$_SESSION not working [PHP]

Question

I'm aware that there are many similar questions, I have tried many of them but still doesn't work.

here's my createAccount.php

<?php
session_start();
include("createAccount.html");
if(isset($_POST["createAccount"])) {
    include("Database.php");
    $username = $_POST["username"];
    $email = $_POST["email"];
    $password = $_POST["password"];

    echo $password;
    echo $username;

    $createAccount = "INSERT INTO users" . "(username, email, password)" . "VALUES('$username', '$email', '$password')";

    $checkUsername = "SELECT username FROM users WHERE username='$username'";
    $checkEmail = "SELECT email FROM users WHERE email='$email'";

    $result = $connected->query($checkUsername);
    $emailResults = $connected->query($checkEmail);
    if($result->num_rows == 0) {
        if($emailResults->num_rows==0){
            $connected->query($createAccount);
            //echo "Account Created";
        } else {
            //echo "Email in use";
            $emailInUse = "Email already in use";
            $_SESSION["emailInUse"] = $emailInUse;
        }
    } else {
        echo //"Username already exists";
        $accountExists = "Username already exists";
        $_SESSION["accountExists"] = $accountExists;
    }
}
?>

and here the test.php (to test is sessions are working)

<?php
session_start();

echo $_SESSION["accountExists"];
echo $_SESSION["emailInUse"];
?>

I'm trying to echo out the contents of the variables $accountExists and $emailInUse so that this is the result: Username already exists Email already in Use

However I'm getting an undefined index error.

*"However I'm getting an undefined index error."* - What is the *exact/full* error? — Funk Forty Niner, Nov 18 '17 at 15:02
**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Nov 18 '17 at 15:02
**Danger**: "Not hashing at all" is [an unsuitable hashing algorithm](http://php.net/manual/en/faq.passwords.php); you need to [take better care](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) of your users' passwords. — Quentin, Nov 18 '17 at 15:03
you don't need that many queries for the SELECT, you can do it in one. — Funk Forty Niner, Nov 18 '17 at 15:03
Have you confirmed the values are being set in the first script before you try to read them in the second script? — Quentin, Nov 18 '17 at 15:04
@Quentin not completely finished, I want to get the "skeleton" of the login/sign up form done first. I already am fully aware of hashing and everything. — ony, Nov 18 '17 at 15:05
@Quentin what do you mean by values are being set? I just assigned them to variables — ony, Nov 18 '17 at 15:05
@ony — "I just assigned them to variables" … inside `if` statements, with no sign of any debugging code to ensure that those `if` statements were entered. — Quentin, Nov 18 '17 at 15:06
You want something like `isset($_POST['username'])` and also perhaps a regex to check that username is something reasonable — Ed Heal, Nov 18 '17 at 15:07
@Quentin really really new to programming, what do you mean by ensuring that if statements are entered, how do I fix this issue? I've been learning php from codeacademy and W3 Schools, so yeah... not the best resources apparently. — ony, Nov 18 '17 at 15:10
@EdHeal I've just started doing the validation now (hence this whole email already exists thing) but by doing 'isset($_POST['username'])` what will I accomplish, I just want those variables accessible on another page. The username is fine. — ony, Nov 18 '17 at 15:13
People have been known to create requests without using your form. — Ed Heal, Nov 18 '17 at 15:15
@Ed Heal Yh, just realised, I moved the `echo $_SESSION["accountExists"]; echo $_SESSION["emailInUse"];` on the very top of the page underneath session_start() so that the form doesn't even need to be submitted, hoewever still no difference — ony, Nov 18 '17 at 15:19

H. Sodi · Accepted Answer · 2017-11-18T15:17:16.660

-1

Problem

The variables $_SESSION["accountExists"] and $_SESSION["emailInUse"] are initialized only when the $result->num_rows == 0 condition is true. That means the variable will not be initialized if the email and account you gave does't exist. In that case if you see the test.php it will give error as the session variables use doesn't exist.

Solution

Declare the variables outside the loop and initialize them with a particular string that denotes that the "already exist" issue hasn't occured

Code snippet

$_SESSION["emailInUse"] = "False";
$_SESSION["accountExists"] = "False";
if($result->num_rows == 0) {
    if($emailResults->num_rows==0){
        $connected->query($createAccount);
        //echo "Account Create    
    } else {
            $_SESSION["emailInUse"] = "True"; //or the message string
        }
    } else {
        $_SESSION["accountExists"] = "True"; //or the message string
}

Then you can do verification as follows

<?php
    session_start();

    if($_SESSION["emailInUse"] == "True") {
        /take action
        echo "Sorry, this email is already in use";
    }

    if($_SESSION["accountExists"] == "True") {
        /take action
        echo "Sorry, this account is already exit";
    }   
?>

Hope this helps ;)

edited Nov 18 '17 at 15:17

answered Nov 18 '17 at 15:10

H. Sodi

540
2
9

Why do you have false and true in quotes? – Ed Heal Nov 18 '17 at 15:12
Because they are not boolean values, just any string. It could be anything, just you should know what values corresponds to what (whether the "already exist" issue has occured). Let me edit the answer, maybe then it will be more deserving an upvote then :-p – H. Sodi Nov 18 '17 at 15:15
2

Why use strings when booleans are more appropriate; – Ed Heal Nov 18 '17 at 15:16
Should use `===` not `==` – Ed Heal Nov 18 '17 at 15:18
From question I assumed the person wants to store the message in the session variable if the email or account exists, that's why, to keep it simple to understand and change according to his/her need. @Ed Heal – H. Sodi Nov 18 '17 at 15:18

$_SESSION not working [PHP]

1 Answers1