session variables not staying registered

[deleted]

or at least I think this is the problem.

Here's my code:

<?php
exit;
}
$email = mysql_escape_string($POST['email']);
$pwd = mysql_escape_string($POST['pwd']);

session_register("email");
session_register("pwd");

dbConnect("dbname");
$sql = "SELECT * FROM tblUsers WHERE
email = '$email' AND password = PASSWORD('$pwd') and fk_StatusID >0";
$result = mysql_query($sql) or die ("Error in query: $sql. " . mysql_error());
//if (!$result) {
//error("A database error occurred while checking your ".
// "login details.\nIf this error persists, please ".
// "contact .");
//}

if (mysql_num_rows($result) == 0) {
session_unregister("email");
session_unregister("pwd");
?>

I can login in without any errors. All of my pages have a file called login4.php included for access control. When I click on a link I am prompted to login again. I login and I kicked back to the main page that opens after I first login.

I have had no problems with any of this code until I switched hosts. The new host supports PHP 4.2.2 and has sessions enabled. I'm not sure what I need to change.

Any advice?

onlinegs

Your new host may have register globals off, if so you will need to pull the vars back out of the session. Alla, this script should do it:

$email = $_SESSION[email];
$pwd = $_SESSION[pwd];

Then the $email and the $pwd varaibles should contain whatever was in those session variables. If you like you can just use the session variables like they are, but your code looks cleaner if you pull them out like that.

[deleted]

I used the phpinfo() function and discovered that register_globals is on.

I tried using
$email = $SESSION[email];
$pwd = $SESSION[pwd];

both in the login4.php script and on the a page I was trying to access with the session, but neither worked. With the variables on the page I tried to access (a page access after logging in) I kept getting prompted for my username and password.

suntra

If you use $_SESSION["variable_name"], you must NOT use session_register().

Also, be sure that the PHPSESSID id passed from page to page...