fidolas

Question

fidolas7 0 Newbie Poster

13 Years Ago

i just store session in my register page for use it in different files when someone get registration but i dont know y in other pages when i try to call my session,i get error that the variable are undefined.
my code at register.php

<?php

$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("registration", $con);
function protect($value){
$value=mysql_real_escape_string($value); 
$value=stripslashes($value);
$value=strip_tags($value);
}
$action=$_GET['act'];
protect($action);
if (!$action){
echo "<strong>you are required to fill all field</strong>";
}
if ($action=="register"){
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$email=$_POST['email'];
$password=$_POST['password'];
$r_password=$_POST['r_password'];
$gender=$_POST['gender'];
$birthday='$year&$month&$day';
$MM_redirectRegisterSuccess = "signup.php";
protect($firstname);
protect($lastname);
protect($email);
protect($password);
protect($r_password);
protect($gender);
protect($birthday);
if( isset($firstname) && isset($lastname) && isset($email) && isset($password) && isset($r_password) && isset($gender) && isset($birthday)){ 
if($gender=='Select Gender'){
echo"select your gender";}
else{
if(strlen($firstname)<2 || strlen($firstname)>64){
echo"firstname either too short or too long!";}
else{  
if(strlen($lastname)<2 || strlen($lastname)>64){
echo"lastname either too short or too long!";}
else{  
if(strlen($password)<3 || strlen($password)>30){
echo"password either too short or too long!";}
else{  
if(strlen($email)<5 || strlen($email)>125){
echo"email either too short or too long!";}
 else {
  if( !preg_match( "/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $email)) { 
  echo "The e-mail you entered was not in the proper format!";}
else{
 if ($password!=$r_password){
 echo"your password do not matched!";}
 else{
 if(!isset($gender)){
 echo "select your gender!";}
 else{
 if(!isset($birthday)){
 echo "select your birthday!";}
 else{
 $sql="SELECT * FROM signup WHERE email='$email'";
 $result=mysql_query($sql) or die (mysql_error());
 if (mysql_fetch_array($result)>0){
 echo "this email already exists!";}
 else{
 if(!$_POST['firstname'] || !$_POST['lastname'] || !$_POST['email'] || !$_POST['password'] || !$_POST['r_password'] || !$_POST['gender'] || !$_POST['birthday'] ){
  echo "You didn't fill in all required field!";}
else{
$sql="INSERT INTO signup (firstname,lastname,email,password,r_password,gender,birthday)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[email]','$_POST[password]','$_POST[r_password]','$_POST[gender]','$_POST[birthday]')";
?>
<?php 
session_start();
$_SESSION['firstname']='$firstname';
$_SESSION['lastname']='$lastname';
$_SESSION['email']='$email';
$_SESSION['gender']='$gender';
$_SESSION['birthday']='$birthday';
?>
<?php
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }else{
header("Location: ". $MM_redirectRegisterSuccess ); 
}

                                       }
                                   }
                               }
                          }
                      }
                 }
             }
         }
     }
   }
 }
}
} 
mysql_close($con)
?>

i try to call my session in signup.php but i got error!please if i have mistake in my session code just correct me!
home.php page
code here under

<?php 
session_start();
echo "welcome".$_SESSION['firstname']." ".$_SESSION['lastname'];
 session_unset();
 session_destroy();

?>

php

Edited 13 Years Ago by Ezzaral because: Added code tags. Please use them to format any code that you post.

2 Contributors
1 Reply
95 Views
17 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by tcatt

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

tcatt 0 Newbie Poster · Answer 1 · 2011-03-26T03:02:36+00:00

Your most serious issue here is that your function for cleaning user input isn't accomplishing anything as you're not calling it in a manner that requests or returns any value. This is the first thing you need to fix because you're wide open to an injection attack.

function protect($value)
{
  if(get_magic_quotes_gpc())
  { $value = stripslashes($value); }
  
  return mysql_real_escape_string(strip_tags($value));
}

$firstname = protect($_POST["firstname"]);

As far as your session values, I think your issue is that you're surrounding your variables with single quotes. Anything surrounded by single quotes will is literal, PHP will not interpret the variable value.

// don't do this
$_SESSION['index'] = '$value';

// do this
$_SESSION['index'] = $value;

// or this
$_SESSION['index'] = "This is a $value";

// or even this
$_SESSION['index'] = "This is a {$value} too";