6 Replies - 525 Views - Last Post: 09 December 2011 - 03:33 PM Rate Topic: -----

#1 Btu  Icon User is offline

  • D.I.C Regular

Reputation: 36
  • View blog
  • Posts: 250
  • Joined: 16-May 11

getting PHP variable from script

Posted 09 December 2011 - 12:29 PM

Hey guys,

This shouldn't be too hard. I have a login page, when the user click submit it checks the login success:

<?php
ob_start();
$host="db";
$username="username";
$password="password";
$db_name="mydb";
$tbl_name="table";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);


$count=mysql_num_rows($result);

if($count==1){
session_register("myusername");
session_register("mypassword");
header("location:main.php");
echo "<h2>Welcome " . $sql['id'] . "</h2>";   // I want to use the contents of this var in main.php 
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>


Upon login success it redirects to main.php

In main.php I want to read $sql['id'].

How do I go about doing this?

Is This A Good Question/Topic? 0
  • +

Replies To: getting PHP variable from script

#2 Duckington  Icon User is offline

  • D.I.C Addict

Reputation: 170
  • View blog
  • Posts: 608
  • Joined: 12-October 09

Re: getting PHP variable from script

Posted 09 December 2011 - 01:01 PM

Either send it in the URL querystring:

header('location:main.php?id='.$sql['id']);



And then access it via the GET or REQUEST arrays on main.php:

$id = $_GET['id'];



Or set it in a session variable:

But I feel I shold point out that your $sql variable is a string with the value: "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'". It's not an array, so $sql['id'] won't return anything.

I assume what you are trying to do is return the `id` field from the table you are querying?

In which case do something like:

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$user = mysql_fetch_assoc($result);
$userid = $user['id']; // This would be the id you are after


Was This Post Helpful? 1
  • +
  • -

#3 Btu  Icon User is offline

  • D.I.C Regular

Reputation: 36
  • View blog
  • Posts: 250
  • Joined: 16-May 11

Re: getting PHP variable from script

Posted 09 December 2011 - 01:14 PM

Thank you for the response. That is what I was looking for.
One last question: main.php only contains:

<?
session_start();
if(!session_is_registered(myusername)){
header("location:http://www.mysite.com/");
}
?>


The rest is css/javascript and html. Is there a way to use js/jquery to get that variable? Maybe with $.get?
or do I put it in after the header location?

All I want to do is say "Welcome: (user)"
Was This Post Helpful? 0
  • +
  • -

#4 Duckington  Icon User is offline

  • D.I.C Addict

Reputation: 170
  • View blog
  • Posts: 608
  • Joined: 12-October 09

Re: getting PHP variable from script

Posted 09 December 2011 - 02:27 PM

Well assuming you are passing a userid in the URL, like: main.php?id=1

You could just do something like:

// Session bit here
$userid = mysql_real_escape_string($_GET['id']);
$query = mysql_query("SELECT username FROM users WHERE id = '$userid' LIMIT 1");
$user = mysql_fetch_assoc($query);
echo "Welcome " . $user['username'];



But honestly if you were going to go down that route, there would be no point passing it in the URL, you should just use a session. To be honest, I'm not sure why you'd want to go to the trouble of creating a php session, only to then rely on passing the id through the URL, as anyone could type any old userid into the URL, it doesn't mean anything.


You could use javascript to get the variable from the URL, but you wouldn't be able to do anything with it other than print it out really. If you wanted to go and get the relevant username for that userid, you'd still have to use PHP.

Though if you passed the username in the URL: main.php?username=test

You could easily print that out, but that would have nothing to do with any valid PHP session, it would literally just be printing out whatever the user puts into the URL like that.


Also, I should probably mention that using session_is_registered, session_register, etc... are depreciated functions, so you shouldn't rely on them. Another way to do that would be:

Assign a session variable:
session_start();
// Stuff here
$_SESSION['myusername'] = $somevalue;



Check if session variable is set:
session_start();
if(!isset($_SESSION['myusername'])){
header('location:buggeroff.php');
exit;
}


This post has been edited by Duckington: 09 December 2011 - 02:29 PM

Was This Post Helpful? 1
  • +
  • -

#5 BetaWar  Icon User is offline

  • #include "soul.h"
  • member icon

Reputation: 1170
  • View blog
  • Posts: 7,219
  • Joined: 07-September 06

Re: getting PHP variable from script

Posted 09 December 2011 - 02:42 PM

I am just going to go ahead and bring up some security issues with passing user's ids around in the URL and then using them.

First, people can easily change that. "Oh, I am user 5133476, I wonder what user 1 can do that I can't..."

Instead of passing the user id around in the URL a more secure (though still inadequate) way of passing the user id around your pages is to use a session variable or cookie:
// to open a session, or retrieve a previously started one
session_start();

// set session variables
$_SESSION['id'] = $sql['id'];

// save a session
session_write_close();



Cookies:
// set cookie value
setcookie("TestCookie", $value);

// get cookie value
$_COOKIE['TestCookie'];



However, these can be modified by users if they care to do so.

Therefore, the approach that I personally use is to store a special hash in a session/ cookie variable that corresponds to a row in a database table that holds the user id associated with that login.

For instance:
users table:
+----------+----+-----+
|Username  |id  |...  |
+----------+----+-----+



sessions table:
+-----------+------------+--------------------------------------+
|session_id | user_id    | session_hash                         |
+-----------+------------+--------------------------------------+



Then, when a user views a page they have a session hash stored in a cookie or their session variables. That session hash is used to look up the user_id from the sessions table, and then you have the user id.

Hope that makes sense.
Was This Post Helpful? 2
  • +
  • -

#6 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3040
  • View blog
  • Posts: 10,619
  • Joined: 08-August 08

Re: getting PHP variable from script

Posted 09 December 2011 - 03:16 PM

View PostBtu, on 09 December 2011 - 04:14 PM, said:

<?
session_start();
if(!session_is_registered(myusername)){
header("location:http://www.mysite.com/");
}
?>


The rest is css/javascript and html. Is there a way to use js/jquery to get that variable? Maybe with $.get?

Look at what's happening here.
  • Browser connects to your site. (HTTP traffic)
  • Your script is started.
  • Your script determines that no session has previously been set under an undefined username (problem 1)
  • Your script sends a message to the browser to redirect it back to your site (More HTTP traffic problem 2)
  • Browser connects to your site (More HTTP traffic problem 2 again)
  • Go to step 2. (Infinite loop problem 3)

Problem 2 and 3 could be avoided with an include instead of a redirect.
Was This Post Helpful? 1
  • +
  • -

#7 Btu  Icon User is offline

  • D.I.C Regular

Reputation: 36
  • View blog
  • Posts: 250
  • Joined: 16-May 11

Re: getting PHP variable from script

Posted 09 December 2011 - 03:33 PM

Thanks for pointing that out.
I'm quite new to PHP so I have to learn all this the hard way.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1