Session variables problem: one works but another doesn't

sunshine66

I am having a problem with calling certain Session variables.
In the original session, I create session variables as follows:

// start session
session_start(); 
$_SESSION['User'] = $User;
$_SESSION['FirstName'] = $FirstName;
$_SESSION['LastName'] = $LastName;
$_SESSION['CompanyID'] = $CoID;

On another page, using the $CoID variable in a PRINT or QUERY command, results in nothing. No CoID value is returned on the print command, and the query has no results.

I can, however, PRINT the $FirstName and $LastName.
This is very annoying!!!!

echo( "$FirstName $LastName <br>is currently logged in." )

   Print "Company ID: $CoID<br>";	
   $query = "SELECT * FROM companyProfile WHERE CompanyID=$CoID";
    $result = mysql_query($query);	
    $row = mysql_fetch_array($result);

I was able to make it work with this query:

    $query = "SELECT * FROM userProfiles,companyProfile WHERE userProfiles.CompanyID=companyProfile.CompanyID";
    $result = mysql_query($query);	
    $row = mysql_fetch_array($result);

 //Get Company ID & User ID values
     if($row) {
	$CoID = $row["CompanyID"];
	$id = $row["ProfileID"];
	}
   Print "Company ID: $CoID<br>";	
   Print "User ID: $id<br>";

I'm very confused by this. Can someone tell me what the problem is?

BSTRhino

Hi,

I think I've found your problem.

session_start();  

$_SESSION['User'] = $User; 
$_SESSION['FirstName'] = $FirstName; 
$_SESSION['LastName'] = $LastName; 
$_SESSION['CompanyID'] = $CoID;

What this means is you have saved the value of $CoID in $_SESSION['CompanyID']

So, when you return on the next page, to retrieve the value again, do this:

$CoID = $_SESSION['CompanyID']

The reason that has to be done is only the things in $_SESSION get saved between pages, so $CoID will get lost. Your value was stored, just under a different name.

I hope this is helpful to you.

sunshine66

Hmmm. That makes sense. However, I added this to my code and it still isn't working.

Let me start from the beginning.

A user logs into an extra from the public Web site.

<form name="login" action="login.php" method="post"> 
<table bgcolor="#CC9900" border="0" width="95%" cellspacing="0" cellpadding="0" align="center"> 
<tr><td class="menu" align="left" valign="middle" colspan="2" bgcolor="#CC9900">ECBP 
CLIENTS </td></tr> <tr><td class="login" align="right" valign="middle">ID:</td><td valign="middle"><input type="text" name="UserName" size="10" maxlength="100"></td></tr> 
<tr><td class="login" align="right" valign="middle">PW:</td><td valign="middle"><input type="password" name="UserPassword" size="10" maxlength="25"></td></tr> 
<tr><td align="right" valign="middle">&nbsp;</td><td valign="middle"><input type="submit" name="submit" value="Login"></td></tr> 
<tr><td colspan="2" align="center"> <div id="menu"><a href="login_help.php"><span class="login">Need 
Help?</span></a></div></td></tr> </table></form>

The login.php processes authenticates the user, and if found, redirects user to extranet:

//connect to Db
/* Pretend connection code is here */

//lookup record: select the userProfile that matches user name and password 	
$sql= "SELECT * FROM userProfiles WHERE UserName='$UserName' AND UserPassword='$UserPassword'";
$result = mysql_query($sql) or die("Error in query result");
$row = mysql_fetch_array($result);

if($row) {
	//Get values for User 
	$type = $row["LoginType"];
	$User = $row["UserName"];
	$FirstName = $row["FirstName"];
	$LastName = $row["LastName"];
	$id = $row["ProfileID"];
	$CoID = $row["CompanyID"];
	$val="YES";

            // start session

            session_start(); 
            $_SESSION['User'] = $User;
            $_SESSION['FirstName'] = $FirstName;
            $_SESSION['LastName'] = $LastName;
            $_SESSION['CompanyID'] = $CoID;
            $_SESSION['valid_log'] = array($_SERVER['REMOTE_ADDR'], $User);

if($type=="Customer") 
{
//redirect to customer extranet
  echo '<META HTTP-EQUIV="Refresh" Content="1; URL=customer/portal.php">';
  exit;
 } 	 
} 

else {	
  echo '<META HTTP-EQUIV="Refresh" Content="1; URL=login_error.html">';  

  mysql_free_result($result);
  exit;
}

All pages in the extranet check to make sure the requestor is a logged-in user and if so, states "Firstname Lastname is logged in"

session_start();
if ($_SESSION['valid_log'][0] != $_SERVER['REMOTE_ADDR'] || 
$_SESSION['valid_log'][1] != $_SESSION['User'])
{
	//redirect to error page
	echo '<META HTTP-EQUIV="Refresh" Content="1; URL=/error_access.html">';
	exit();
}

echo( "$FirstName $LastName <br>is currently logged in." );

Each page has different actions the user can take, such as modifying their company profile, adding employee profiles, printing forms for their employees. I can get the CompanyID by querying the database as follows:

$query = "SELECT * FROM userProfiles,companyProfile WHERE userProfiles.CompanyID=companyProfile.CompanyID"; 
    $result = mysql_query($query);     

    $row = mysql_fetch_array($result); 

 //Get Company ID & User ID values 
     if($row) { 
    $CoID = $row["CompanyID"]; 
    $id = $row["ProfileID"]; 
    } 
    Print "Company ID: $CoID<br>";

But when I try to use the session method, I don't get any result!

   $_SESSION['CompanyID'] = $CoID;
    $query = "SELECT * FROM companyProfile WHERE CompanyID=$CoID";
    $result = mysql_query($query);	
    $row = mysql_fetch_array($result);
    Print "Company ID: $CoID<br>";