this line... $user_zip = mysql_query($user_zip_query); It returns the correct zip just before that line – Budove Jan 01 '13 at 21:29
  • 1
    Change your code to this : http://www.paste.to/MjE3Mzc4Ng== see if that fixes it. – Sir Jan 01 '13 at 21:33
  • Yep... that fixed it! Thank you! Do you know what was specifically causing the problem? – Budove Jan 01 '13 at 21:37
  • 1
    I'm not 100% sure but i think this : ` '".$_SESSION['user_zip']."'";` needed to be in curly brackets because ['user_zip'] uses quotes... which means it closes the quotes around the entire session. so it was reading it like this: `'".$_SESSION['` then `user_zip']."'` Which means session = 0. – Sir Jan 01 '13 at 21:40
  • Ahh. That makes sense. Thanks again for the help. I was pulling my hair out trying to figure this out. – Budove Jan 01 '13 at 21:42
  • No prob :) BTW you need to add sql injection prevention for security measures on your queries :) http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php – Sir Jan 01 '13 at 21:43
  • That's on the agenda before the site goes public. I'm going to go through all the code and do it at once. Thanks though. – Budove Jan 01 '13 at 21:44
  • No prob ! Enjoy ! And happy new year! – Sir Jan 01 '13 at 21:45
1

to use session what we need to do is

1 start session by

   The session_start() function must appear BEFORE the tag:

2 Storing a Session Variable like

    $_SESSION['bla']=blabla;

3 Destroying a Session

     To delete some session data, you can use the unset() or the session_destroy() function.

Good Read

  1. Session Handling
  2. PHP Security Guide: Sessions

Note

  1. The entire ext/mysql PHP extension, which provides all functions named with the prefix mysql_, is officially deprecated as of PHP v5.5.0 and will be removed in the future. So use either PDO or MySQLi

Good read

  1. The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead
Community
  • 1
  • 1
NullPoiиteя
  • 56,591
  • 22
  • 125
  • 143