doubts about the variable session_start()

Asked

Viewed 152 times

0

I put the method session_start() to make the user name appear on the screen when he logs in to the following pages, but I wanted to put his "name" instead of "email" follows the code I did:

Code to validate user input.

<?php 

session_start();

require_once("conexao.php");

$conn = mysqli_connect('localhost', 'root', '') or die ( mysqli_error() );

mysqli_select_db($conn, 'projeto') or die ( mysqli_error() );

$user = $_POST['email'];
$pwd = $_POST['senha'];


$query = mysqli_num_rows(mysqli_query($conn, "SELECT * FROM nutricionista WHERE email = '$user' AND senha ='$pwd'"));

if($query == 1){
    $_SESSION['email'] = $user;
    $_SESSION['senha'] = $pwd;

    header("location: menuNutricionista.php");
} else {
    echo "<script>alert('Dados informados incorretamente!');history.back();</script>";
}

?>

Here is the page HTML where it goes bem-vindo + nome do usuário

<!DOCTYPE html>
<html lang="en-US">
<head>
    <meta charset="UTF-8">
    <title></title>
    <link rel="stylesheet" type="text/css" href="../css/style.css">
    <script type="text/javascript" src="../css/script.js"></script>
    <link href="https://fonts.googleapis.com/css?family=Merriweather" rel="stylesheet">
    <link rel="shortcut icon" href="imagens/favicon.png" />  

    <?php  

    session_start();

    if((!isset ($_SESSION['email']) == true) and (!isset ($_SESSION['senha']) == true))
    {
    unset($_SESSION['email']);
    unset($_SESSION['senha']);
    header('location:index.php');
    }

    $logado = $_SESSION['email'];
    ?>

</head>
<body>
    <img id="emblema" src="../imagens/emblema.png">

    <div class="div-logado">
        <?php echo"Bem-vindo </br>$logado "; ?>
    </div>

2 answers

1

Ignoring all the problems, that there are at least four, you should do a new query to get this information, assuming you have the information of nome saved in some database column, related to e-mail.

<?php  

session_start();

// Se não houver as informações você encerra a página e redireciona
if(!isset($_SESSION['email'], $_SESSION['senha'])) {
     unset($_SESSION['email'], $_SESSION['senha']);
     session_destroy();

     header('Location: index.php');
     exit();
}

$email = $_SESSION['email'];

// Havendo a sessão você busca o nome
$stmt = mysqli_prepare($conn, 'SELECT nome FROM nutricionista WHERE email = ?');
mysqli_stmt_bind_param($stmt, "s", $email);
mysqli_stmt_execute($stmt);

mysqli_stmt_bind_result($stmt, $logado);
mysqli_stmt_fetch($stmt);

?>

This has the same principle as on the other page, on the first. We selected the nome (assuming this is the name of the Mysql column) where the email same as the session, we set the email in mysqli_stmt_bind_param for it to be the value of the first ? of our query.

Then the result in the name will be set in $logado, as indicated in mysqli_stmt_bind_result.

So to display you use:

<div class="div-logado">
    Bem vindo <br>
    <?= htmlentities($logado, ENT_QUOTES | ENT_HTML5, 'UTF-8'); ?>
</div>

In the method of "security go with god", you can also use:

$result = mysqli_query($conn, 'SELECT nome FROM nutricionista WHERE email = "'. $_SESSION['email'] .'"');

list($logado) = mysqli_fetch_row($result);

Which is exactly the same as what you did on the front page.

1


Well if it’s not to mess with your code a lot, I think you’ll just need to create a new query that brings you an array.

Do:

$query2 = mysqli_fetch_array(mysqli_query($conn, "SELECT * FROM nutricionista WHERE email = '$user' AND senha ='$pwd'"));

Then set the user array in SESSION. Example:

$_SESSION['nome'] = $nome

Of course, provided that in your Database there is already a "name" column. Replace with the correct name that is in your table.

On your HTML page you can replace the line that defines the logged in user with: $logged in = $_SESSION['name'];

And in the call to show the user name can use the same logged in $.

I can’t remember if the mysqli call is correct, if it doesn’t work out let me know I rewrite it here again.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.