trying to figure of variable issues in php without using session for mysql database connection

Question

I will describe my problem in two parts (previous problem and current problem).

Previous Problem:

Initially, on page3.php, I wasn't able to retrieve the username using the session variable and hiding //require('../myDBFolder/db.php'); solved the problem and I was able to see the username on that page.

Current Problem:

Since, I have commented out the line //require('../myDBFolder/db.php');, I am not able to access the other variables defined in db.php like $connection variable and hence I am trying to figure out how to make sure I have $connection variable available in page3.php.

A Quick explanation of the working of files is in the following order: User submits username from page1.html, page2.php does the authorization work with db.php as required file and upon successful authorization, it directs the user to page3.php.

Please consider my files below:

page1.html

<form method="post" action= "page2.php"  name="lform">
  <span class="style1">User Name :</span>  
    <input type="text" name="user" size="25">
    <input type="submit" value="login">
</form>

db.php

<?php
session_start(); 
$user = $_POST["user"]; 
$_SESSION['username']=$user;

$db_server      = "localhost"; 
$db_name        = "PracticeDB"; 
$db_user        = $user;

$table_name_data = "collegestudents";

$connection = mysqli_connect($db_server,$db_user,$db_password) or trigger_error("Could Not Connect to the Database :   ". mysqli_connect_error(), E_USER_ERROR);
$db = mysqli_select_db($connection , $db_name) or trigger_error("Could Not Select the Database : " . $db_name . ':' .mysqli_error($connection));
?>

page2.php

<?php
session_start();
require('../myDBFolder/db.php');

$user = $_POST["user"]; 
$_SESSION['username'] = $user;

$sql="SELECT * FROM $table_name_users WHERE username = \"$user\"";
$result=mysqli_query($connection,$sql) or trigger_error("Couldn't Execute Query in page2.php: ". mysqli_error($sql));
$num = mysqli_num_rows($result);

if ($num != 0) {

    print "<script>";
    print "self.location='page3.php';";
    print "</script>";

} else {
echo "<p>you're not authorized";
}

?>

page3.php

<?php
session_start();

//require('../myDBFolder/db.php');

$user = $_SESSION['username'];
$sql = "SELECT * FROM $table_name_data WHERE username = '$user'";
$result = mysqli_query($connection,$sql) or trigger_error("Could Not Execute  the Query ! :   ". mysqli_error($connection));

?>

Troubleshooting Steps:

1) I have tried to include require('../myDBFolder/db.php'); in page3.php file and it solves the problem of $connection parameter but I don't see username coming onto that page via session for some reason and also by including //require('../myDBFolder/db.php'); in page3.php I will be making db connection twice as I have already done that in page2.php and haven't closed it.

2) Another thing, I was looking at some of the threads discussed before like this one, it seems like storing $connection in a session variable is not a good idea.

After quick view: Why are you overriding in the db.php (tha only should do a db conection) the session without any check? `$user = $_POST["user"];$_SESSION['username']=$user;` Is the user always posted via a form on your page? — JustOnUnderMillions, Jan 31 '17 at 16:02
@JustOnUnderMillions By overriding I think you mean why I am using `$user = $_POST["user"];$_SESSION['username']=$user;` in `db.php`. It's because I need to catch the user details for `$db_user ` variable. Yeah, user is always posted via a form on the following php pages. — John, Jan 31 '17 at 16:06
And `storing $connection in a session` is the wrong way. session are for transporting data from an equest to an request, but a connection must be reopen on each request. You can use `$_SESSION['connection']` because $_SESSION works like every ohter variable, but it make no sense here. Just use a global variable. — JustOnUnderMillions, Jan 31 '17 at 16:07
`user is always posted via` Nope, not always, because of this : `"self.location='page3.php';"` if this runs, no POST data is send. — JustOnUnderMillions, Jan 31 '17 at 16:07
@JustOnUnderMillions I see what you are saying. How can I rectify that problem of losing POST data then with `self.location='page3.php'` ? — John, Jan 31 '17 at 16:09
Can that explain in detail, but the only place where a form is given is in `page1.html` but all other pages 1-3 no form is present but all include db.php and try to access $_POST. Thing you shoul rething your lgoin logic and use of session and the login-part. QuicklookupLink: http://phppot.com/php/php-login-script-with-session/ to get an idea :) — JustOnUnderMillions, Jan 31 '17 at 16:12
Also, I am able to get the user details with the line `$user = $_SESSION['username'];` in `page3.php`. Were you saying that it shouldn't work because of `"self.location='page3.php';"`? — John, Jan 31 '17 at 16:12
After you removed the db.php line ?? This `self.location='page3.php';` is just an simple GET request nothing more, no POST data given. — JustOnUnderMillions, Jan 31 '17 at 16:13
@JustOnUnderMillions Yes. It works only after I removed `db.php` line otherwise it doesn't work. — John, Jan 31 '17 at 16:14
May hint&tips are point to the case that you have not removed db.php, because you still need your db connection, or? — JustOnUnderMillions, Jan 31 '17 at 16:14
I am sorry I didn't understand your last comment properly. Could you please elaborate. — John, Jan 31 '17 at 16:16

JustOnUnderMillions · Accepted Answer · 2017-01-31T16:22:55.383

Just to point in a direction:

Change this

$user = $_POST["user"]; 
$_SESSION['username'] = $user;

to

if(isset($_POST["user"])){
 $user = $_POST["user"]; 
 $_SESSION['username'] = $user;
}

So, only update the SESSION if POST is given.

By the way, it is not good practise to give each user an db user account. Your SQL check if a user is in the database, but your connectin also uses this username!? Rething that..

If you only use one db_user you can move the session username setting stuff completly from the db.php and move it to a better place (e.g. session.php).

score 0 · Answer 2 · answered Jan 31 '17 at 16:20

the error of you dont see the username if you require db.php is : in your db.php first thing to do is to put the username in the session so when you call it from the page3 you the code put blank in the session

this code

$user = $_POST["user"]; 
$_SESSION['username'] = $user;

There is two solution for that : 1 - put connection in one file and the session put in the other file

$user = $_POST["user"]; 
$_SESSION['username'] = $user;

in different file of connection

2 - the second is you put if condition before this code like this

if(!empty($_POST["user"])) {
$user = $_POST["user"]; 
$_SESSION['username'] = $user;
}

try it .

trying to figure of variable issues in php without using session for mysql database connection

2 Answers2