Why will this session not pass through?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • whitep8
    New Member
    • Oct 2009
    • 65
    #1

    Why will this session not pass through?

    Hi all,

    The following code works in that it will pass through a session variable of email, which comes from a posted value.

    When i add the while loop to extract the user type, it wont pass it through.

    any ideas?

    Code:
    <?php

ob_start();


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$user_email=$_POST['user_email'];
$user_password=$_POST['user_password'];

// To protect MySQL injection (more detail about MySQL injection)
$user_email = stripslashes($user_email);
$user_password = stripslashes($user_password);
$user_email = mysql_real_escape_string($user_email);
$user_password = mysql_real_escape_string($user_password);

$sql="SELECT * FROM $tbl_name WHERE user_email='$user_email' and user_password='$user_password'";

while($row = mysql_fetch_array($query))
{
	$user_type = $row[1];
	echo $user_type;
	exit ();
}

$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['user_email'] = $user_email;
$_SESSION['user_type'] = $user_type;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
    Tags: None
    • Atli
      Recognized Expert Expert
      • Nov 2006
      • 5062
      #2
      Hey.

      The mysql_fetch_arr ay call on line #22 is referencing a variable called $query, but I do not see it defined anywhere.

      If you want to use the result of the query defined as $sql, you will need to actually execute the query before the loop and use the result from that execution.

      O, and also, if you only need to use a single row from a result set, you might want to add a LIMIT to your query and loose the while loop. A loop is only needed if you plan to loop through several pieces of data. If you only need one row, something like this would be better.
      [code=php]<?php
      $sql = "SELECT stuff FROM tbl WHERE other='stuff' LIMIT 1";
      $result = mysql_query($sq l) or trigger_error(m ysql_error(), E_ERROR);
      $row = mysql_fetch_arr ay($result);

      $stuff = $row[0];
      ?>[/code]

        Comment

        • whitep8
          New Member
          • Oct 2009
          • 65
          #3
          Hi Thanks for the info. Ive made the changes you suggest.

          Can you see any issues with the session registers?

          this is the success file, but only the email is echoing

          Code:
          <?php 
session_start();
	echo "Hello ";
	echo $_SESSION['user_email'];
	echo $_SESSION['user_type'];
?>

            Comment

            • whitep8
              New Member
              • Oct 2009
              • 65
              #4
              just out of interest, i pushed the password into a session variable, and the echo'ed ok, so its literally the user type variable that wont go through

                Comment

                • Atli
                  Recognized Expert Expert
                  • Nov 2006
                  • 5062
                  #5
                  I see no issues with that part of the code, no. I should be set fine, unless the $user_type variable is somehow not being given a proper value.
                  Have you tried to var_dump it before setting the session, just to see what is in there?

                    Comment

                    • whitep8
                      New Member
                      • Oct 2009
                      • 65
                      #6
                      Hi Atli,

                      I removed the page header and echo'd out everything, i just couldnt find why SO......

                      i moved the sql to identify the user type and cast to a session at the top of the next page, which worked fine. I needed the user type to use in a switch statement, which now all works fine.

                      thanks for you help everybody

                        Comment

                        Previous template Next
                        Working...