$_SESSION syntax help needed, should be ok but how do I test?

[knifey]

Hi,
I'm a complete newbie to php (4 weeks) so please excuse my ignorance.
I've created a website in php connected to our access database to service data entry needs (max 4 people). I would now like to add sessions so data entry dosen't get mixed up when submit is pressed by 2 different users accessing the same form.
My question is, is it enough to put my variable into a session as shown below:
$phpVar_P_Title = '';
$phpVar_P_Title = $_SESSION['Title'];
...and then insert the variable into the database table?
Or do I also need to change my sql satements, if statements and html option value php e.g.
if (isset($_SESSION['Title']))
sql = "INSERT INTO tblname (FldTitle) VALUES ('$_SESSION['Title']')";
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="SESSION">
<option value="Mr"<?php if (isset($_SESSION['Title']) && $_SESSION['Title']) == 'Mr') echo "selected"; ?>>Mr</option>
????????

And how do I test that it works in a test (non-live) enviroment where I am the only user?
Any advice or pointers would be much appreciated.
Thanks Knifey

<?php
session_start();
if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')):
header ("Location: indexLOGINPAGE.php");
endif;
$phpVar_P_Title_Mr_status = '';
$phpVar_P_Title_Mrs_status = '';
$phpVar_P_Title = '';
$phpVar_P_Title = $_SESSION['Title'];
if (isset($_POST['Submit_Referral'])):
if (isset($_POST['P_Title'])):
$phpVar_P_Title = check_input($_POST['P_Title']);
if ($phpVar_P_Title == 'Mr'):
$phpVar_P_Title_Mr_status = 'checked';
elseif ($phpVar_P_Title == 'Mrs'):
$phpVar_P_Title_Mrs_status = 'checked'; endif;
else :
$error .= 'Please select a title.\n';
endif;
if($error) :
echo "<script>alert(\"$error\");</script>";
goto endOfScript;
endif;
//add referral to the database
//==========================================
// CONNECT TO THE LOCAL DATABASE and transfer data
//==========================================
sql = "INSERT INTO tblname (FldTitle) VALUES ('$phpVar_P_Title')";
etc.
endif;
endOfScript:
?>
<html>
<table width="800" border="0" cellspacing="0" cellpadding="0">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<br>
<tr>
<td>Title:</td>
<td valign="top" class="td2" >
<select name="P_Title" size="1" >
<option value=""></option>
<option value="Mr"<?php if (isset($_POST['P_Title']) && $phpVar_P_Title == 'Mr') echo "selected"; ?>>Mr</option>
<option value="Mrs"<?php if (isset($_POST['P_Title']) && $phpVar_P_Title == 'Mrs') echo "selected"; ?>>Mrs</option>
</select></td></tr><tr><td colspan="1" align="center">
<input type="submit" name= "Submit_Referral" value="Submit Referral"><input type="reset" value="Reset!"></td>
</tr></form></table></body></html>

 

[jpadie]

first, please always post code within [ignore]

[/ignore] tags. it makes it much easier to read.

this

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')):

does not look quite right to me. perhaps this might be better

if (!empty($_SESSION['login'])):

anyway, to test sessions just do the following

ini_set('display_errors', true);
error_reporting(E_ALL);
if(session_id() == '') session_start();
echo "<pre>Session Data\n" . print_r($_SESSION, true) .'</pre>';

any data that you store in the session store should be shown in the pre block at the top of the screen.

two potential pitfalls for you to watch for:

1. race conditions are prevalent on local servers. they are much less likely to happen on remote servers due to latency. to avoid race conditions, expressly close the session at the end of the script

session_write_close();

2. make sure that the session store is writable by the php/web process. the session store is normally the temp directory unless it has been overridden in php.ini or an htaccess (or equivalent) file.

 

[knifey]

Hi jpadie,
Thanks for the invaluble advice. This looks like exactly what I need to start proper testing.
K
P.S.Sorry about the lack of

tags. I'll remember this for next time.