开发者

PHP Session Variables - At Wit's End

问答 作者:

I'm just getting in to MySQL and PHP--and I'm just trying to create a simple login system for a project we're testing. I've connected and created the login logic just fine, but now I can't for the life of me get the session variables to carry over to the new pages. Could someone please show me the correct way to do this?

Here is my login script--which is activated by submitting a form:

<?php 
session_start();

$link = mysql_connect('xxxxxxx.ipowermysql.com', 'xxxxxx', 'xxxxxx'); 
if (!$link) { 
    die('Could not connect: ' . mysql_error()); 
} 

mysql_select_db(austinhabich_IC_20090511_174535) or die(msql_error());

$email=$_POST['email']; 
$password=$_POST['passw开发者_如何学运维ord'];

$sql="SELECT * FROM player WHERE email='$email' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

$_SESSION['status'] = "1";      

header("location: main.php");
}
else {
echo "Wrong Username or Password";
}
?>

And here is the page it redirects to:

 <?php session_start(); ?>
 ...doctype stuff...

 <html
 xmlns="http://www.w3.org/1999/xhtml">
 <head> <meta http-equiv="Content-Type"
 content="text/html; charset=utf-8" />
 <title>Untitled Document</title>
 </head>

 <body> 

 <?
 echo $_SESSION['status'];

 ?> </body> </html>

In this case, I'm just trying to even get the session variable to register, so I'm testing by attempting to print the variable's data. I've been trying to use isset and have it redirect back to the login page. The redirect worked, but it happened every time since the session variable is not registering.

PHP Verion is 5.2.12

On a quick glance, three things:

  • You seem to be missing session_start() in the first script.

  • You would get "Wrong username" if the account exists twice or more in the table, which can sometimes happen while testing.

  • You should die() after doing a header() redirect.

  • austinhabich_IC_20090511_174535 needs to be put into quotes.

  • session_start(); needs to be called in the head of the script, before any HTML is output.

  • Your SQL statements are vulnerable to SQL injection. Incoming data should urgently be sanitized using mysql_real_escape_string before used in a query

继续阅读:authenticationphpscriptingsessionvariables

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9