|  | session handling | | |
| | | lak |  |
|  Posted: Fri Aug 29, 2008 1:14 pm Post subject: session handling |  |
I want to study about the Session handling in PHP. I don't know where
to start. So please suggest me some way. |
| |
| | | Jerry Stuckle | |
| | Posted: Fri Aug 29, 2008 4:11 pm Post subject: Re: session handling | |
lak wrote:
| Quote: | I want to study about the Session handling in PHP. I don't know where
to start. So please suggest me some way.
|
I'm not sure what you're looking for. Basic session handing is quite
simple - at the start of any page which uses sessions call
session_start(), before ANY output is sent to the browser. After that,
just set values in the $_SESSION[] array and later retrieve them from
the $_SESSION[] array. PHP handles the rest.
Of course, if you want to get into custom session handlers, that gets a
bit more complicated.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
================== |
| |
| | | Twayne | |
| | Posted: Fri Aug 29, 2008 7:37 pm Post subject: Re: session handling | |
| Quote: | I want to study about the Session handling in PHP. I don't know where
to start. So please suggest me some way.
|
If you haven't discovered it yet, phonet is one of the best resurces
around for anything to do with PHP et al. Try LINK
for one, and then there is a lot of info at w3schools too.
If you become familiar with those sites you'll have a wealth of
startup information and more available to you.
HTH |
| |
| | | Twayne | |
| | Posted: Fri Aug 29, 2008 7:40 pm Post subject: Re: session handling | |
| Quote: | lak wrote:
I want to study about the Session handling in PHP. I don't know where
to start. So please suggest me some way.
I'm not sure what you're looking for. Basic session handing is quite
simple - at the start of any page which uses sessions call
session_start(), before ANY output is sent to the browser. After
that, just set values in the $_SESSION[] array and later retrieve
them from the $_SESSION[] array. PHP handles the rest.
Of course, if you want to get into custom session handlers, that gets
a bit more complicated.
|
But J, it's not very simple to a beginniner. In fact, just the phrase
"before any output is sent to the browser" can create some lengthy
conversations for those who don't yet have experience in that area.
Even Hello World programs take a certain amount of introduction for
newbies to PHP.
Why is it you chose to not respond to his question but instead made
vague generalized statements?
I'm curious.
Twayne |
| |
| | | Thiago Macedo | |
| | Posted: Fri Aug 29, 2008 9:05 pm Post subject: Re: session handling | |
On Aug 29, 10:14 am, lak <lakindi...@gmail.com> wrote:
| Quote: | I want to study about the Session handling in PHP. I don't know where
to start. So please suggest me some way.
|
LINK |
| |
| | | Gilles Ganault | |
| | Posted: Mon Sep 01, 2008 7:03 pm Post subject: Re: session handling | |
| |  | |
On Fri, 29 Aug 2008 06:14:06 -0700 (PDT), lak <lakindia89@gmail.com>
wrote:
| Quote: | I want to study about the Session handling in PHP. I don't know where
to start. So please suggest me some way.
|
I'm a PHP newbie like you, but here's some working code to give you an
idea:
Add this to every page that is off-limit to non-authorized users:
<? // Has a session already been created? If not, create new one
if($PHPSESSID)
session_start($PHPSESSID);
else
session_start();
?>
Here's how to manipulate data that are part of a session:
<? session_register("email"); ?>
<? $email="me@acme.com"; ?>
<? echo $email; ?>
<? session_unregister("email"); ?>
<? session_destroy(); ?>
Here's how to extract information form a session table:
$sql = "select user_id,status,date_created from session where
id='" . $PHPSESSID . "'";
$result = @mysql_query($sql) or
die('Query failed: ' . mysql_error());
$row = mysql_fetch_row($result);
echo "user_id = " . $row[0] . "<p>";
echo "status = " . $row[1] . "<p>";
echo "date_created = " . $row[2] . "<p>";
If most data are common to all users, a smarter way is to keep
user-specific data in sessions, but keep
common data in a cache (APC, MemCacheD, etc.):
session_start();
if(isset($_SESSION['myprivatevalue'])) {
print $_SESSION['myprivatevalue'] . "<p>\n";
} else {
$_SESSION['myprivatevalue'] = "verysecret";
}
//apc_add('scooby-doo', 'daphne');
print "Scooby-do=" . apc_fetch('scooby-doo');
//apc_delete('scooby-doo');
LINK
HTH, |
| |
| | | Michael Fesser | |
| | Posted: Mon Sep 01, 2008 7:59 pm Post subject: Re: session handling | |
| | | |
..oO(Gilles Ganault)
| Quote: | On Fri, 29 Aug 2008 06:14:06 -0700 (PDT), lak <lakindia89@gmail.com
wrote:
I want to study about the Session handling in PHP. I don't know where
to start. So please suggest me some way.
I'm a PHP newbie like you, but here's some working code to give you an
idea:
|
Some notes about this "working" code:
| Quote: | Add this to every page that is off-limit to non-authorized users:
? // Has a session already been created? If not, create new one
|
Avoid short open tags. They are completely unreliable and will most
likely be turned off by default in the coming PHP 6.
Where is $PHPSESSID coming from? And why are you interpreting it as a
boolean?
| Quote: | session_start($PHPSESSID);
else
session_start();
?
Here's how to manipulate data that are part of a session:
? session_register("email"); ?
|
session_register() is deprecated and not necessary anymore.
| Quote: | ? $email="me@acme.com"; ?
? echo $email; ?
? session_unregister("email"); ?
|
Same here. Just drop it.
| Quote: | ? session_destroy(); ?
|
And why all the <? ... ?>? Why not simply a single <?php ... ?> block?
To summarize all the above:
<?php
session_start();
$_SESSION['email'] = 'me@example.com';
?>
That's it. Then on another page:
<?php
session_start();
if (isset($_SESSION['email'])) {
print $_SESSION['email'];
}
?>
Or something like that.
| Quote: | Here's how to extract information form a session table:
$sql = "select user_id,status,date_created from session where
id='" . $PHPSESSID . "'";
|
The next problem. Even a session ID should be handled with care and be
seen as a potential threat. _Never_ trust anything coming in from the
client! The keyword here is "SQL injection".
Micha |
| |
| | | FutureShock | |
| | Posted: Mon Sep 01, 2008 8:48 pm Post subject: Re: session handling | |
| | | |
Gilles Ganault wrote:
| Quote: | On Fri, 29 Aug 2008 06:14:06 -0700 (PDT), lak <lakindia89@gmail.com
wrote:
I want to study about the Session handling in PHP. I don't know where
to start. So please suggest me some way.
I'm a PHP newbie like you, but here's some working code to give you an
idea:
Add this to every page that is off-limit to non-authorized users:
? // Has a session already been created? If not, create new one
if($PHPSESSID)
session_start($PHPSESSID);
else
session_start();
?
Here's how to manipulate data that are part of a session:
? session_register("email"); ?
? $email="me@acme.com"; ?
? echo $email; ?
? session_unregister("email"); ?
? session_destroy(); ?
Here's how to extract information form a session table:
$sql = "select user_id,status,date_created from session where
id='" . $PHPSESSID . "'";
$result = @mysql_query($sql) or
die('Query failed: ' . mysql_error());
$row = mysql_fetch_row($result);
echo "user_id = " . $row[0] . "<p>";
echo "status = " . $row[1] . "<p>";
echo "date_created = " . $row[2] . "<p>";
If most data are common to all users, a smarter way is to keep
user-specific data in sessions, but keep
common data in a cache (APC, MemCacheD, etc.):
session_start();
if(isset($_SESSION['myprivatevalue'])) {
print $_SESSION['myprivatevalue'] . "<p>\n";
} else {
$_SESSION['myprivatevalue'] = "verysecret";
}
//apc_add('scooby-doo', 'daphne');
print "Scooby-do=" . apc_fetch('scooby-doo');
//apc_delete('scooby-doo');
LINK
HTH,
|
Or simply get the correct code here:
LINK
Pretty explanatory there. |
| |
|
|
