Installment 3

PHP Session Handling - Cookies Enabled

Instead of storing session information at browser through use of cookies, information can instead be stored at server in session files. One session file is created and maintained for each user session. For example, if there are three concurrent users browsing website, three session files will be created and maintained - one for each user. The session files are deleted if session is explicitly closed by PHP script or by a daemon garbage collection process provided by PHP. Good programming practice would call for sessions to be closed explicitly in script.

The following is a typical server-browser sequence of events that occur when a PHP session handling is used: 1. The server knows that it needs to remember State of browsing session 2. PHP generates a sssion ID and creates a session file to store future information as required by subsequent pages 3. A cookie is generated wih session ID at browser 4. This cookie that stores session ID is transparently and automatically sent to server for all subsequent requests to server

The following PHP session-handling example accomplishes same outcome as previous cookie example. Copy code below (both php and html) into a file with .php extension and test it out.

[?php //starts a session session_start();

//informs PHP that count information needs to be remembered in session file if (!session_is_registered("count")) { session_register("count"); $count = 0; } else { $count++; }

$session_id = session_id(); ?]

[html] [head] [title]PHP Session Handling - Cookie-Enabled[/title] [/head] [body] The current session id is: [?=$session_id ?] This page has been displayed: [?=$count ?] times. [/body] [/html]

A summary of functions that PHP provides for session handling are: 1. boolean start_session() - initializes a session 2. string session_id([string id]) - either returns current session id or specify session id to be used when session is created 3. boolean session_register(mixed name [, mixed ...]) - registers variables to be stored in session file. Each parameter passed in function is a separate variable 4. boolean session_is_registered(string variable_name) - checks if a variable has been previously registered to be stored in session file 5. session_unregister(string varriable_name) - unregisters a variable from session file. Unregistered variables are no longer valid for reference in session. 6. session_unset() - unsets all session variables. It is important to note that all variables remain registered. 7. boolean session_destroy() - destroys session. This is opposite of start_session function.

The next installment discusses how to manage sessions using PHP session handling functions when cookies are disabled...

Installment 4

PHP Session Handling - Without Cookies

If cookies are disabled at browser, above example cannot work. This is because although session file that stores all variables is kept at server, a cookie is still needed at browser to store session ID that is used to identify session and its associated session file. The most common way around this would be to explicitly pass session ID back to server from browser as a query parameter in URL.

For example, PHP script generates requests subsequent to start_session call in following format: http://www.yourhost.com/yourphpfile.php?PHPSESSID=[actual session ID]

The following are excerpts that illustrate discussion:

Manually building URL: $url = "http://www.yoursite.com/yourphppage.php?PHPSESSID=" . session_id(); [a href="[?=$url ?]" rel="nofollow"]Anchor Text[/a]

Building URL using SID: [a href="http://www.yoursite.com/yourphppage.php?[?=SID ?]" rel="nofollow"]Anchor Text[/a]

This PHP scripting article is written by John L. John L is the Webmaster of The Ultimate BMW Blog! (http://www.bimmercenter.com).

The @ operator is used to suppress any error messages that mysql_connect() and mysql_select_db() functions may produce if an error occurred. The die() function is used to end script execution and display a custom error message.

Executing SQL Statements against a MySQL database

Once connection and database selection is successfully performed, PHP script can now proceed to operate on database using standard SQL statements. The mysql_query() function is used for executing standard SQL statements against database. In following example, PHP script queries a table called tbl_login in previously selected database to determine if a username/password pair provided by user is valid.

Assumption: The tbl_login table has 3 columns named login, password, last_logged_in. The last_logged_in column stores time that user last logged into system.

// The $username and $passwd variable should rightly be set by login form // through POST method. For purpose of this example, we’re manually coding it. $username = “john”; $passwd = “mypassword”;

// We generate a SELECT SQL statement for execution. $sql="SELECT * FROM tbl_login WHERE login = '".$username."' AND password = '".$passwd."'";

// Execute SQL statement against currently selected database. // The results will be stored in $r variable. $r = mysql_query($sql);

// After mysql_query() command executes, $r variable is examined to // determine of mysql_query() was successfully executed. if(!$r) { $err=mysql_error(); print $err; exit(); }

// If everything went well, check if query returned a result – i.e. if username/password // pair was found in database. The mysql_affected_rows() function is used for this purpose. // mysql_affected_rows() will return number of rows in database table that was affected // by last query if(mysql_affected_rows()==0){ print "Username/password pair is invalid. Please try again."; } else {

// If successful, read out last logged in time into a $last variable for display to user $row=mysql_fetch_array($r); $last=$row["last_logged_in"]; print “Login successful. You last logged in at ”.$last.”.”;

}

The above example demonstrated how a SELECT SQL statement is executed against selected database. The same method is used to execute other SQL statements (e.g. UPDATE, INSERT, DELETE, etc.) against database using mysql_query() and mysql_affected_rows() functions.

This PHP scripting article is written by John L. John L is the Webmaster of The Ultimate BMW Blog! (http://www.bimmercenter.com).