PHP $_SESSION variable not showing value
I have written a text in the page title with the name of the logged in user. It worked for a while, but when I went to do something else, it just stopped. It 's like $_SESSION['ime'] holds a null value; I'm sure I'm not hitting anything related to this.
Here is some code: my main php file:
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'audiprojekat');
// REGISTER USER
if (isset($_POST['reg_user'])) {
$vrsta = "KO";
$ime = mysqli_real_escape_string($db, $_POST['ime']);
$prezime = mysqli_real_escape_string($db, $_POST['prezime']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM registrovani WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password);//encrypt the password before saving in the database
$query = "INSERT INTO registrovani (ime, prezime, username, email, password, vrsta)
VALUES('$ime','$prezime','$username', '$email', '$password', '$vrsta')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['ime'] = $ime;
$_SESSION['success'] = "You are now logged in";
header('location: user.php');
}
}
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM registrovani WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['ime'] = $ime;
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in";
header('location: user.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
Here is the html page:
<?php include('server.php'); ?>
<p id="user_cont" style="color: white; margin-left: 80%; margin-top: 0; margin-bottom: 0; width: 20%; background-color: black; padding: .5%; font-family: 'Rajdhani', sans-serif; font-size: 140%; border-left: thick red solid;">
<?php
if(isset($_SESSION['username'])){
echo $_SESSION['ime'];
echo " <a href='logout.php' style='color: red; text-decoration: none;'>Odjavite se</a>";
}
else echo " <a href='login.php' style='color: white; text-decoration: none;'>Prijavite se</a>";
?>
</p>
$_SESSION['username'] and $_SESSION['password'] are ok, but $_SESSION['ime'], $_SESSION['prezime'], $_SESSION['email'] are empty.
I checked the mySQL database and everything is written correctly.
Your program has 2 steps: 1. reg_user, 2. login_user
I think you are saying that some parameters are empty after logging into the page. However, you are not reading data from the Select query.
Example code to read and store SESSION data from a query:
$row = $results->fetch_assoc();
$_SESSION['ime'] = $row['ime'];
$_SESSION['email'] = $row['email'];
$_SESSION['prezime'] = $row['prezime'];
Reference : https://www.w3schools.com/php/func_mysqli_fetch_assoc.asp _
Finally, read more about SQL injection with PDO or MYSQLI.