I have php ver 4.1.1 running with register_globals() ON on my site. I am trying to use sessions to maintain state during a visit to the site. I have read thru the manual, but my mind is still cluttered with doubts. I understand that use of the $_SESSION global array will greatly add to the security of the site and will prevent variable poisoning.
How do I register a session?
The manual (http://www.php.net/manual/en/print/ref.session.php) says that there are 2 methods:
Example 1. Registering a variable with $_SESSION.
<?php
session_start();
// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
?>-----------------------------------------------------------------------
Example 4. Registering a variable with register_globals enabled <?php if (!session_is_registered('count')) { session_register("count"); $count = 0; } else { $count++; } ?>
---------------------------------------------------------
This is a snippet of the code that I am testing:
<? session_start();
require_once('../Connections/MasterStream.php');if ( $_POST['validuser'] && ($_POST['password']) ) {
mysql_select_db($database_MasterStream, $MasterStream);
$query_Recordset1 = "SELECT * FROM `admin` WHERE `admin`.username = "$_POST['validuser']" AND `admin`.password = "$_POST['password']"";
$Recordset1 = mysql_query($query_Recordset1, $MasterStream) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
if ($totalRows_Recordset1)
{
echo "Success!<br>";
if(!isset($_SESSION['validuser']))
$_SESSION['validuser'] = 0;
else $_SESSION['validuser']++;}
else{
echo "Please try again later<br>";
}
}
?>��Thanks in advance, Pushpinder
