Registering PHP Session Variable
Solution 1
you need:
- put session_start() in start of your code
- don't use session_register(), is an obsolete function, replace by $_SESSION['foo'] = 'baa';
-
destruct session:
session_start();
session_destroy(); your web application is vulnerably to SQL injection attack. -check best way to stop SQL Injection in PHP
Solution 2
about your logout-button question. You have to start your session first
<?php
//logout.php
session_start();
session_destroy();
echo "Logouted"
instead of
session_register()
use just
$_SESSION['email'] = '';
Michelle
Updated on June 14, 2022Comments
-
Michelle almost 2 years
I'm trying to create a simple login form. I have
session_start()
; as the first thing loaded on the page. I have a file login.php which contains the login related code which is processed through an ajax call when the Login button is clicked. It contains:if ($_GET['cemail']) { $email = $_GET['cemail']; $password = md5($_GET['cpassword']); $sql = "select * from users where email='" . $email . "' and password='" . $password . "'"; $result = mysql_query($sql); if (mysql_num_rows($result) >= 1) { session_register("email"); } else { echo "<span style='color:#ffffff;'>Invalid Email/Password</span><br>"; } }
When I click the Login button, I get this warning:
Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /home/clicker/public_html/hstrial-RBochner/login.php:1) in /home/clicker/public_html/hstrial-RBochner/login.php on line 82
Line 82 is the line that says
session_register("email")
;I also tried to create a Logout button which just calls
session_destroy()
, but it gives me this:Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in /home/clicker/public_html/hstrial-RBochner/login.php on line 66
What am I doing wrong here? I've tried placing
session_start()
in various places. Any help/ideas? Thanks. -
genesis almost 13 yearsI do not agree with your third point - unset($_SESSION); is wrong - php.net/manual/en/function.unset.php#77926
-
Long Ears almost 13 yearsMight be worth pointing out that if the session works without session_start(), then session.auto_start should be turned off and started explicitly otherwise every request which hits PHP will load (and lock) the session.