堆栈内存溢出
  简体   繁体   English

在共享主机上的数据库中存储会话数据

[英]Storing Session Data in Database on Shared Host

 原文  2014-05-01 01:40:32       php/ session

问题描述

I'm having a hard time figuring this one out. 我很难弄清楚这一点。 Keep in mind that I'm relatively new to PHP, so I hope someone can help me out. 请记住,我是PHP的新手,所以希望有人能帮助我。

I'm trying to store session data for my website into a table sessions on my database. 我正在尝试将网站的会话数据存储到数据库中的表sessions I'm doing this for security reasons since my website is hosted on a shared server. 出于安全原因,我这样做是因为我的网站托管在共享服务器上。

I found this script and I modified it to use mysqli. 我找到了此脚本,并对其进行了修改以使用mysqli。 This is my session.php file which is called by every page: 这是我的session.php文件,每个页面都会调用它: 

<?php

session_start();

session_set_save_handler('_open', '_close', '_read', '_write', '_destroy', '_clean');

require("constants.php");

function _open() {
    global $_sess_db;

    $_sess_db = mysqli_connect(DB_SERVER,DB_USER,DB_PASS,DB_NAME);

    return FALSE;
}

function _close() {
    global $_sess_db;
    return mysqli_close($_sess_db);
}

function _read($id) {
    global $_sess_db;

    $id = mysqli_real_escape_string($_sess_db, $id);

    $sql = "SELECT data FROM sessions WHERE id = '{$id}'";

    if ($result = mysqli_query($_sess_db, $sql)) {
        if (mysqli_num_rows($result)) {
            $record = mysqli_fetch_assoc($result);
            return $record['data'];
        }
    }

    return '';
}

function _write($id, $data) {   
    global $_sess_db;

    $access = time();

    $id = mysqli_real_escape_string($_sess_db, $id);
    $access = mysqli_real_escape_string($_sess_db, $access);
    $data = mysqli_real_escape_string($_sess_db, $data);

    $sql = "REPLACE INTO sessions (id, access, data) VALUES ('{$id}', '{$access}', '{$data}')";

    return mysqli_query($_sess_db, $sql);
}

function _destroy($id) {
    global $_sess_db;

    $id = mysqli_real_escape_string($_sess_db, $id);

    $sql = "DELETE * FROM sessions WHERE id = '{$id}'";

    return mysqli_query($_sess_db, $sql);
}

function _clean($max) {
    global $_sess_db;

    $old = time() - $max;
    $old = mysqli_real_escape_string($_sess_db, $old);

    $sql = "DELETE * FROM sessions WHERE access < '{$old}'";

    return mysqli_query($_sess_db, $sql);
}

This is not working. 这是行不通的。 The session is not being written to the sessions table. 会话未写入会话表。 Can anyone help me to see why? 谁能帮我看看为什么? Thank you in advance! 先感谢您!

I changed the top part to this: 我将顶部更改为: 

<?php

session_set_save_handler('_open', '_close', '_read', '_write', '_destroy', '_clean');
session_start();

function _open() {
    global $_sess_db;
    require("constants.php");
    $_sess_db = mysqli_connect(DB_SERVER,DB_USER,DB_PASS,DB_NAME);

    return FALSE;
}

Because I read that session_set_save_handler() needs to be called before session_start() , but now it says $_sess_db is null on all my mysqli_query statements. 因为我读了session_set_save_handler()需要之前调用session_start()但现在它说$_sess_db是我所有的空mysqli_query语句。

1 个解决方案

解决方案1
 0 已采纳  2014-05-01 04:35:22

Rather than going over this and correcting all of the issues I'm opting to post code from: http://php.net/session_set_save_handler it contains the proper setup for working with the session data. 与其仔细研究并纠正我选择从以下位置发布代码的所有问题,不如它包含用于处理会话数据的正确设置。http : //php.net/session_set_save_handler It was posted by: stalker at ruun dot de Updated to use mysqli 它发布者:ruun dot de的stalker更新为使用mysqli 

<?php 

/*
Requires:
CREATE TABLE `ws_sessions` ( 
  `session_id` varchar(255) binary NOT NULL default '', 
  `session_expires` int(10) unsigned NOT NULL default '0', 
  `session_data` text, 
  PRIMARY KEY  (`session_id`) 
);

