Place MYSQL data into session variable to pass to next page

Question

I'm new to the world of PHP and have been researching things for days but appear to be stuck.

Im attempting to setup a small website to act as a customer account area with a MySQL database at the backend.

I have a webpage with a login form where a user enters their username and password. There is a php script that checks the SQL database to see if there is a match, if there is redirects them to the account page. I found a sample script online which i used to create this and this part works great.

I'm trying to take things a bit further and display data from the matched SQL record on the webpage. From the research ive done it appears the best way to do this is to pass session variables to the account page.

Here is what I have setup

Page 1 - index.php This is a login page with a form that has entry for username and password. On submit, it runs checklogin.php

Page 2 - checklogin.php

<?php
session_start();

$host="localhost:3306"; // Host name 
$username="**********"; // Mysql username 
$password="**********"; // Mysql password 
$db_name="galactek_myecl"; // Database name 
$tbl_name="clients"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['username']; 
$mypassword=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// set variables
$_SESSION['office_name'] = mysql_query("SELECT office FROM $tbl_name WHERE username='$myusername' and password='$mypassword'");


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to   file "login_success.php"
session_register("username");
session_register("password"); 
header("location:myecl.php");
}
else {
header( 'Location: http://www.galactek.com/support/offmaint.html' );
}

?>

Page 3 - myecl.php This is the page where I would like to display that data. Currently im trying to display just the Office Name but it keeps coming up as 0. If I hard-code the office name into the variable on the checklogin.php page, it comes across no problem.

<?php
session_start();
//if(!session_is_registered(myusername)){
// header("location:index.php");
// }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0    Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>

<body>

<p>You're HERE!</p>

<?php

echo $_SESSION['office_name']

?>

</body>

</html>

I'm fairly certain im overlooking something. I haven't had much exposure to PHP to be able to distinguish what the issue is. Any help would be greatly appreciated.

Try `$_SESSION['office_name']` and see what it contains. Because you are assigning resources to it. — frz3993, Jul 30 '15 at 18:26
I'd try `var_dump($_SESSION['office_name']);` That would let him see everything. — Michael McPherson, Jul 30 '15 at 18:31
Also, @MattLeach, is your myecl.php page totally blank? Because that would suggest to me that Tony's suggestion below is the culprit. — Michael McPherson, Jul 30 '15 at 18:33
Lol,@MichaelMcPherson i missed the var_dump in my first comment. — frz3993, Jul 30 '15 at 18:37
$_SESSION['office_name'] returns nothing var_dump($_SESSION['office_name']); returns int(0) — Matt Leach, Jul 30 '15 at 18:38
If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jul 30 '15 at 18:45
As stated im fairly new to php and this is just sample code I foud. I guess ill spend some more time learing to use what has not been depreceated. — Matt Leach, Jul 30 '15 at 18:54

score 2 · Answer 1 · edited Jul 31 '15 at 19:44

I think the problem is here:

$_SESSION['office_name'] = mysql_query("SELECT office FROM $tbl_name WHERE username='$myusername' and password='$mypassword'");

The function mysql_query does not return a string, but an object containing the result of the query. (See the documentation.) But in fact you already have the office in a result from a previous query, so there is no need to do another one. You can just use the variable $result from the first query you made:

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
    // Register $myusername, $mypassword and redirect to   file "login_success.php"
    $row = mysql_fetch_assoc($result); //Get an array with the results.
    $office = $row["office"]; //Get the office.
    session_register($office); //Register the office with the session.
    session_register("username");
    session_register("password"); 
    header("location:myecl.php");
}

Some further notes:

First, the mysql_ functions should be avoided. They are deprecated and will be removed. On top of that they are prone to security issues. It is recommended to use PDO or MySQLi instead. Here is a good beginners guide on MySQLi.

Second, session_register("username"); does not register the variable $username but the literal string "username". I am not sure that is what you want to do.

Third, the documentation says the following about using session_register:

Warning: This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.

Consider using code like this instead:

$_SESSION['office'] = $row["office"];

In regards to the session_register("username") that was part of the sample code I used. — Matt Leach, Jul 30 '15 at 18:44
using your example above, would I still use $_SESSION to show the variable on the myecl.php page? — Matt Leach, Jul 30 '15 at 18:45
Then perhaps that is what you want to do. Anyway, I have added a comment about using `session_register`. — Anders, Jul 30 '15 at 18:47

score 1 · Answer 2 · answered Jul 30 '15 at 18:28

1

Could it be as simple as your echo statement in myecl.php needs a semi-colon?

answered Jul 30 '15 at 18:28

Tony Vance

134
1

I think that would cause a syntax error, and not a `0` being echoed. – Anders Jul 30 '15 at 18:40
2

Please do not use answers to ask questions. – Jay Blanchard Jul 30 '15 at 18:46

Place MYSQL data into session variable to pass to next page

2 Answers2