Jump to content

Session Query


IChaps

Recommended Posts

Hello.

 

I'd just like to enquire about using session S_session please.

 

I've created 4 sessions to hold the log in data for the access to a database (host, username, password, database name)

 

At present I've got it to load this data from a file and insert it into a session.

Then for my use I've got it to display this data, to ensure it's reading from the file - which it is doing correctly.

 

The problem I've got is in another php file.

In the other php file the sessions are all blank and I don't know why this is.

 

 

----

In my index.php file the code reads [this works]:-

//ReadFile
$fp = fopen( dirname(__FILE__).'/Core/sys/dbinfo.txt', 'r' ) or die("Couldn't open file:- 1");
$db_host = fgets($fp);
$db_user = fgets($fp);
$db_pass = fgets($fp);
$db_databasename = fgets($fp);
fclose( $fp );

$_SESSION['dbf_host'] = $db_host;
$_SESSION['dbf_user'] = $db_user;
$_SESSION['dbf_pass'] = $db_pass;
$_SESSION['dbf_databasename'] = $db_databasename;

 

and in the other php file, the code reads:-

session_start();

echo "new php file\n";

echo $_SESSION['dbf_host'];
echo $_SESSION['dbf_user'];
echo $_SESSION['dbf_pass'];
echo $_SESSION['dbf_databasename'];

 

The above code produces a blank screen.

 

Could anyone please advise me?

Thank You.

Link to comment
Share on other sites

You're not using session_start on the first piece of code.

 

If you're storing configuration data like database login details, you shouldn't use a plain text file. Unless you've specifically configured the web server to deny access, anyone could pull up that file and get the credentials. Just create a PHP file and then include it, you don't have to manually read the file or anything. e.g.:

 

<?php
$config = [
  'db_host' => 'localhost',
  'db_user' => 'sql_user',
  'db_pass' => 'some password',
  'db_name' => 'database name',
];
<?php

include 'config.php';

$mysqli = new mysqli($config['db_host'], $config['db_user'], $config['db_pass'], $config['db_name']);
You could also just create the database object in the other file also, so that including the file causes you to be connected to the database so that you can use the $mysqli variable to send queries. You can do other tasks that all pages should do also, like starting a session, setting error reporting options, etc. Then you just include that one file and write the code for that particular page. Another benefit is that if someone types in the URL to that config.php file, PHP will execute it and just display a blank page, they won't see any of the code or details inside the file.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...