Getting PHP Sess Vars out of MySQL DB

Anon

I have set up a MySQL DB to store PHP session data by changing my php.ini session_set_save_handler to user and creating a PHP script defining the required functions - everything is working pretty well - a session will start and write to the db however I have a problem with retrieving session variables - basically on session start I define a variable which I can see gets written to my db, however it is written in the style of php session data e.g
rather than

valid_user="tonyblair"

the entry in the DB is

valid_user|s:9:"tonyblair";

when I go to a new page it can start a session and retrieves the session id (SID) that was created on the previous page - however I cannot access the session variable wither with $valid_user or $HTTP_SESSION_VAR['valid_user'].

Is this because my db is returning the session variable value complete with the extra characters - how can I fix this???

crislewis

To answer your question we will need to see the write and read handlers you have written.

Cheers,

Cris

Anon

Ok here it is - is based on tutorial Ying200000602. . . this is doing my head in now! . . .

<?
$SESS_DBHOST = "localhost"; / database server hostname /
$SESS_DBNAME = "reykart"; / database name /
$SESS_DBUSER = "reykart"; / database user /
$SESS_DBPASS = "tracyanne1"; / database password /

$SESS_DBH = "";
$SESS_LIFE = get_cfg_var("session.gc_maxlifetime");

function sess_open($session_save_path, $session_name) {
global $SESS_DBHOST, $SESS_DBNAME, $SESS_DBUSER, $SESS_DBPASS, $SESS_DBH;

if (! $SESS_DBH = mysql_pconnect($SESS_DBHOST, $SESS_DBUSER, $SESS_DBPASS)) {
	echo "<li>Can't connect to $SESS_DBHOST as $SESS_DBUSER";
	echo "<li>MySQL Error: ", mysql_error();
	die;
}

if (! mysql_select_db($SESS_DBNAME, $SESS_DBH)) {
	echo "<li>Unable to select database $SESS_DBNAME";
	die;
}

return true;

}

function sess_close() {
return true;
}

function sess_read($key) {
global $SESS_DBH, $SESS_LIFE;

$result = "SELECT value FROM sessions WHERE sesskey = '$key' AND expiry > " . time();

}

function sess_write($key, $val) {
global $SESS_DBH, $SESS_LIFE;

$expiry = time() + $SESS_LIFE;
$value = addslashes($val);

$qry = "insert into sessions values ('$key', '$expiry', '$value')";
$qid = mysql_query($qry, $SESS_DBH);

if (! $qid) {
	$qry = "UPDATE sessions SET expiry = $expiry, value = '$value' WHERE sesskey = '$key' AND expiry > " . time();
	$qid = mysql_query($qry, $SESS_DBH);
}

return $qid;

}

function sess_destroy($key) {
global $SESS_DBH;

$qry = "delete from sessions WHERE sesskey = '$key'";
$qid = mysql_query($qry, $SESS_DBH);

return $qid;

}

function sess_gc($maxlifetime) {
global $SESS_DBH;

$qry = "delete from sessions WHERE expiry < " . time();
$qid = mysql_query($qry, $SESS_DBH);

return mysql_affected_rows($SESS_DBH);

}

session_set_save_handler(
"sess_open",
"sess_close",
"sess_read",
"sess_write",
"sess_destroy",
"sess_gc");

crislewis

Hmmm, does your sess_read function actually return anything?

Cheers,

Cris

Anon

well - I can only imagine it does kind of work because. . .

when I start the session I register a session varaible and use:

session_register("var_name");
if(!session_is_registered("var_name")){
echo "session variable $var_name"
}
else {
echo "session var not registered";
}
and it works fine and echo's back that it has registered the variable and indeed it soes put it the db

my database records the value of var_name in the value column in a form kinda like var_name😐5:"hello"
when I go to open a new page in my browser and use session_start() it starts a session succesfully - if I get that page to echo it's SID i can manually go look in my DB and see that the session has the same SID as was entered into the DB by the previous script.
I can write a script on the second page to manally echo the value of the value column where sesskey=SID and get the appropriate value of my session variable I just registered echoed onto to screen but still in the form var_name😐5:"hello as opposed to var_name="hello"
If make a new script that tries to start a session without including my file with all the funcitons in it can't do it - so my functions must work enought ot start a session right?

I am at a real loss now so would REALLY appreciate your help here. . .so just for your info -

I am running PHP 4.1.1 on Mac OS X 10.1.2. with MySQL 3.23.47 (build from from Marc Liyanage)

my questions are as follows -

Should I have to change anything else in my php.ini apart from session_set_save_handler to user to get this work? i.e. are any of the other session parameters applicable - would register globals, track_vars, magic quotes, add slashes or any of those other php type things I've heard of but don't truly understand being such a newbie make any difference?
Is there something wrong with my function? have you got a working version I could try?

thanks alot for yout time.

crislewis

function sess_read($key) {
global $SESS_DBH, $SESS_LIFE;

$result = "SELECT value FROM sessions WHERE sesskey = '$key' AND expiry > " . time();

}

There is no return value. How does the session handler get the data you have got from the database. There are only 3 values the calling routine can see from this function: $key (argument), $SESS_DBH, $SESS_LIFE are both globals but not acutally referred to or set by this routine. How does the session handler see the query row data merely hinted at by $result which it can't see because of its local scope.

