I have php ver 4.1.1 running with register_globals() ON on my site. I am trying to use sessions to maintain state during a visit to the site. I have read thru the manual, but my mind is still cluttered with doubts. I understand that use of the $_SESSION global array will greatly add to the security of the site and will prevent variable poisoning.
How do I register a session?
The manual (http://www.php.net/manual/en/print/ref.session.php) says that there are 2 methods:
Example 1. Registering a variable with $_SESSION. <?php session_start(); // Use $HTTP_SESSION_VARS with PHP 4.0.6 or less if (!isset($_SESSION['count'])) { $_SESSION['count'] = 0; } else { $_SESSION['count']++; } ?>
-----------------------------------------------------------------------
Example 4. Registering a variable with register_globals enabled <?php if (!session_is_registered('count')) { session_register("count"); $count = 0; } else { $count++; } ?>
---------------------------------------------------------
This is a snippet of the code that I am testing: <? session_start(); require_once('../Connections/MasterStream.php');
if ( $_POST['validuser'] && ($_POST['password']) ) {
mysql_select_db($database_MasterStream, $MasterStream);
$query_Recordset1 = "SELECT * FROM `admin` WHERE `admin`.username = "$_POST['validuser']" AND `admin`.password = "$_POST['password']"";
$Recordset1 = mysql_query($query_Recordset1, $MasterStream) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
if ($totalRows_Recordset1) { echo "Success!<br>"; if(!isset($_SESSION['validuser'])) $_SESSION['validuser'] = 0; else $_SESSION['validuser']++;
}
else{ echo "Please try again later<br>"; } } ?>