Home > OS >  How do I assign a string to $_SESSION?
How do I assign a string to $_SESSION?

Time:04-18

I've fixed this, thank you everyone for your help!

The value of $_SESSION["nama_pengguna"] and $_SESSION["kata_laluan"] remains NULL and doesn't change to $nama_pengguna and $kata_laluan after passing all 3 if statements.

when:

  • $_POST is not NULL
  • $_POST["daftar"] is not NULL
  • $result is not NULL

value I get:

  • $_SESSION["nama_pengguna"] => NULL
  • $_SESSION["kata_laluan"] => NULL

expected value:

  • $_SESSION["nama_pengguna"] => $nama_pengguna
  • $_SESSION["kata_laluan"] => $kata_laluan

extra information:

  • $_SESSION["login"] works fine

    • when passes all if statements, $_SESSION["login"] => true
    • when doesn't pass all if statements, $_SESSION["login"] => false
    • I expected $_SESSION["nama_pengguna"] and $_SESSION["kata_laluan"] to copy this behaviour but it doesn't.
  • I've tried removing the first appearance of $_SESSION["nama_pengguna"] and $_SESSION["kata_laluan"], but those two variables stopped existing once I did that.

snippet from login.php

<?php
    session_start();
    include("sambungan.php");
    $_SESSION["login"] = false;
    $_SESSION["nama_pengguna"] = NULL; #Problem
    $_SESSION["kata_laluan"] = NULL;  #Problem

    if (!empty($_POST) && !empty($_POST["nama_pengguna"]) && !empty($_POST["kata_laluan"])) {
        $nama_pengguna = $_POST["nama_pengguna"];
        $kata_laluan = $_POST["kata_laluan"];
    
        if (isset($_POST["daftar"])) {
            $sql = "INSERT INTO urusetia (nama_pengguna,kata_laluan) VALUES ('$nama_pengguna','$kata_laluan')";
            $result = mysqli_query($sambungan,$sql);
            if ($result) {
                $_SESSION["login"] = true;
                $_SESSION["nama_pengguna"] = $nama_pengguna; #Problem
                $_SESSION["kata_laluan"] = $kata_laluan; #Problem

                $_POST = array();
                header("Location:./hakim.php");
                die();
            }
        }
    ...

snippet from login.php

...
        <form action="login.php" method="post">
            <table>
                <tr>
                    <td>Nama Pengguna</td>
                    <td><input type="text" name="nama_pengguna" autocomplete="off" placeholder="max 30 characters" required></td>
                </tr>
                <tr>
                    <td>Kata Laluan</td>
                    <td><input type="password" name="kata_laluan" autocomplete="off" placeholder="max 15 characters" required></td>
                </tr>
            </table>
            <input type="submit" name="daftar" value="Daftar">
            <input type="submit" name="log_masuk" value="Log Masuk">
        </form>
...

echo-ing all the $_SESSION variables

echo-ing all the $_SESSION variables

CodePudding user response:

You checked just $_POST in first condition. it is good practice to check if $_POST["nama_pengguna"] and $_POST["kata_laluan"] is not empty too. (isset is not enough):

...
if ($_POST && !empty($_POST["nama_pengguna"]) && !empty($_POST["kata_laluan"])) {
    // not you can be sure both of that data is exist and have some data.
    $nama_pengguna = $_POST["nama_pengguna"];
    $kata_laluan = $_POST["kata_laluan"];

    ....
} else {
  // return some error because of being empty needed data.
}

but you maybe you have to add an "else" to you condition for return some errors because the data does not have enough data we need.

CodePudding user response:

I've found the problem, it was a silly mistake, thank you everyone for helping me, you were all so kind. The problem lay here:

if isset($_POST["daftar"])

returned false

there was another part that made login true but did not change the other two session variables.

CodePudding user response:

Your post data was empty.

session_start();
include("sambungan.php");
$_SESSION["login"] = false; #You dont need this
$_SESSION["nama_pengguna"] = NULL; #You dont need this
$_SESSION["kata_laluan"] = NULL;  #You dont need this, you can use isset($_SESSION["kata_laluan"]) to get data if exist

if (!empty($_POST)) { #Check if there's ANY post data at all
    $nama_pengguna = $_POST["nama_pengguna"];
    $kata_laluan = $_POST["kata_laluan"];

    if (isset($_POST["daftar"])) {
        $sql = "INSERT INTO urusetia (nama_pengguna,kata_laluan) VALUES ('$nama_pengguna','$kata_laluan')";
        $result = mysqli_query($sambungan,$sql);
        if ($result) {
            $_SESSION["login"] = true;
            $_SESSION["nama_pengguna"] = $nama_pengguna; #Problem
            $_SESSION["kata_laluan"] = $kata_laluan; #Problem

            $_POST = array();
            header("Location:./hakim.php");
            die();
        }
    }

By Nico Haase comment.

This SQL code have security problems.

The correct way to avoid SQL injection attacks, no matter which database you use, is to separate the data from SQL.

You can use with PDO or [MySQLi](for MySQL).2

PDO example:

$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$stmt->execute([ 'name' => $name ]);

foreach ($stmt as $row) {
    // Do something with $row
}

MySQLi example:

$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name); // 's' specifies the variable type => 'string'
$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // Do something with $row
}
  • Related