Hello,
I've been working on a Login for my site.
I got some code on it from some site which uses session register. Later I read that session_register is 'depreciated' (does that mean it's not in use?) and that I should use $_SESSION.
My question is what would the equivalent code be for registering the session. Also to be able to use $_SESSION I need to start the session but that needs to go on the very top of my code... but I don't want to start the session until I authenticate the user.
I may have all of this confused (just started learning PHP)
The code I have currently:
<?php
include('connectionfile.php');
$tbl_name="listserve";
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:loginsuccess.php");
}
else {
echo "Wrong Username or Password";
}
?>
Thanks,
FreddyE
I've been working on a Login for my site.
I got some code on it from some site which uses session register. Later I read that session_register is 'depreciated' (does that mean it's not in use?) and that I should use $_SESSION.
My question is what would the equivalent code be for registering the session. Also to be able to use $_SESSION I need to start the session but that needs to go on the very top of my code... but I don't want to start the session until I authenticate the user.
I may have all of this confused (just started learning PHP)
The code I have currently:
<?php
include('connectionfile.php');
$tbl_name="listserve";
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:loginsuccess.php");
}
else {
echo "Wrong Username or Password";
}
?>
Thanks,
FreddyE
