Problem Running Sessions

Question

macrogeek 0 Newbie Poster

12 Years Ago

Hello everyone...!!!!
I am new to PHP and have problems using $_SESSIONS , the SESSION variables which I set in one file are not recognised in scripts stored in other Files...I get the error :Undefined index 'XYZ' for any arbitrary variable $_SESSION...Anyone having idea to resolve this issue....Following is the code in index file that directs to another file 'processor.php'

<?php
    session_start();
    
    //Database Login Information
    $_SESSION['host'] = "localhost";
    $_SESSION['user'] = "root";
    $_SESSION['pass'] = "";
    $_SESSION['name'] = "guestbook";
    ?>

Code for the file in which I use these variables is

<?php

session_start();

$connection = mysql_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass'],$_SESSION['name']) or die (mysql_error());

mysql_select_db ($_SESSION['name']) or die(mysql_error());

$query = "INSERT INTO entries (ID, Name, Comment, Email) VALUES (NULL, '{$_POST['name']}', '{$_POST['comment']}', '{$_POST['email']}');";

mysql_query ($query) or die (mysql_error());

mysql_close($connection);

header ("Location: http://localhost/guestbook");

?>

P.S. Any help would be greatly appreciated..:-)

php

2 Contributors
1 Reply
231 Views
6 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by weekendrockstar

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

weekendrockstar 12 Junior Poster in Training · Answer 1 · 2012-03-13T22:43:29+00:00

I think it might be better to specify these things within the script themselves as far as database login information goes. No need to pass that as SESSION information. Especially if you want more than just the guestbook because if they go to another form which saves info to the database and the SESSION 'name' value hasn't changed then the information would just be saved into the table defined by the $SESSION value. I find it best to state the database credentials within the script. Then if your scripts use different tables that are all in the same database then you only have to specify the table you want to use in different scripts as the database itself is already defined up to the tables.

Now if this is your full code for both files I can see a problem...There is no way for the second script to know what is located in the first so I would suggest the following (if you do want to do this in two different files):

connection.php (just an example name_

<?php
$_SESSION['host'] = "localhost";
$_SESSION['user'] = "root";
$_SESSION['pass'] = "";
$_SESSION['name'] = "guestbook";
?>

There is no need to declare session_start() in this file because the second file which will use this file already starts the session for use.

guestbook.php (again, just an example name)

<?php
session_start();
include 'connection.php';

// the rest of your script's code

By specifying the first file for inclusion the second script can now use the information contained in the first. Because there is no inclusion in your original script the second script didn't have 'access' to the variables that you had set and the SESSION wasn't created.

Now there could be something beyond this but I figured it's a start. And again, in connection.php I would probably just specify like $host = "localhost", etc.. for username, password and the name of the database. So that in each script where you save info to the database you do not have to run $connection on every page. You can cut straight to the actual query where you specify the table you want to perform your query upon.

Also it is a bad idea because if anyone manages to get a hold of a session file (this can happen if you write any code to allow downloads and you do not write code to prevent them from specifically downloading session files from the server) you actually are giving away your credentials to the database. Very insecure.

And also make sure that you 'sanitize'/filter all incoming input from forms before entering them into the database. To help guard against users entering malicious code either on purpose or by accident. http://www.w3schools.com/php/php_filter.asp This is one example of a filter but you can find others online which can check that users submitted the correct type of data for a field and/or that there is no malicious code that can be run after it is saved to your database.