Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts

    mysql session not working

    So basically i want to store session id(); as a text string in table sessions,
    my sql syntax, then get the id from the table user and store it in table sessions.
    So far it has been unsuccessful in storing both in db as a txt value.

    Code:
    CREATE TABLE IF NOT EXISTS `sessions` (
      `session_id` int(11) NOT NULL,
      `user_id` int(11) NOT NULL,
      UNIQUE KEY `session_id` (`session_id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
    systemLOGIN.php
    PHP Code:
    <?php 
    session_start
    ();
    ?>
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <LINK href="includes/css/style.css" rel="stylesheet" type="text/css">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Login</title>
    </head>
    <body>
    <?php include('header.php');
    include(
    "dbsettings.php");  
    mysql_connect("$host""$username""$password")or die("cannot connect");   
    mysql_select_db("$db_name")or die("cannot select DB");  
       
    $username mysql_real_escape_string($_POST['username']);  
    $password md5(mysql_real_escape_string($_POST['password']));  

    $sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";  
    $result=mysql_query($sql);  

    $sessidsession_id();

    if(
    $row mysql_fetch_array($result)) {

           
    $user_id$row['id']; 
    }
    // do the check  
    if($result)  
    {  
        if(
    mysql_num_rows($result) == 1)  
        {  
    mysql_query("INSERT INTO sessions (sessionid, user_id) 
    VALUES ('$sessid', '$user_id')"
    );
     echo 
    '<META HTTP-EQUIV="Refresh" Content="4; URL=account.php">'
     
                exit();  
                        
        }  
        else  
        {  
          echo 
    "Wrong username/password.";  
        }  
    }  
    else  
    {  
        echo 
    "The query is not true.";  
    }  
    ?>

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,211
    Thanks
    80
    Thanked 4,571 Times in 4,535 Posts
    I would love to ask *WHY* you are doing this, instead of letting PHP handle all the session work for you, but I'll restrain myself.

    WHERE is your DEBUG code????

    Just for starters:
    Code:
        $sql = "INSERT INTO sessions (sessionid, user_id) 
    VALUES ('$sessid', '$user_id')"; 
        echo "<hr>debug sql: " . $sql . "<hr>\n";
        mysql_query( $sql ) or die("Insert into sessions failed");
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #3
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,211
    Thanks
    80
    Thanked 4,571 Times in 4,535 Posts
    Ahh...but also might read the docs.
    http://www.php.net/manual/en/function.mysql-query.php
    For SELECT ... other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error.
    You are doing
    Code:
    if($result)  
    {
    but $result will *NOT* be TRUE if the query succeeded.

    Why not simplify the code, anyway:
    Code:
    $sql="SELECT id FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";  
    $result=mysql_query($sql);  
    if(mysql_num_rows($result) == 1)  
    {
        $row = mysql_fetch_array($result);
        $user_id= $row['id']; 
        $sessid= session_id();
        $sql = "INSERT INTO sessions (sessionid, user_id) VALUES ('$sessid', '$user_id')"; 
        echo "<hr>debug sql: " . $sql . "<hr>\n";
        mysql_query( $sql ) or die("Insert into sessions failed");
        echo '<META HTTP-EQUIV="Refresh" Content="4; URL=account.php">'; 
        exit();  
    } /* exit means STOP NOW...no need for else! */
    echo "Wrong username/password.";  
    ?>
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,211
    Thanks
    80
    Thanked 4,571 Times in 4,535 Posts
    I should note that I don't use PHP, so I'm just reading the docs and seeing that stuff about resource on success vs. FALSE on failure. Seems weird to me. I would have expected a null value on failure, since the opposite of FALSE isn't a resource. But that's me.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #5
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts
    I originally tried php sessions, but I ran into a problem, which was the variables were not being destroyed, so that posed a security risk.

    New Code
    PHP Code:
    <?php 
    session_start
    ();
    ?>
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <LINK href="includes/css/style.css" rel="stylesheet" type="text/css">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Login</title>
    </head>
    <body>
    <?php include('header.php');
    include(
    "dbsettings.php");  
    mysql_connect("$host""$username""$password")or die("cannot connect");   
    mysql_select_db("$db_name")or die("cannot select DB");  
       
    $username mysql_real_escape_string($_POST['username']);  
    $password md5(mysql_real_escape_string($_POST['password']));  


    $sql="SELECT id FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";  
    $result=mysql_query($sql);  
    if(
    mysql_num_rows($result) == 1)  
    {
        
    $row mysql_fetch_array($result);
        
    $user_id$row['id']; 
        
    $sessidsession_id();
        
    $sql "INSERT INTO sessions (sessionid, user_id) VALUES ('$sessid', '$user_id')"
        echo 
    "<hr>debug sql: " $sql "<hr>\n";
        
    mysql_query$sql ) or die("Insert into sessions failed");
        echo 
    '<META HTTP-EQUIV="Refresh" Content="4; URL=account.php">'
        exit();  
    /* exit means STOP NOW...no need for else! */
    echo "Wrong username/password.";  




    ?>
    <div id="loginsuccess">
    <div class="cntr">
    Please be Patient, we are logging you in. <br />
    <img src="includes/image/ajax-loader.gif" alt="ajax-loader.gif" width="43" height="11" />
    </div>
    </div>
    </body>
    </html>
    Upon execution....
    debug sql: INSERT INTO sessions (sessionid, user_id) VALUES ('11278306497fbe7c755cfa04f5d4be4e', '31')
    Insert into sessions failed

  • #6
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,211
    Thanks
    80
    Thanked 4,571 Times in 4,535 Posts
    Did you try executing that query from a MySQL admin program, *not* from PHP? To try to get a descriptive error message?

    So what is the schema of your SESSIONS table?

    In particular, what is the data type of sessionid?

    Looks to me like it needs to be VARCHAR(32) or greater. I'd just use VARCHAR(200) or something like that. No reason not to.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #7
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,211
    Thanks
    80
    Thanked 4,571 Times in 4,535 Posts
    And as I said, I don't use PHP. But I would be *ENORMOUSLY* surprised if you weren't doing something wrong re destroying session variables when they are no longer needed. They work for literally *MILLIONS* of users on hundreds of thousands of sites. Why would your site be uniquely wrong?
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #8
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts
    I know it's probably something I am doing wrong, but believe using mysql based sessions could work. I used phpmyadmin, and I put in the $sql
    and it worked, so I am guessing it maybe a problem with the php code

  • #9
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Code:
    CREATE TABLE IF NOT EXISTS `sessions` (
      `session_id` varchar(200) NOT NULL,
      `user_id` varchar(200) NOT NULL,
      UNIQUE KEY `session_id` (`session_id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1;


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •