Is there anyway to include certain variables from one php file and receive them in another file?

Question

Is there anyway to include certain variables from one php file and receive them in another file? I know you can include a whole file but in my case the program would not work because the program would try to redirect to user_details.php inside that file. So instead I tried to do include 'process.php.$username'; in user_details.php but that doesn't work.

Any help would be appreciated thanks.

Here is my code:

process.php

    $username = $_POST["user"];
    $password = $_POST["pass"];

    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

    mysql_connect("localhost", "root", "");
    mysql_select_db("message_board");

    $result = mysql_query("select * from users where username = '$username' and password = '$password'") or die("Failed to query database ".mysql_error());

    $row = mysql_fetch_array($result);

    if ($row["username"] == $username and $row["password"] == $password) {
        echo "Login success! Welcome ".$row["username"], " and ".$row["user_permissions"];
        header('location: user_details.php');
    } else {
        echo "Failed to login! \n";
        echo '<a href="login.php">Back to Login</a>';
    }

user_details.php

<html>
<head>
    <title>user_details</title>
</head>
<body>
    <div id="main">
        <?php
            include 'process.php.$username';
            include 'process.php.$password';

            mysql_connect("localhost", "root", "");
            mysql_select_db("message_board");

            $result = mysql_query("select * from users where username = '$username' and password = '$password'") or die("Failed to query database ".mysql_error());

            $row = mysql_fetch_array($result);

            echo "user permissions: ".$row["username"].$row["user_permissions"];
        ?>
        </div>
</body>
</html>

***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jul 14 '17 at 21:01
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Jul 14 '17 at 21:01
**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jul 14 '17 at 21:01
Use `$_SESSION` if you just want to keep variables around from page to page. — Jay Blanchard, Jul 14 '17 at 21:02
Whatever you do, do not go live with this code unless you have a desire for your website to be hacked. — Jay Blanchard, Jul 14 '17 at 21:10
ok. I am just new to learning php as I have only been using it for 1 or 2 months — daniel mcgregor, Jul 14 '17 at 21:15

Tajgeer · Answer 1 · 2017-07-14T21:08:11.443

1

Take a look at sessions which will allow you to pass variables between requests (and that means between "files" too).

For example:

process.php:

<?php
session_start(); // very important - you need to start session!

// do something on database

// assign something to session variable
$_SESSION['data'] = $something;

header('Location: user_details.php');
?>

user_details.php:

<?php
session_start(); // like before

// get variable from session
$data = $_SESSION['data'];

// do something with $data
?>

Here you can find more about it.

edited Jul 14 '17 at 21:08

answered Jul 14 '17 at 21:02

Tajgeer

408
2
8

While these links may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. A ***good answer*** will always have an explanation of what was done and why it was done in such a manner, not only for the OP but for future visitors to SO. – Jay Blanchard Jul 14 '17 at 21:03
it says undefined index in data for user_details.php when I run the scripts. – daniel mcgregor Jul 14 '17 at 21:13
it works now. I just needed to change the variable name in user_details.php – daniel mcgregor Jul 14 '17 at 21:14

Is there anyway to include certain variables from one php file and receive them in another file?

1 Answers1