Session myusername

Question

I am trying to Echo $_SESSION["myusername"]. I can login to my page but I can not Echo myusername. I get the following error. Undefined variable: myusername in C:....

checklogin.php page is as follows

<?php

ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="techdb"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
  $_SESSION['myusername']=$myusername;
  $_SESSION['mypassword']=$mypassword;

  header("location:technicianform.php");
} else {
  echo "Wrong Username or Password";
}

ob_end_flush();
?>

And my technicianform.php page is

<?php
session_start();

if( isset($_SESSION['$myusername']) ){
  header("location:checklogin.php");
}
?>

<html>
<body>
  <p>Login Successful</p>
  <?php echo $_SESSION["myusername"]; ?>
  <p><br/>

  <br/><br/><a href='Logout.php'>Click here to log out</a></p>
</body>
</html>

Login process works but I can't seem to echo myusername. Your help is much appreciated.

You never called `session_start()` before trying to set the session value. You're also calling the session value by two different names. You're also ***storing user passwords in plain text*** which is a ***famously bad idea***. — David, Mar 16 '16 at 16:16
You're using an MySQL interface library that as of PHP 7 no longer exists. You need to update your code to mysqli or PDO. — GordonM, Mar 16 '16 at 16:18

score 0 · Answer 1 · answered Mar 16 '16 at 16:17

For creating session variables in checklogin.php file you need to start your session.

You are getting undefined index notice becuase you are missing following:

session_start(); // add in checklogin.php file

And the second issue is that:

$_SESSION['$myusername']

Should be:

$_SESSION['myusername']

Side note:

Stop using mysql_* extension its deprecated and closed in PHP 7. Use mysqli_* or PDO.

score 0 · Answer 2 · answered Mar 16 '16 at 16:17

0

Simply remove this $ sign.

Change:

 if( isset($_SESSION['$myusername']) )

To

 if( isset($_SESSION['myusername']) )

Also, in checklogin.php you need to mention

session_start();

Hope this helps.

Peace! xD

answered Mar 16 '16 at 16:17

Indrasis Datta

8,692
2
14
32

score 0 · Answer 3 · answered Mar 16 '16 at 16:32

    **Try This.**





login.php

    <?php

     session_start();
     $host="localhost"; // Host name
     $username="root"; // Mysql username
     $password=""; // Mysql password
     $db_name="techdb"; // Database name
     $tbl_name="members"; // Table name

      // Connect to server and select databse.
       mysql_connect("$host", "$username", "$password")or die("cannot connect");
      mysql_select_db("$db_name")or die("cannot select DB");

    if(isset($_POST['submit'])){
     $myusername=trim($_POST['myusername']);
     $mypassword=trim($_POST['mypassword']);




       $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
       $result=mysql_query($sql);

       // Mysql_num_row is counting table row
      $count=mysql_num_rows($result);

      // If result matched $myusername and $mypassword, table row must be 1 row

      if($count== 1){


       $_SESSION['myusername']=$myusername;
       $_SESSION['mypassword']=$mypassword;

       header("location:technicianform.php");
       }
       else {
       echo "Wrong Username or Password";
       }

    }
       ?>



       <form method="post">
     <label>username :</label><input type="text" name="myusername"></br>
      <label>password :</label>  <input type="password" name="mypassword"></br>
         <input type="submit" name="submit" value="submit">
       </form>`

technicianform.php

<?php
   session_start();

   if( isset($_SESSION['$myusername']) ){

   header("location:checklogin.php");

   }
   ?>

   <html>
   <body>
   <p>Login Successful</p>
   <?php

    echo $_SESSION["myusername"];

    ?>
    <p><br/>

    <br/><br/><a href='Logout.php'>Click here to log out</a></p>
    </body>
    </html>

Introducing SQL injection vulnerabilities in an answer is generally a bad idea. — David, Mar 16 '16 at 17:26
Where you find sql injection vulnerabilities. Please explain so I can improve. — Passionate Coder, Mar 16 '16 at 18:33
You are directly executing user input as code in your SQL. Please take a look here: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — David, Mar 16 '16 at 18:37

Session myusername

3 Answers3