Cookies
The setcookie( ) call needs
to be before the HTML form because of the way the web works. HTTP operates by
sending all "header" information before it sends "body" information. In the
header, it sends things like server type (e.g., "Apache"), page size (e.g.,
"29019 bytes"), and other important data. In the body, it sends the actual HTML
you see on the screen. HTTP works in such a way that header data cannot come
after body datayou must send all your header data before you send any body data
at all.
Cookies come into the category of header data. When you place a
cookie using setcookie( ), your web server adds a line in your header
data for that cookie. If you try and send a cookie after you have started
sending HTML, PHP will flag serious errors and the cookie will not get
placed.
There are two ways to correct this:
-
Put your cookies at the top of your page. By sending them
before you send anybody data, you avoid the problem entirely.
-
Enable output buffering in PHP. This allows you to send header
information such as cookies wherever you likeeven after (or in the middle of)
body data. Output buffering is covered in depth in the following
chapter.
The setcookie( ) function itself takes three main
parameters: the name of the cookie, the value of the cookie, and the date the
cookie should expire. For example:
setcookie("Name", $_POST['Name'], time( ) + 31536000);
In the example code, setcookie( ) sets a cookie called
Name to the value set in a form element called Name. It uses
time( ) + 31536000 as its third parameter, which is equal to the
current time in seconds plus the number of seconds in a year, so that the cookie
is set to expire one year from the time it was set.
Once set, the Name cookie will be sent with every subsequent
page request, and PHP will make it available in $_COOKIE. Users can
clear their cookies manually, either by using a special option in their web
browser or just by deleting files.
print $_COOKIE["Name"];
Sessions
Sessions store temporary data about your visitors and are
particularly good when you don't want that data to be accessible from outside of
your server. They are an alternative to cookies if the client has disabled
cookie access on her machine, because PHP can automatically rewrite URLs to pass
a session ID around for you.
Starting a Session
A session is a combination of a server-side file containing all
the data you wish to store, and a client-side cookie containing a reference to
the server data. The file and the client-side cookie are created using the
function session_start( ) it has no
parameters but informs the server that sessions are going to be used.
When you call session_start( ), PHP will check to see
whether the visitor sent a session cookie. If it did, PHP will load the session
data. Otherwise, PHP will create a new session file on the server, and send an
ID back to the visitor to associate the visitor with the new file. Because each
visitor has his own data locked away in his unique session file, you need to
call session_start( ) before you try to read session variablesfailing to
do so will mean that you simply will not have access to his data. Furthermore,
as session_start( ) needs to send the reference cookie to the user's
computer, you need to have it before the body of your web pageeven before any
spaces.
Adding Session Data
All your session data is stored in the session superglobal
array, $_SESSION, which means that each session variable is one element
in that array, combined with its value. Adding variables to this array is done
in the same way as adding variables to any array, with the added bonus that
session variables will still be there when your user browses to another
page.
To set a session variable, use syntax like this:
$_SESSION['var'] = $val;
$_SESSION['FirstName'] = "Jim";
Older versions of PHP used the function session_register(
); however, use of this function is strongly discouraged, as it will not
work properly in default installations of PHP 5. If you have scripts that use
session_register( ), you should switch them over to using the
$_SESSION superglobal, as it is more portable and easier to read.
Before you can add any variables to a session, you need to have
already called the session_start( ) functiondon't forget!
|