0

what my code does now is its posting the session in the database and everytime I refresh this page it keeps posting the same session again and again. I don't get why? The solution is probably a simple one but I tried everything. Hope to get some help.

<?php
session_start();


require '../../required/connection.php';
require '../../required/functions.php';

if (!isset($_SESSION['alive']))
{
    $id = $_GET['trxid'];
    $_SESSION['alive'] = uniqid();
    $currentSession = $_SESSION['alive'];
    $checkQuery = "SELECT token FROM request_data WHERE token='$currentSession'";
    $checkResult = mysqli_query($con, $checkQuery);
    $row = mysqli_num_rows($checkResult);
    if($row < 1)
    {
        $firstQuery = "INSERT INTO request_data (token, link) VALUES ('$currentSession', '$id')";
        $firstResult = mysqli_query($con, $firstQuery);
    }

}
Henk
  • 11
  • 1
  • Please note that this code is vulnerable to [SQL injection](https://stackoverflow.com/questions/601300/what-is-sql-injection), since you're getting the raw trxid from the query and aren't escaping it. You should use [prepared statements](https://stackoverflow.com/a/24989031/886926). – Erik Terwan Apr 29 '20 at 09:05
  • @ErikTerwan Yes I know normally I use prepared statements. I just want to know this so I can go on this was just a simple problem for myself – Henk Apr 29 '20 at 09:06
  • What do you get if you do a var_dump of $_SESSION between the require lines and the if block? – SpacePhoenix Apr 29 '20 at 09:26

1 Answers1

0

I think that something went wrong in your connection.php or functions.php. Is it also possible that you have server errors that lead to this behavior? Further it could be that you have modified the configurations of sessions in the php.ini (for example the lifetime)?

The following example is based on your code and works on the page phpfiddle.org

<?php
session_start();

// just for testing - you can comment it in and out
//$_SESSION['alive'] = null;

if (!isset($_SESSION['alive'])) {
    echo 'FALSE; <br/>';
    $_SESSION['alive'] = uniqid();
    echo 'AFTER = "'. $_SESSION['alive'] . '"'; 
} else {
    echo 'TRUE = "'. $_SESSION['alive'] . '"'; 
}
?>
UfguFugullu
  • 2,107
  • 13
  • 18