• # August 24, 2012 at 9:57 am

    I’m trying to use the variable $username in my index.php (I want to echo out Logged in as ‘$username’).
    I set the variable $username and register a session in my checklogin.php, but I cant seem to use it when I’m in my index.php.

    I am probably doing something wrong here, but I can’t see what, I need your help finding a solution to this problem :)

    Code from index.php

    < !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">

    Webb B

    and checklogin.php

    < ? ob_start(); ?>

    < !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">

    Webb B

    < ?php

    require_once "scripts/login.php";

    // error_reporting(E_ALL); ini_set('display_errors', 'On');

    $username = $_POST;
    $password = $_POST;

    // $username = stripslashes($username);
    // $password = stripslashes($password);
    // $username = mysql_real_escape_string($username);
    // $password = mysql_real_escape_string($password);

    $sqlCommand = "SELECT * FROM members WHERE membername='$username' AND memberpassword='$password'";
    $query = mysqli_query($myConnection, $sqlCommand) or die (mysqli_error());
    $num_rows = mysqli_num_rows($query);
    if ($num_rows == 1) {
    header("location: index.php");
    else {
    echo 'Fel! Försök igen!';


    < ? ob_flush(); ?>

    Can anyone explain to me why I can’t use the variable $username?

    # August 24, 2012 at 11:27 pm

    This reply has been reported for inappropriate content.

    Your session is not being started in index.php. You must start sessions (and do anything else that involves sending headers) before you start output to the browser. By starting your page with plain HTML, you have no chance at using $_SESSION.

    Output buffering (as used in your checklogin.php), imo, is not a solution for this problem. Yes, it works, but it’s hacky and fragile. OB has its uses, but this is an issue with a much cleaner solution:

    When writing PHP scripts, put all of the PHP code _first_.
    Put all output (HTML, echo, print etc.) _last_.
    Much cleaner, more flexible, all problems related to body vs. http headers solved. Example:

    $username = $_SESSION;
    $output = "Welcome back, $username!";
    /* other code */
    // BTW, "$username = $_SESSION" is bad also.
    // what if $_SESSION doesn't exist yet?
    // you get no output, no error handling.
    // you get a warning (which may not be displayed)
    // ...and opportunity for /actual/ problems later in your script.
    // check that the variable is set/ not empty first. maybe:
    $username = empty( $_SESSION )?


    During development, you should adjust PHP’s error settings to show warnings and errors.

    error_reporting( -1 );

    This way, PHP can give you clues as to what’s going wrong (in this case, you are getting warnings like “Cannot send session cache limiter – headers already sent” and “Undefined index: username (referring to $_SESSION)“).

    Turn error reporting back off when your site is ready to go public, of course.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.