Sessions

Sessions are similar to Cookies in many respects

Used to track user activity and personalise interactions
However:
Cookies are becoming unreliable
They store information on client without permission
Modern browser privacy/security settings can block
cookies
PHP Session variables store data on the server
Connected to clients browser via the server and a Session ID
Almost flawless in operation and invisible to the user

2
Sessions
Setting Session variables is simple
Imagine we have received $name via a HTML form
We can store this information for use in other pages
It is essential that if we are using sessions, the first
thing we do is call:
session_start()
<?php
session_start();
extract($_POST);
$_SESSION[‘name’] = $name;
?>
3
 Sessions
Now, on another page we can see if a session exists
If one does then we can welcome the visitor
<?php
session_start();
if($_SESSION[‘name’]){
print “Hi”.$_SESSION[‘name’].“. A session is
registered”;
}else{
print “There is no session registered…”;
}
?>
• The condition for the ‘if’ statement is true if the session
variable name exists.
• If it isn’t then we can take another course of action.
4
Sessions
Sessions end when a user closes a browser.
We can also terminate sessions to facilitate a logout
by a user.
Note that even though we are destroying this session,
we still have to call session_start() first.

<?php
session_start();
session_destroy();
?>

5
 Redirecting a Browser
We can use the header() function to redirect a browser to a

different page.
For example, to redirect a browser to a page called login.php

we would use

header('Location: login.php');
This function is useful for returning a user to a login page if e.g.

they have entered an incorrect password, or an appropriate

session or cookie is not set

6
 Architecture
Request Page Read File
Web Browser Web Server Page with
PHP
Send code
HTML page
Pass PHP page
and server variables
Generate
HTML (GET
page attributes, Server settings, etc.)

PHP
Interpreter
Interact with MySQL
Database
 MySQL
Limittations of MySQL

Does not support transactions. Cancelling groups of actions

should be implemented by the developer.

Does not support referential integrity. Needs to be done

programmatically
Does not support nested selections. There are ways to overcome

this but they are not very efficient.

But in general it’s a reliable database. 
MySQL management
The tool that you would mostly use is MySQLAdmin. A

Web frond end for database management.

You would use it for setting up databases, creating database

users.
During development, you would use it for testing queries

before importing them into your code.

You would use it for debugging the results of your

application (did the insert command work alright?)

MySQL Interaction
The interaction with MySQL server

consists of the following steps:

Connect to MySQL server.
 This requires a username and a password.

Select the active database.

Perform SQL queries and retrieve results.

PHP Support for MySQL
Connection

$link = mysql_connect(“localhost”, “dbuser”, “dbpass”);

If ($link == false)
die(“Could not connect: “. mysql_error());
 Database selection

$link = mysql_select_db(“myDatabase”, $link);

If ($link == false)
die(“Could not select database: “.
mysql_error());
PHP Support for MySQL
 Perform a query

$query = “INSERT INTO contacts (name, email) VALUES

(‘Chris’, ‘[email protected]’)”;
$res = mysql_query($query, $link);
If ($res == false)
echo “Could not perform insert: “. mysql_error();
else {
$userID = mysql_insert_id($link);
echo “New user id: $userID”;
}
MySQL retrieving results
$query = “SELECT * FROM contacts”;
$res = mysql_query($query, $link);

while ($record = mysql_fetch_assoc($res))

{
echo “Name: “.$record[‘name’].”, email: “.
$record[‘email’].”<br/>”;
}
mysql_free_results($res);
 MySQL retrieving results
 There are a number of ways for retrieving the results of
a query. The most commonly used are:
 mysql_fetch_assoc(): returns an associative array
where the keys are the record field names.
 mysql_fetch_object(): returns a record as an object.
There are object attributes for each record field.
MySQL & PHP: Things to remember
Usually you would get the data that you put in your

database from the user. Make sure that the data will
not break your SQL queries.
mysql_real_escape_string(): a useful function for

escaping characters before using a string in an

SQL query.
Suggested reading
Online Php Manual
http://www.php.net/manual/en/index.php
Online MySQL Manual
http://dev.mysql.com/doc/
AJAX Rich Internet Applications and Web Development
for Programmers: Chapter 18 and 19.