Making variables available at other places

PHP
1

User submits username from p1.html, p2.php does the authorization work with db.php as required file and upon successful authorization, it directs the user to p3.php.

As seen, I have commented out the line require('../myDBFolder/db.php'); in
p3.php because its not needed as I have already one open connection in p2.php. Because of commenting the above line, I am not able to retrieve some of the parameters like $connection and $table_name_data which are used in p3.php. And I have already read that storing connection parameter in session is not a good idea so not using that approach. Could anyone advise how can I adjust my variables to make sure they are available in p3.php and wherever needed.

p1.html

<form method="post" action= "p2.php"  name="lform">
  <span class="style1">User Name :</span>  
    <input type="text" name="user" size="25">
    <input type="submit" value="login">
</form>

p2.php

<?php
session_start();
require('../myDBFolder/db.php');

$user = $_POST["user"]; 
$_SESSION['username'] = $user;

$sql="SELECT * FROM $table_name_users WHERE username = \"$user\"";
$result=mysqli_query($connection,$sql) or trigger_error("Couldn't Execute Query in page2.php: ". mysqli_error($sql));
$num = mysqli_num_rows($result);

if ($num != 0) {

	print "<script>";
	print "self.location='p3.php';";
	print "</script>";

} else {
echo "<p>you're not authorized";
}

?>

p3.php

<?php
session_start();

//require('../myDBFolder/db.php');

$user = $_SESSION['username'];
$sql = "SELECT * FROM $table_name_data WHERE username = '$user'";
$result = mysqli_query($connection,$sql) or trigger_error("Could Not Execute  the Query ! :   ". mysqli_error($connection));

?>

db.php

<?php

$user = $_POST["user"]; 
$_SESSION['username']=$user;

$db_server = "localhost"; 
$db_name = "PracticeDB"; 
$db_user = $user;

$table_name_data = "collegestudents";

$connection = mysqli_connect($db_server,$db_user,$db_password) or trigger_error("Could Not Connect to the Database :   ". mysqli_connect_error(), E_USER_ERROR);
$db = mysqli_select_db($connection , $db_name) or trigger_error("Could Not Select the Database : " . $db_name . ':' .mysqli_error($connection));
?>
2

These statements contradict one another.
Clearly the connection script is needed.
If you are concerned about including the connection any more times than necessary you could use require_once instead of just require.

3

Thanks @SamA74 . You mean to say I can use require_once in p2.php ?

When I include the script in p3.php, I notice the following in db.php:

NULL For the following check in db.php:

echo "Check for User in db.php below:";
var_dump($user);

echo"Test for db user variable in db.php:";
var_dump($db_user);

In p3.php, I see blank getting printed for the following dump.

$user = $_SESSION['username'];

var_dump("Checking for User at the Start for CD Test PHP File: ".$user);
4

Use it wherever you need to make the connection, as you should generally only have to make the connection once for any given script.

[off-topic]
I highly recommend sanitising user inputs and using prepared statements to build your queries.

$user = $_POST["user"]; 

$sql="SELECT * FROM $table_name_users WHERE username = \"$user\"";

This is very vulnerable to injection.

5

Could you tell me why I am facing the above problem while using the connection in p3.php ?

6

There simply is no connection, because you commented out the connection script.
Ordinary variables only have scope within their “page”, so the connection is closed after p2 runs, so must be re-opened in p3.

7

Sorry for not being clear. Actually I am referring to the problems I have mentioned when I included the script. Attaching the screenshot to address my issue in a more clear manner:

8

Do the $_POST values remain after you’ve done the header redirection from p2.php to p3.php? I thought they’d only be kept as part of a form submit with POST method, and if that’s the case, when you include db.php in p3.php, it effectively blanks out the session variable in the first couple of lines by setting it to a blank variable.

9

You are right. Adding the following piece of code in p3.php gave me null. Could you tell me how can I avoid this problem?

echo "Testing POST Value !";
var_dump($_POST);

Here is what I got:

Testing POST Value !array(0) { } string(53)

10

Remove the two lines in db.php that write into the session variable. You’ve already stored the value in p2.php, so there’s no need to do it again. Move the relevant lines in p2.php to be before you include the db.php file and the variables should be populated by then.

1 Like
11

I tried removing the following lines from db.php

$user = $_POST["user"]; 
$_SESSION['username']=$user;

and moved the above two lines in p2.php as you mentioned and I still see NULL for $_POST in p3.php

14

Well, you will, because the $_POST is only populated with a form submission using the POST method. Not using a header redirect. Save what you need in session variables before you redirect from p2 to p3.

15

Could you tell me how can I save in p2.php before redirect?

Doing the following in p2.php wouldn’t save ? :

session_start();
$user = $_POST["user"]; 
$_SESSION['username'] = $user; 
require('../myDBFolder/db.php');
16

It does save the username session variable, but the $_POST array will be blank in p3. But you don’t need the $_POST array any more, because you’ve saved the username in the session variable.

1 Like
17

Great. I can see the username in p3.php. Thanks for your help.

1 Like
18

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.