0

In one of my php files, DataBase.php, I have a function called logIn where I set $_SESSION[‘username’].

I have another php file, api.php, where I would like to use the same $_SESSION[‘username’].

How do I call $_SESSION[‘username’] from the logIn function in DataBase.php to use it in api.php?

user15166054
  • 1
  • 1
  • you need to start session on another page in order to access session variables you can start session using : session_start(); – Hritik R Feb 08 '21 at 05:20
  • 2
    on every file where you want to use `S_SESSION` put `session_start();` on top of that file – Alive to die - Anant Feb 08 '21 at 05:29
  • Hi - thanks for you comments. So in every file that I have `session_start();`, I can call these variables? For example, in the *DataBase.php* file, I have `session_start()` and `$_SESSION[‘username’] = “Bob”`. Does this mean in the *api.php* file, if I have `session_start()`, and I call `$_SESSION[‘username’]`, it will refer to `Bob`? – user15166054 Feb 08 '21 at 05:39

1 Answers1

0

This is just typical Cookie usage.

In DataBase.php,

session_start();
$_SESSION[‘username’] = 'Hasselhoff';

Then to use the 'username' cookie, in any other php file just run session_start() again and that will be available there.

In OtherFile.php,

session_start();
echo $_SESSION[‘username’];

Edit: Using this in a sql query:

$userSelected =  $_SESSION[‘username’];
$sql = mysqli_query($conn, "SELECT product_id, price FROM products WHERE username = '$userSelected'");
$results= $sql ->fetch_assoc();

This is basic attempt which is open to vulnerability. Do read on prevention of sql injection here to make your code safer and protected from php sql injection:

How can I prevent SQL injection in PHP?

GeneCode
  • 7,545
  • 8
  • 50
  • 85
  • Thanks for the answer! Quick question: how would I use this variable with an SQL query? I currently have `SELECT product_id, price FROM products`. I’d like to use `$_SESSION[‘username’]` so that I can have this: `SELECT product_id, price FROM products WHERE username = $username` Where `$username` is `$_SESSION[‘username’]` – user15166054 Feb 08 '21 at 05:54
  • Thanks. I’ve just tried this but it doesn’t seem to work. `SELECT product_id, price FROM products` successfully gives me a list of all the items but when I try `"SELECT product_id, price FROM products WHERE username = '$username'"` it does not return anything. I have also tested it with `"SELECT product_id, price FROM products WHERE username = 'Bob'"` just to see if it filters out any products which has username ‘Bob’ and it does. – user15166054 Feb 08 '21 at 06:09
  • If you copied my code you should use `WHERE username = '$userSelected'` – GeneCode Feb 09 '21 at 08:22
  • I currently have this: `session_start(); $username = $_SESSION['username']; $sql = "SELECT transaction_id, price FROM transactions WHERE username = '$username'"; $stmt = $conn->prepare($sql); $stmt->execute();` – user15166054 Feb 09 '21 at 15:56
  • I don't think I am setting `$_SESSION['username'] = $username;` correctly. In my *DataBase.php* file, I have a function for *logIn*: `function logIn($table, $username, $password)`. In this, I set `$_SESSION['username'] = $username;`. At the top of the file, outside the function, I have `session_start()`. – user15166054 Feb 09 '21 at 16:00
  • if you have a function, then you need to check whether the function has been called or not before moving to api.php. This involves an understanding of the program FLOW. You should check $sql string content, using `echo $sql;` in the DataBase.php. If it says `...WHERE username = ''` then it means the cookie username was never set, probably the login function was never called or other reasons. – GeneCode Feb 10 '21 at 09:46