PHP variable declaration

Question

I have some simple system to upload files and keep track of them for each particular user, using a database.

The problem of mine is, I connect to the database in the file checklogin.php, which is responsible to handle the $_POST from main_login.php.

In file 'checklogin.php':

$current_user_name = NULL;

which is a global variable for all files. Now in file signup.php, I try to include the checklogin.php to define that variable:

require_once '/checklogin.php';
...
mysql_query("INSERT INTO " . tbl_name . " (username, userpassword, userisadmin) 
         VALUES (''" . $_POST['myusername'] . "',"
         . "'" . md5($_POST['mypassword']). "',"
         . "0)");
$current_user_name = $_POST['myusername'];
header("location:login_success.php");

As you can see, I'm trying to set the value of the variable $current_user_name = $_POST['myusername'];, but when header goes to the file login_success.php, which is having require_once '/checklogin.php'; too, the variable is set again to null.

How can I solve this problem? i.e. How can I store the current user so that it is accessible by all files?

Why not make `$current_user_name` as a `SESSION` variable instead ? — Shankar Narayana Damodaran, Feb 11 '14 at 06:48
Always sanitize your inputs from $_POST or $_GET before creating a query. http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php — Ed Capetti, Feb 11 '14 at 06:49
You really should never use global variables in PHP. You should use a session variable in order to keep track of things on a per-user basis. — Anid Monsur, Feb 11 '14 at 06:49
It seems you do not have a text field named `myusername`make sure you have it e.g `` otherwise you wouldn't e having a `NULL` — s3nzoM, Feb 11 '14 at 06:50
@meLove I'm doing this check before running the code snippet above: `if (array_key_exists('myusername', $_POST)` — user1234524521, Feb 11 '14 at 06:53

score 2 · Accepted Answer · answered Feb 11 '14 at 06:50

2

You cannot store a variable like that. Each request will be new execution in sever. In this kind situation we have to use session please check this

And another issue with your code is SQL injection, Please read this too

answered Feb 11 '14 at 06:50

Sanoob

2,466
4
30
38

score 1 · Answer 2 · answered Feb 11 '14 at 06:52

1

You can not access the Parameter received at checklogin.php

what you can do you can check the the login status and set the current user in session.

From session variable you can access and set the current user.

answered Feb 11 '14 at 06:52

Tushar Goel

11
2

Satish Sharma · Answer 3 · 2014-02-11T06:59:01.463

you can set a session variable for it and on every you can use it like this

session_start();
    if(isset($_SESSION['current_user_name']))
    {
      $current_user_name = $_SESSION['current_user_name'];
    }
    else
    {
      $current_user_name = NULL;
    }

and set your session variable as follows

session_start();
require_once '/checklogin.php';
////...
mysql_query("INSERT INTO " . tbl_name . " (username, userpassword, userisadmin) 
         VALUES (''" . $_POST['myusername'] . "',"
         . "'" . md5($_POST['mypassword']). "',"
         . "0)");
$current_user_name = $_POST['myusername'];
$_SESSION['current_user_name'] = $current_user_name; // set your session here
header("location:login_success.php");

Thank you, unfortunately I cannot choose more than one best answer ! — user1234524521, Feb 11 '14 at 07:05

PHP variable declaration

3 Answers3