PHP User Sessions Setup

<?php

session_start();

/*if(!isset($_SESSION['loggedin'])) {
	//var_dump($_SESSION['loggedin']);
	header('Location: login.php');
	exit();	
} */

$_SESSION['name'] = $_POST['first_name'];

?>

Here is my index page. The $_POST variable is coming from my login_auth script.

$_POST variables only exist on the page the form submitted to.

Someone has already taken the time to post a detailed response describing how to do that -

So would it be:

$username = $_POST['username'];

Where is the reference to the login code where the data is stored? I still don’t quite follow your previous reply… Can you elaborate more on this?

The user’s information is stored in a database table, when the user registered. You would query that database table, using a SELECT query, to find and then fetch the row of data that matches the user’s id that’s stored in the login session variable.

The reason I/we don’t write out verbose paragraphs like that in every reply is, no one would continue to post replies if each one has to cover every fundamental building block and knowledge about what you have already done, leading up to the point where you are at. Learning and growing in any task involves building on and using prior knowledge gained.

So, I’ve looked into this further and this is what I added to my index page:

<?php

session_start();

require_once('api/dbconnect.php');

if(!isset($_SESSION['loggedin'])) {
	//var_dump($_SESSION['loggedin']);
	header('Location: login.php');
	exit();	
}

$sql_query = $pdo->query("SELECT first_name FROM users WHERE id = {$_SESSION['id']}");
$username = $sql_query->execute();

?>

When I echo the result, I am given a number, rather than the name of the user. What am I doing wrong?

Once you’ve executed the query, you then need to retrieve the results. You’ve missed that bit out.

The ->query() and the ->execute() statements are not even used with each other.

@mabismad What do you mean? Isn’t that how they are supposed to be used?

@droopsnoot How can I retrieve the proper result?

Have a look at the fetch function. When you call execute, that returns a pointer to a set of results, you then need to use fetch to get the results out of it.

Which protocol should I be using? PDO or MySQLi? I know I can do it both ways, but I don’t really understand the difference between the two (except that PDO can work on 12 different database systems and MySQLI only works on MySQL, which means I’d have to rewrite everything if I change it) and which is the best way to do it?

I figured it out using this code:

$sql_query = $pdo->query("SELECT first_name FROM users WHERE id = {$_SESSION['id']}");
$result = $sql_query->execute();
$first_name = implode($sql_query->fetch(PDO::FETCH_ASSOC));

This code runs the defined query in the $sql_query variable. When executed by $result, it is produced as an array rather than a string. To convert it, I used implode on the last line followed by PDO::FETCH_ASSOC to call the array for conversion.

Thanks for the tip @droopsnoot!

I have a feeling what is happening may not be clearly understood. A way that helps me a lot of times is to add a short data type to variable names. eg.

$sql_query_rs = $pdo_obj->query("SELECT first_name FROM users WHERE id = {$_SESSION['id']}");
$result_rs = $sql_query_rs->execute();
$first_name_str = implode($sql_query_rs->fetch(PDO::FETCH_ASSOC)); 

It looks like “$result” would error to me. Any chance reporting / display are off and it isn’t being used anywhere?

Why would $result produce an error? Here’s my logic behind my code:

$sql_query = $pdo->query("SELECT first_name FROM users WHERE id = {$_SESSION['id']}");

This code writes out and prepares the query using PDO to grab the user’s first name from the database when they login or register

$result = $sql_query->execute();

This line executes the query mentioned in the previous statement

$first_name = implode($sql_query->fetch(PDO::FETCH_ASSOC));

This code fetches the results of the query and converts them into a string using implode().

I ran var_dump() when testing this and it didn’t produce errors. Is there something I’m missing?

mea culpa. (should teach me to not engage brain gears until after depressing caffeine pedal but it won’t)

the above should be

$sql_query_stmt = $pdo_obj->query("SELECT first_name FROM users WHERE id = {$_SESSION['id']}");
$result_bool = $sql_query_stmt->execute();
$first_name_str = implode($sql_query_stmt->fetch(PDO::FETCH_ASSOC)); 

the “rs” result set is folded into the implode. it is the “$result_bool” which is unused.

EDIT: OP, I am wondering why you would use implode on a single result.

I’m using implode() here so that I can convert the result of the query into a string which can be used to show Welcome, (first name here)! Is there a better way to do it?

$stmt = $pdo->prepare(“SELECT first_name FROM users WHERE id =?”);
$stmt->execute([$_SESSION[‘id’]]);
$name = $stmt->fetchColumn();
echo $name;

What’s the difference between this:

and this:

1. query is a executable method all on its own
2. Execute, executes a Preapared Statement. You a dont have one and have already called an executable method (query)
3. You are putting a variable in the query
4. impode is to " Join array elements with a string". You are doing no such thing

I highly recommend you read the free manual
https://www.php.net

https://www.php.net/manual/en/pdo.query.php

https://www.php.net/manual/en/pdostatement.execute.php

https://www.php.net/manual/en/function.implode.php

This tutorial will also get you going with properly using PDO
https://phpdelusions.net/pdo

I see. Thanks for that! I checked the manual and replaced the code accordingly:

$name_query = $pdo->prepare("SELECT first_name FROM users WHERE id = ?");
$name_query->execute(array($_SESSION['id']));
$username = $name_query->fetchColumn();