This is the example from the PHP manual which uses a file to store session data but the important thing is that the session data retrieved is 'returned' to the calling routine:

function read ($id) {
global $sess_save_path, $sess_session_name;

$sess_file = "$sess_save_path/sess_$id";
if ($fp = @fopen($sess_file, "r")) {
$sess_data = fread($fp, filesize($sess_file));
return($sess_data); <<<<<<<<<<<<<
} else {
return(""); // Must return "" here.
}

}

Cheers,

Cris

Anon

You are absolutely right of course, the function was returning nothing. I am very new to this and my head is beginning to hurt, perphaps if you have time you could quickly glance over this - the original script I downloaded to see if you can work out why it gives me an error with the sess_read function. . .

Warning: Supplied argument is not a valid MySQL result resource in /Users/mysql/Sites/session_mysql.php on line 85

<?
/ ------------------------------------------------------------------------
session_mysql.php
------------------------------------------------------------------------
PHP4 MySQL Session Handler
Version 1.00
by Ying Zhang (ying@zippydesign.com)
Last Modified: May 21 2000

------------------------------------------------------------------------
TERMS OF USAGE:
------------------------------------------------------------------------
You are free to use this library in any way you want, no warranties are
expressed or implied. This works for me, but I don't guarantee that it
works for you, USE AT YOUR OWN RISK.

While not required to do so, I would appreciate it if you would retain
this header information. If you make any modifications or improvements,
please send them via email to Ying Zhang <ying@zippydesign.com>.

------------------------------------------------------------------------
DESCRIPTION:
------------------------------------------------------------------------
This library tells the PHP4 session handler to write to a MySQL database
instead of creating individual files for each session.

Create a new database in MySQL called "sessions" like so:

CREATE TABLE sessions (
sesskey char(32) not null,
expiry int(11) unsigned not null,
value text not null,
PRIMARY KEY (sesskey)
);

------------------------------------------------------------------------
INSTALLATION:
------------------------------------------------------------------------
Make sure you have MySQL support compiled into PHP4. Then copy this
script to a directory that is accessible by the rest of your PHP
scripts.

------------------------------------------------------------------------
USAGE:
------------------------------------------------------------------------
Include this file in your scripts before you call session_start(), you
don't have to do anything special after that.
*/

$SESS_DBHOST = "localhost"; / database server hostname /
$SESS_DBNAME = "sessions"; / database name /
$SESS_DBUSER = "phpsession"; / database user /
$SESS_DBPASS = "phpsession"; / database password /

$SESS_DBH = "";
$SESS_LIFE = get_cfg_var("session.gc_maxlifetime");

function sess_open($save_path, $session_name) {
global $SESS_DBHOST, $SESS_DBNAME, $SESS_DBUSER, $SESS_DBPASS, $SESS_DBH;

if (! $SESS_DBH = mysql_pconnect($SESS_DBHOST, $SESS_DBUSER, $SESS_DBPASS)) {
	echo "<li>Can't connect to $SESS_DBHOST as $SESS_DBUSER";
	echo "<li>MySQL Error: ", mysql_error();
	die;
}

if (! mysql_select_db($SESS_DBNAME, $SESS_DBH)) {
	echo "<li>Unable to select database $SESS_DBNAME";
	die;
}

return true;

}

function sess_close() {
return true;
}

function sess_read($key) {
global $SESS_DBH, $SESS_LIFE;

$qry = "SELECT value FROM sessions WHERE sesskey = '$key' AND expiry > " . time();
$qid = mysql_query($qry, $SESS_DBH);

if (list($value) = mysql_fetch_row($qid)) {
	return $value;
}

return false;

}

function sess_write($key, $val) {
global $SESS_DBH, $SESS_LIFE;

$expiry = time() + $SESS_LIFE;
$value = addslashes($val);

$qry = "INSERT INTO sessions VALUES ('$key', $expiry, '$value')";
$qid = mysql_query($qry, $SESS_DBH);

if (! $qid) {
	$qry = "UPDATE sessions SET expiry = $expiry, value = '$value' WHERE sesskey = '$key' AND expiry > " . time();
	$qid = mysql_query($qry, $SESS_DBH);
}

return $qid;

}

function sess_destroy($key) {
global $SESS_DBH;

$qry = "DELETE FROM sessions WHERE sesskey = '$key'";
$qid = mysql_query($qry, $SESS_DBH);

return $qid;

}

function sess_gc($maxlifetime) {
global $SESS_DBH;

$qry = "DELETE FROM sessions WHERE expiry < " . time();
$qid = mysql_query($qry, $SESS_DBH);

return mysql_affected_rows($SESS_DBH);

}

session_set_save_handler(
"sess_open",
"sess_close",
"sess_read",
"sess_write",
"sess_destroy",
"sess_gc");
?>

thank you thank you thank you.

crislewis

$qry = "SELECT value FROM sessions WHERE sesskey = '$key' AND expiry > " . time();
$qid = mysql_query($qry, $SESS_DBH);

if (list($value) = mysql_fetch_row($qid)) {
return $value;
}

return false;
}

the query is creating an error in mysql and hence the result id ($qid) is not set.

Put some error reporting in to show you the query string and give you detials of the mysql error.

Cheers,

Cris