How to create session for login in core php?

Question

i used this query to login and for creating session.

$username = $_REQUEST['user'];
$password = $_REQUEST['pass'];        
$member = mysqli_query($conn,"SELECT * FROM `user` WHERE `email` = '".$username."' AND `password` = '".$password."' ");
$member1 = mysqli_fetch_assoc($member);
if ($member1>0) 
    {            
        $_SESSION['username']=$member1['fullName'];
        $_SESSION['companyid']=$member1['comapanyId'];
        header('Location: home.php'); 
    }
else
    {
        header('Location: index.php');

    }

i am able to create session means if i echo $_session['companyid'];die; on this page it will print that id perfectly.

Now, i will jump to home.php to use this session for that i write session_start() on top of the page.

Now, If i print_r($_SESSION['companyid']) i will get error Notice: Undefined index: companyid

for this problem i used isset function like this,

if (isset($_SESSION['companyid'])) {
      echo $_SESSION['companyid'];
    }

but i am again failed to print $_SESSION in home.php I dont know what i am doing wrong.

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — Alex Howansky, Jun 27 '17 at 18:31
**Never** store plain text passwords. Instead use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php). If you're using a version of PHP prior to 5.5, do **not** use MD5 or SHA1 to hash passwords. Instead you can use [this compatibility pack](https://github.com/ircmaxell/password_compat). — Alex Howansky, Jun 27 '17 at 18:32
You have to have `session_start();` at the top of all pages using sessions. — Jay Blanchard, Jun 27 '17 at 18:35
Note: `mysqli_fetch_assoc()` returns an associative array of fields, not a row or column count, so you generally don't want to compare it to an integer value directly. Use something like `if ($result === null)` or `if (mysqli_stmt_num_rows() === 1)`. — Alex Howansky, Jun 27 '17 at 18:39

score 0 · Accepted Answer · answered Jun 27 '17 at 18:37

0

i am able to create session means if i echo $_session['companyid'];die; on this page it will print that id perfectly.

The array $_session is different than the superglobal array $_SESSION due to case sensitivity. On top of that, you will need session_start() at the top of each PHP page that will be accessing this array.

If you change $_session to $_SESSION, PHP will know that you are calling the same array.

answered Jun 27 '17 at 18:37

hRdCoder

579
7
30

bro sorry for typo. but i am using $_SESSION only. and using session_start() on each page. but not getting the value in session – amit sutar Jun 27 '17 at 18:41
That's okay, and thanks for correcting. Depending on the language, typos can mean different things when you're coding, so we have to watch out for that. – hRdCoder Jun 27 '17 at 18:43

How to create session for login in core php?

1 Answers1