-1

I'm trying to use the PHP $_SESSION in my code. Below is the code but the problem is that PHP $_SESSION is not working globally.

<?php
session_start();
require_once("config.php");
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
header("location: login.php");
exit;
}
$_SESSION["log_user"];
?>

Here I have declared the $_SESSION before the code then I try to use it in the body below is the code.

  <?php 
      $log_user=$_SESSION['log_user'];
      $getlogged = "SELECT * FROM  user_accounts WHERE userid='$log_user'"; 
      $getlogged=mysqli_query($db, $getlogged);
      while ($getlogged_row = mysqli_fetch_array($getlogged)) { 
      ?>
    
<div> Name : <?PHP echo $getlogged_row['name']; ?> </div>
<div> Name : <?PHP echo $getlogged_row['userid']; ?> </div>

      <?php } ?>
beniharwinder
  • 11
  • 1
  • 4
    Every file which uses Session must start with `session_start()` – ADyson May 05 '22 at 06:18
  • @ADyson it has `session_start()` – beniharwinder May 05 '22 at 06:29
  • you did not write what's the problem with your code – Giacomo M May 05 '22 at 06:33
  • 2
    What is the meaning of the line `$_SESSION["log_user"];` in your 1st code ? – Ken Lee May 05 '22 at 06:35
  • add session_start(); in your second code – Dotsquares May 05 '22 at 06:35
  • You never _set_ a value for `$_SESSION["log_user"]` (at least not in the code posted), so `$log_user` will be empty – brombeer May 05 '22 at 06:38
  • @KenLee I have `$_SESSION["log_user"]="username";` in my login page from where I m trying to pass this to the second page after login. – beniharwinder May 05 '22 at 06:45
  • 1
    If you mean the line `$_SESSION["log_user"];` is actually `$_SESSION["log_user"]="username";` then this line will **never** get executed if the conditional statement is true because it is below the redirection and **exit** statements . – Ken Lee May 05 '22 at 06:55
  • 1
    Do you also use `session_start()` in your login page? You could [edit] your question and also post the code of your login page so we can see what's going on there. (`I have $_SESSION["log_user"]="username";` - do you actually set this to a _string_ "username"? That should be the actual username (`$username` or something) of the logged in user) – brombeer May 05 '22 at 07:02
  • It doesn't have session_start() in your second snippet. I assumed that was in a separate file? Is it not? It's a bit unclear to be honest – ADyson May 05 '22 at 07:26
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 05 '22 at 07:41

0 Answers0