0

How can I save 'date_time' which is a datetime type into a session so I can display ex. "Registered 2013-04-09 15:45:20" on the page secret_place.php

I have this code in login.php

$query = mysql_query("SELECT `user`, `pass`, `date_time` FROM `database` WHERE user = '".$user."' AND pass = '".$pass."' LIMIT 1");
if (mysql_num_rows($query) > 0) {
$_SESSION['logged'] = true;
$_SESSION['user'] = $user;

header('Location: secret_place.php');
}
Niklas Lundin
  • 23
  • 1

2 Answers2

0

Give this a try,

$query = mysql_query("SELECT `user`, `pass`, `date_time` FROM `database` WHERE user = '".$user."' AND pass = '".$pass."' LIMIT 1");
if (mysql_num_rows($query) > 0) 
{
   $_SESSION['logged'] = true;
   $_SESSION['user'] = $user;
   while ($row = mysql_fetch_assoc($query)) 
   {
       $_SESSION['date_time'] = $row['date_time'];
   }
   header('Location: secret_place.php');
}
John Woo
  • 258,903
  • 69
  • 498
  • 492
0

There are some serious issues, here: First of all, please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial. That way you'll also prevent SQL injection attacks, right now your code is wide open to them.

Also do not store plain password in the DB. Store it hashed, using some proper lib, like PasswordLib

Zoe
  • 27,060
  • 21
  • 118
  • 148
ulentini
  • 2,413
  • 1
  • 14
  • 26
  • This might be a very good suggestion, but is it really an answer to the question? Doesn't mention anything related to question – Hanky Panky Apr 09 '13 at 14:27
  • I use: mysql_real_escape_string and htmlentities in my code. The password is salted and I don't use md5 for password. I will look into PDO and MySQLi nevertheless. Thank you. – Niklas Lundin Apr 09 '13 at 14:56