[英]Storing Session Data in Database on Shared Host
I'm having a hard time figuring this one out. 我很难弄清楚这一点。 Keep in mind that I'm relatively new to PHP, so I hope someone can help me out. 请记住,我是PHP的新手,所以希望有人能帮助我。
I'm trying to store session data for my website into a table sessions
on my database. 我正在尝试将网站的会话数据存储到数据库中的表sessions
。 I'm doing this for security reasons since my website is hosted on a shared server. 出于安全原因,我这样做是因为我的网站托管在共享服务器上。
I found this script and I modified it to use mysqli. 我找到了此脚本,并对其进行了修改以使用mysqli。 This is my session.php file which is called by every page: 这是我的session.php文件,每个页面都会调用它:
<?php
session_start();
session_set_save_handler('_open', '_close', '_read', '_write', '_destroy', '_clean');
require("constants.php");
function _open() {
global $_sess_db;
$_sess_db = mysqli_connect(DB_SERVER,DB_USER,DB_PASS,DB_NAME);
return FALSE;
}
function _close() {
global $_sess_db;
return mysqli_close($_sess_db);
}
function _read($id) {
global $_sess_db;
$id = mysqli_real_escape_string($_sess_db, $id);
$sql = "SELECT data FROM sessions WHERE id = '{$id}'";
if ($result = mysqli_query($_sess_db, $sql)) {
if (mysqli_num_rows($result)) {
$record = mysqli_fetch_assoc($result);
return $record['data'];
}
}
return '';
}
function _write($id, $data) {
global $_sess_db;
$access = time();
$id = mysqli_real_escape_string($_sess_db, $id);
$access = mysqli_real_escape_string($_sess_db, $access);
$data = mysqli_real_escape_string($_sess_db, $data);
$sql = "REPLACE INTO sessions (id, access, data) VALUES ('{$id}', '{$access}', '{$data}')";
return mysqli_query($_sess_db, $sql);
}
function _destroy($id) {
global $_sess_db;
$id = mysqli_real_escape_string($_sess_db, $id);
$sql = "DELETE * FROM sessions WHERE id = '{$id}'";
return mysqli_query($_sess_db, $sql);
}
function _clean($max) {
global $_sess_db;
$old = time() - $max;
$old = mysqli_real_escape_string($_sess_db, $old);
$sql = "DELETE * FROM sessions WHERE access < '{$old}'";
return mysqli_query($_sess_db, $sql);
}
This is not working. 这是行不通的。 The session is not being written to the sessions table. 会话未写入会话表。 Can anyone help me to see why? 谁能帮我看看为什么? Thank you in advance! 先感谢您!
I changed the top part to this: 我将顶部更改为:
<?php
session_set_save_handler('_open', '_close', '_read', '_write', '_destroy', '_clean');
session_start();
function _open() {
global $_sess_db;
require("constants.php");
$_sess_db = mysqli_connect(DB_SERVER,DB_USER,DB_PASS,DB_NAME);
return FALSE;
}
Because I read that session_set_save_handler()
needs to be called before session_start()
, but now it says $_sess_db
is null on all my mysqli_query
statements. 因为我读了session_set_save_handler()
需要之前调用session_start()
但现在它说$_sess_db
是我所有的空mysqli_query
语句。
Rather than going over this and correcting all of the issues I'm opting to post code from: http://php.net/session_set_save_handler it contains the proper setup for working with the session data. 与其仔细研究并纠正我选择从以下位置发布代码的所有问题,不如它包含用于处理会话数据的正确设置。http : //php.net/session_set_save_handler It was posted by: stalker at ruun dot de Updated to use mysqli 它发布者:ruun dot de的stalker更新为使用mysqli
<?php
/*
Requires:
CREATE TABLE `ws_sessions` (
`session_id` varchar(255) binary NOT NULL default '',
`session_expires` int(10) unsigned NOT NULL default '0',
`session_data` text,
PRIMARY KEY (`session_id`)
);
*/
error_reporting( E_ALL );
class session {
// session-lifetime
var $lifeTime;
// mysqli-handle
var $dbHandle;
function open($savePath, $sessName) {
echo "Called session->open(savepath, sessname)<br>";
// get session-lifetime
$this->lifeTime = get_cfg_var("session.gc_maxlifetime");
// open database-connection
$dbHandle = mysqli_connect("localhost", "yourusername", "yourpassword", "yourdb");
// return success
if(!$dbHandle)
return false;
$this->dbHandle = $dbHandle;
echo "Connected to DB<br>";
return true;
}
function close() {
echo "Called Close()<br>";
$this->gc(ini_get('session.gc_maxlifetime'));
// close database-connection
return mysqli_close($this->dbHandle);
}
function read($sessID) {
echo "Called session->read(sessID)<br>";
$time = time();
// fetch session-data
$query = "SELECT session_data AS d FROM ws_sessions
WHERE session_id = '$sessID'
AND session_expires > $time";
$result = mysqli_query($this->dbHandle, $query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
// return data or an empty string at failure
if($row = mysqli_fetch_assoc($result)) {
return $row['d'];
} else {
return false;
}
}
function write($sessID,$sessData) {
echo "Called session->write(sessID, sessData)<br>";
// new session-expire-time
$newExp = time() + $this->lifeTime;
// is a session with this id in the database?
$query = "SELECT * FROM ws_sessions
WHERE session_id = '$sessID'";
$result = mysqli_query($this->dbHandle, $query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
// if yes,
if(mysqli_num_rows($result)) {
// ...update session-data
$query = "UPDATE ws_sessions
SET session_expires = '$newExp',
session_data = '$sessData'
WHERE session_id = '$sessID'";
$result = mysqli_query($this->dbHandle,$query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
// if something happened, return true
if(mysqli_affected_rows($this->dbHandle))
return true;
}
// if no session-data was found,
else {
// create a new row
$query = "INSERT INTO ws_sessions (
session_id,
session_expires,
session_data)
VALUES(
'$sessID',
'$newExp',
'$sessData')";
$result = mysqli_query($this->dbHandle,$query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
// if row was created, return true
if(mysqli_affected_rows($this->dbHandle))
return true;
}
// an unknown error occured
return false;
}
function destroy($sessID) {
echo "Called session->destroy(sessID)<br>";
// delete session-data
$query = "DELETE FROM ws_sessions WHERE session_id = '$sessID'";
$result = mysqli_query($this->dbHandle,$query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
// if session was deleted, return true,
if(mysqli_affected_rows($this->dbHandle))
return true;
// ...else return false
return false;
}
function gc($sessMaxLifeTime) {
echo "Called session->gc(sessMaxLifeTime)<br>";
// delete old sessions
$time = time();
$query = "DELETE FROM ws_sessions WHERE session_expires < $time";
$result = mysqli_query($this->dbHandle,$query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
// return affected rows
return mysqli_affected_rows($this->dbHandle);
}
}
$session = new session();
session_set_save_handler(array(&$session,"open"),
array(&$session,"close"),
array(&$session,"read"),
array(&$session,"write"),
array(&$session,"destroy"),
array(&$session,"gc"));
// the following prevents unexpected effects when using objects as save handlers
register_shutdown_function('session_write_close');
session_start();
echo "<pre>";
echo "Testing Session: <br>";
$_SESSION['views'] = 1;
echo "Session views = ". $_SESSION['views'] . "<br>";
echo "Writing Session<br>";
$session->write(session_id(), $_SESSION['views']);
echo "</pre>";
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.