Storing null value in session variable

StackOverflow https://stackoverflow.com/questions/17914148

  •  04-06-2022
  •  | 
  •  

Question

I have two PHP files, in which i'd like to store a session variable id like this

if(authentification($login,$mdp) == 0)
                {?>
                <script>alert('logging failed');</script>
                <?php
                header('Location: Contacts.php'); 
                }
                else{
                session_start();
                $_SESSION['login'] = $login;
                $_SESSION['mdp'] = $mdp;
                $a = authentification($login,$mdp);;
                $_SESSION['id'] = $a;
                 header('Location: space.php'); 

                }

And in the file space.php

session_start(); 
$list = Get_companies_by_user($_SESSION['id']);

in the function.php

function authentification($login,$mdp){

                parametrs();    

                $Log_query=mysql_query(
                    "   
                        SELECT user_id 
                        FROM  reg_users
                        WHERE username ='$login'
                        AND   password   ='$mdp'

                        ") or die(mysql_error());

                        if ($Log_query == true && mysql_num_rows($Log_query) >0) {

                          while ($Res_user = mysql_fetch_array($Log_query) ) {
                        return $Res_user;

                        }
                        }
                        else return 0;

}

The problem is in the value of the variable $_SESSION['id'] : why it is null in space.php? How can i fix this error?

Était-ce utile?

La solution

Try something like:

function authentification($login,$mdp){
    $Log_query = mysql_query("SELECT user_id FROM  reg_users WHERE username ='$login' AND   password   ='$mdp'") or die(mysql_error());

    //The user should be unique, not more than 0
    if($Log_query && mysql_num_rows($Log_query) === 1){
        while ($Res_user = mysql_fetch_array($Log_query) ) {
            $user = $Res_user['user_id'];
        }
        return $user;
    }else{
        return 0;
    }
}

You should also escape $login and $mdp with:

mysql_real_escape_string($var);
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top