*/

error_reporting( E_ALL );

class session { 
    // session-lifetime 
    var $lifeTime; 
    // mysqli-handle 
    var $dbHandle;

    function open($savePath, $sessName) { 
        echo "Called session->open(savepath, sessname)<br>";
       // get session-lifetime 
       $this->lifeTime = get_cfg_var("session.gc_maxlifetime"); 
       // open database-connection 
       $dbHandle = mysqli_connect("localhost", "yourusername", "yourpassword", "yourdb");
       // return success 
       if(!$dbHandle) 
           return false; 
       $this->dbHandle = $dbHandle;
       echo "Connected to DB<br>";
       return true; 
    } 
    function close() { 
        echo "Called Close()<br>";
        $this->gc(ini_get('session.gc_maxlifetime')); 
        // close database-connection 
        return mysqli_close($this->dbHandle); 
    } 
    function read($sessID) {
        echo "Called session->read(sessID)<br>";
        $time = time();
        // fetch session-data 
        $query = "SELECT session_data AS d FROM ws_sessions 
                            WHERE session_id = '$sessID' 
                            AND session_expires > $time";
        $result = mysqli_query($this->dbHandle, $query) or die('Invalid query: ' . mysqli_error($this->dbHandle)); 
        // return data or an empty string at failure 
        if($row = mysqli_fetch_assoc($result)) {
            return $row['d']; 
        } else {
            return false;
        }
    }
    function write($sessID,$sessData) { 
        echo "Called session->write(sessID, sessData)<br>";
        // new session-expire-time 
        $newExp = time() + $this->lifeTime; 
        // is a session with this id in the database? 
        $query = "SELECT * FROM ws_sessions 
                  WHERE session_id = '$sessID'";
        $result = mysqli_query($this->dbHandle, $query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
        // if yes, 
        if(mysqli_num_rows($result)) { 
            // ...update session-data 
            $query = "UPDATE ws_sessions 
                         SET session_expires = '$newExp', 
                         session_data = '$sessData' 
                         WHERE session_id = '$sessID'";
            $result = mysqli_query($this->dbHandle,$query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
            // if something happened, return true 
            if(mysqli_affected_rows($this->dbHandle)) 
                return true; 
        } 
        // if no session-data was found, 
        else { 
            // create a new row 
            $query = "INSERT INTO ws_sessions ( 
                         session_id, 
                         session_expires, 
                         session_data) 
                         VALUES( 
                         '$sessID', 
                         '$newExp', 
                         '$sessData')";
             $result = mysqli_query($this->dbHandle,$query) or die('Invalid query: ' . mysqli_error($this->dbHandle));

            // if row was created, return true 
            if(mysqli_affected_rows($this->dbHandle)) 
                return true; 
        } 
        // an unknown error occured 
        return false; 
    } 
    function destroy($sessID) {
        echo "Called session->destroy(sessID)<br>";
        // delete session-data 
        $query = "DELETE FROM ws_sessions WHERE session_id = '$sessID'";
        $result = mysqli_query($this->dbHandle,$query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
        // if session was deleted, return true, 
        if(mysqli_affected_rows($this->dbHandle)) 
            return true; 
        // ...else return false 
        return false; 
    } 
    function gc($sessMaxLifeTime) { 
        echo "Called session->gc(sessMaxLifeTime)<br>";
        // delete old sessions 
        $time = time();
        $query = "DELETE FROM ws_sessions WHERE session_expires < $time";
        $result = mysqli_query($this->dbHandle,$query) or die('Invalid query: ' . mysqli_error($this->dbHandle));
        // return affected rows 
        return mysqli_affected_rows($this->dbHandle); 
    } 
} 
$session = new session(); 
session_set_save_handler(array(&$session,"open"), 
                         array(&$session,"close"), 
                         array(&$session,"read"), 
                         array(&$session,"write"), 
                         array(&$session,"destroy"), 
                         array(&$session,"gc"));
// the following prevents unexpected effects when using objects as save handlers
register_shutdown_function('session_write_close');                       
session_start();

echo "<pre>";
echo "Testing Session: <br>";
$_SESSION['views'] = 1;
echo "Session views = ". $_SESSION['views'] . "<br>";
echo "Writing Session<br>";
$session->write(session_id(), $_SESSION['views']);
echo "</pre>";

?>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将会话数据存储在数据库和内存缓存中 - Storing session data in database AND memcache Zend-将会话数据存储在数据库中 - Zend - Storing Session data in a database 在会话中存储数据与将数据发送到数据库 - Storing Data in Session vs Sending Data into Database 将数据存储到会话中并在“主要”操作时存储到数据库 - Storing data into session and storing to database upon “major” action 保护PHP共享主机上的数据库和会话数据 - Securing DB and session-data on a PHP shared host PHP - 在数据库中存储会话 - PHP - Storing Session in a Database Codeigniter将会话存储在数据库中 - Codeigniter storing session in database 将会话存储在数据库中 - Storing session in database 多页会话存储在数据库中 - multipage session storing in database PHP,这是将数据存储到会话和数据库之间的更好方法吗? - PHP, which is the better way between storing data into session and database?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM