Can I pass a Session Var to a PHP function?

user3464366
June 2, 2023
206 views
0 votes
2 Answers

my problem is that i did not get an php session variable into my function – i start in the top of the file

<?php
session_start();
var_dump($_SESSION);

this is the result

array(3) { ["loggedin"]=> bool(true) ["name"]=> string(4) "Piet" ["id_staff"]=> int(9) }

public static function getStaffList($_SESSION['name']){

  if ($_SESSION['name'] =="admin" || $_SESSION['name'] =="Piet") {
    $sql = "SELECT * FROM staff";
  }
  else {
    $sql = "SELECT * FROM staff where surname = '".$_SESSION['name']."'";
  }

  $result = Core::$link->query($sql);

  if (!$result) {
    return 'Error: ' . mysqli_error(Core::$link);
  }

  $return = array();
  while ($myrow = mysqli_fetch_assoc($result)) {
    if ($myrow['birthday'] !== '0000-00-00') {
      $myrow['birthday'] = date("d.m.Y", strtotime($myrow['birthday']));
    } else {
      $myrow['birthday'] = '';
    }

    $return[] = $myrow;
  }

  return $return;
}

Tags: php

Answers

Chosen as BEST ANSWER
- user3464366
- June 2, 2023 at 10:06 am
- 0 votes
0
if i write exactly this after session_start() - $_SESSION = array("loggedin"=> true, "name"=>"Piet", "id_staff"=> 9); - than it works –

(Edit)

- grinch7117
- June 1, 2023 at 11:23 am
- 0 votes
0
You do not need to pass the session as parmeter:
```
public static function getStaffList($_SESSION['name']){
```
the session is available anyway:
```
public static function getStaffList(){
```
Take care that the call for the session_start() is executed at the start of the script.

Another point where you need to take care is using values directly into SQL statements!
```
  else {
     $sql = "SELECT * FROM staff where surname ='".$_SESSION['name']."'";
  }
```
you never know what the user puts in there, or what value reaches to that point, and is than used for the query, leaking data.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.