PHP Beginner

D

dmarkwa

New Member
Joined
Apr 12, 2008
Messages
1
Reaction score
0
I have two major things I want to learn about PHP at this point.

One, when I create a login system, I want certain information about the user to 'follow' him throughout the site. My understanding is that in PHP, this is done by creating Session Variables.

I have tried a tutorial that in online. But Still don't get it.

When I log in, how do I set Session variables as part of the log in script?
the users name, email address for example.

Then, how to I reference those variables in subsequent PHP pages?

For instance, I want the login persons first name on every page in the site, as they are visiting.

This is one question,

Then I want to create an array for a select statement from MySQL upon startup and then have that array persist indefinitly in the website.

Then when I create a selet statement do this:

<select name=mypopup size=1>


Loop the number of times as the array has items

<option value="the first item of the first row of the array">The second item of the first row of the array</option>
end loop

</select>

I am brand new to PHP so if there are other forums I might go to get my questions answered, please tell me as well. I have the O'reilly book on PHP , but the section on Session Variables doesn't answer this question.

Thank you for the help.


I you would like you can email me directly at [email protected]

Thanks again.

dmarkwa
 
Can't say that I'm that great with PHP but I will try and help the best that I can. Start off with a login form something like
<body>
<form action="logintest.php" method="post">
<b>User Name</b> <input type="text" name="user_name" size="15" maxlength="15"><br>
<b>Password </b><input type="password" name="password" size="15" maxlength="15"><br>
<input type="submit" value="Send">
</form>
</body>
Click to expand...
The form is pointing to a PHP script called logintest.php which could look like
<?php
//logintest.php
include ('db.php');
$query = "SELECT username,password FROM users WHERE username='$_POST[user_name]' AND password='$_POST[password]'";

$result = mysql_query ($query)
or die (mysql_error());
while($line = mysql_fetch_array($result)) { list($username ,$pass_word)=$line;
};

if ($username==$_POST[user_name] AND $pass_word==$_POST[password])
{
session_start();
$_SESSION["user_name"]= $_POST[user_name];
$_SESSION["password"]= $_POST[password];
}
else{
header("Location: login.php");
};
?>
Click to expand...
The logintest.php script receives global variables from login.php and accesses those variables via $_POST[user_name] and $_POST[password]. It then pulls all the user names and the passwords from the "users" table of the MySQL database. If there is a match between the login data passed to the logintest.php script and the info in the "users" table of the database, a session is started. The $_POST[] global variables are now passed to $_SESSION[] global variables. If no match is found, the user is redirected back to the login.php page. You can now access the login information on any page - for example:-
<?php
// page2.php
session_start();
echo $_SESSION["user_name"]."<br />";
echo $_SESSION["password"];
?>
Click to expand...
I haven't tested the scripts but hope it gives you an idea.
 
PHP security!

Please err on the side of caution and always be security concious when accepting input from the user, this includes escaping all $_POST, $_GET, $_SESSION, $_COOKIE and $_REQUEST variables.

This can be done by escaping all strings in your statements via the mysql_real_escape_string function, to prevent SQL injection. Also, converting all applicable characters to HTML entities via the htmlentities function or htmlspecialchars function, to prevent any XSS (cross site scripting) attacks.
 
Last edited:
hongong said:
Please err on the side of caution and always be security concious when accepting input from the user, this includes escaping all $_REQUEST, $_POST and $_GET variables.

This can be done through escaping all strings in your statements via the mysql_real_escape_string function, to prevent SQL injection. Also, converting all applicable characters to HTML entities via the htmlentities function or htmlspecialchars function, to prevent any XSS (cross site scripting) attacks.
Click to expand...

Dead right hongong. Need to consider security issues with any input from forms. Thanks.
 
dmarkwa said:
I have two major things I want to learn about PHP at this point.

One, when I create a login system, I want certain information about the user to 'follow' him throughout the site. My understanding is that in PHP, this is done by creating Session Variables.

I have tried a tutorial that in online. But Still don't get it.

When I log in, how do I set Session variables as part of the log in script?
the users name, email address for example.

Then, how to I reference those variables in subsequent PHP pages?

For instance, I want the login persons first name on every page in the site, as they are visiting.

This is one question,

Then I want to create an array for a select statement from MySQL upon startup and then have that array persist indefinitly in the website.

Then when I create a selet statement do this:

<select name=mypopup size=1>


Loop the number of times as the array has items

<option value="the first item of the first row of the array">The second item of the first row of the array</option>
end loop

</select>

I am brand new to PHP so if there are other forums I might go to get my questions answered, please tell me as well. I have the O'reilly book on PHP , but the section on Session Variables doesn't answer this question.

Thank you for the help.


I you would like you can email me directly at [email protected]

Thanks again.

dmarkwa
Click to expand...

Just wanted to say welcome to the forum:D
I am to wanting to work with php:D
 
Also, use stored procedures in mysql (5.0+) and prevent the mysql web user from accessing tables directly. That will further limit any damage.
 
Cookies might also work for you.

You really only need one bit of user data, maybe the row id or username. Using this you can look-up the rest of the data as needed. Might not be good for a heavy traffic site.
 
Cookies might also work for you.

You really only need one bit of user data, maybe the row id or username. Using this you can look-up the rest of the data as needed. Might not be good for a heavy traffic site.
 
Something I prefer doing is using only one file for each area. ie, not to use a login.php which calls logintest.php, which in turn calls login.php again.

Simply get login.php to call itself as the form action. Personally, I find it makes managing the site easier, with far less files lying around.

Other than that - Ozymandias has it pretty much sorted!

@Nod - would need to be carefull on shared hosting, is also gonna chow more resources with extra calls, esp on high traffic sites as you mentioned.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X