PHP use a variable from a different file

Question

I have a login page which records the username that the user enters and adds it to a variable of $uname. However when the page after the login page loads, I cannot echo the $uname. For example, when i type

Welcome <?php echo $uname; ?>

it does not insert the username.

below is a copy of my login-validation code. but I am not sure if the $_SESSION variable is working correctly, or how to reference it in my profile.php file.

<?php
session_start();
  $_SESSION['uname'] = $uname;

// Grab User submitted information
$uname = $_POST["uname"];
$pass = $_POST["pass"];

// Connect to the database
$con = mysql_connect("mysql.*********.co.uk","******","************");
// Make sure we connected succesfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

// Select the database to use
mysql_select_db("onedirectionaffection_members",$con);

$result = mysql_query("SELECT uname, pass FROM users WHERE uname = $uname");

$row = mysql_fetch_array($result);

if($row["uname"]==$uname && $row["pass"]==$pass)
  header("Location: ../../profile/profile.php");
else
    echo"Sorry, your credentials are not valid, Please try again.";


?>

If anyone could help I would be hugely thankful. Also, I am an absolute beginner at all of this so if you need anymore details I'll try my best to answer.

profile.php

<?php
session_start();
echo $_SESSION['uname'];
  ?>
<html>

  <head>
    <title>1D Affection</title>
    <link rel="stylesheet" Type="text/css" href="../css/stylesheet.css" />
    <link rel="stylesheet" Type="text/css" href="../css/font.css" />
    <link rel="stylesheet" Type="text/css" href="../css/profile.css" />
  </head>

  <body bgcolor="white">

    <div id="wrapperhead">
      <div id="headcont">
        <div class="logo">
          <img src="../images/1DA logo ripped.png" height="150px">
        </div>

        <div class="subheading">
          <img src="../images/1d subheading.png" height="150px">
        </div>
      </div>


      </div> <!--END OF HEADER-->
    <div id="nav">




      <div class="navigation">

        <ul>

          <li><a class="nav" href="../index.html">Home</a></li>
          <li><a class="nav" href="#">News</a></li>
          <li><a class="nav" href="#">Fan-fiction</a></li>
          <li><a class="nav" href="#">Gallery</a></li>
          <li><a class="nav" href="#">Testimonials</a></li>
          <li><a class="nav" href="http://www.onedirectionstore.com/" target="_blank">Store</a></li>

        </ul>

      </div> <!-- END OF MENU-->
         <!-- END OF NAVIGATION-->
    </div>

      <div id="wrappercontent">
        <div class="content">
          <div class="maincont">
            <div class="profcust">


          <div class="profpic">

            </div>

            <div class="profinfo">

            </div>
            </div>

        <div class="username">
         Welcome <?php session_start(); echo $uname; ?>
            </div>

        <div class="story">

            </div>



          </div>
      <div class="sidenav">
        Coming Soon

          </div>


        </div><!--end of content-->

    </div>


  </body>

</html>

Shouldn't you be grabbing the user information before setting the `$_SESSION` variable for `$uname`. — j0hnstew, Nov 30 '13 at 16:35
For reference: Your SQL has a gaping security hole in it: sql-injection. Please take note that the code above should be used purely as demo-code and should never be used like this in production. — berkes, Nov 30 '13 at 16:37
Do you have any advice on how to protect it from an injection attack? thanks — RJcreatives, Nov 30 '13 at 16:47
You have 2x instances of `session_start();` inside `profile.php` you're creating a new session while overwriting your first. @RJcreatives — Funk Forty Niner, Nov 30 '13 at 17:00

score 2 · Answer 1 · answered Nov 30 '13 at 16:33

2

Seems like you haven't added session_start(); on top of your profile.php page.

Try like this

//profile.php
<?php
session_start();
echo $_SESSION['uname'];

answered Nov 30 '13 at 16:33

Shankar Narayana Damodaran

68,075
43
96
126

I've tried adding your example and still no luck :( am I entering the php correctly in the welcome message? Welcome – RJcreatives Nov 30 '13 at 16:37
Try changing your query like `$result = mysql_query("SELECT uname, pass FROM users WHERE uname = '$uname'");` – Shankar Narayana Damodaran Nov 30 '13 at 16:41

score 2 · Answer 2 · answered Nov 30 '13 at 16:36

2

This is probably a good part of the issue.

$_SESSION['uname'] = $uname;
$uname = $_POST["uname"];

Your setting your session's uname to blank on every load of that page. Put $_SESSION['uname'] = $uname; at the end of the code when it's validated.

answered Nov 30 '13 at 16:36

Deryck

7,608
2
24
43

Still no luck :( I will add my profile.php code into the question so you can have a better look. Thanks – RJcreatives Nov 30 '13 at 16:40
`$uname` is not global - you have to reset it manually on that page again. The part that you say `echo $_SESSION['uname']` should be `$uname = $_SESSION['uname'];` – Deryck Nov 30 '13 at 16:45

score 2 · Answer 3 · answered Nov 30 '13 at 16:44

1) You need to add a value to $uname first, then assign its value to $_SESSION element, so it's better be like this:

$uname = $_POST['uname'];
$_SESSION['uname'] = $uname;

or even like this:

$_SESSION['uname'] = $_POST['uname'];

2) As already mentioned, At profile.php you should also have session_start();

3) Make a clean exit like this:

header("Location: ../../profile/profile.php");
exit();

My bet is that it should be working fine after.

score 1 · Answer 4 · answered Nov 30 '13 at 16:46

1

Some how, this is now working. From what I can figure out, the solution was to call in the $_SESSION variable, and then wrap that inside another variable. so

<?php
session_start();
$uname = $_SESSION['uname'];
  ?>

Thanks for all the help :D

answered Nov 30 '13 at 16:46

RJcreatives

45
1
2
9

I included some added information in [my answer](http://stackoverflow.com/a/20302859/1415724) at the bottom which will prove to be beneficial, concerning [berkes' comment](http://stackoverflow.com/questions/20302674/php-use-a-variable-from-a-different-file#comment30294101_20302674) – Funk Forty Niner Nov 30 '13 at 20:54

score 1 · Answer 5 · edited May 23 '17 at 12:19

session_start(); needs to be inside all pages using sessions.

I tested the following:

<?php 
session_start(); // page_2.php
echo "Welcome " . $_SESSION['uname'];
?>

In conjunction with my test page: page_a.php

<?php 
session_start(); 
$uname = "FRED";
$_SESSION['uname'] = $uname; 
?>

<a href="page_2.php">CLICK</a>

Echo'ed Welcome FRED on page 2.

I also noticed you have another instance of session_start(); in your page profile.php, remove it because you will be starting a new session while overwriting your first.

<div class="username">
Welcome <?php session_start(); echo $uname; ?>
</div>

Therefore you should be using:

$uname = $_SESSION['uname'];

in conjunction with:

<div class="username">
<?php echo "Welcome " . $_SESSION['uname']; ?>
</div>

As berkes stated in this comment you have a security issue:

$uname = $_POST["uname"];
$pass = $_POST["pass"];

Change it to:

$uname = mysql_real_escape_string($_POST['uname']);
$pass = mysql_real_escape_string($_POST['pass']);

MySQL_ functions are deprecated, therefore using MySQLi_ with prepared statements is highly suggested or PDO.

Do read the following articles:

How can I prevent SQL injection in PHP?
On owasp.org

PHP use a variable from a different file

5 Answers5