PHP: Sessions and PostgreSQL Connectivity

Tom Kelliher, CS 318

Feb. 18, 2002




Catch up on the reading!!!

From Last Time

SQL queries.


  1. Introduction.

  2. Sessions.

  3. PostgreSQL connectivity.

  4. Example code walk-through.

Coming Up

PHP/PostgreSQL lab.


  1. HTTP is a stateless protocol.
    1. What does this mean?

    2. What are the consequences?

  2. Mechanisms for retaining state (persistence):
    1. Hidden fields in forms.

    2. Cookies.

    3. Sessions.

    Advantages, disadvantages.

  3. HTTP/PHP session information transfer model:

    1. HTTP GET: parameters passed as part of URL:
      1. Accessed through _GET associative array in PHP:
        $name = $_GET["name"];

      2. Session ID passed as GET parameter:
        echo "<A href=\""
             . SID . "\">";

    2. HTTP POST: parameters passed into script via stdin.
      1. Accessed through _POST associative array.

    3. Session variables are maintained on the server and accessed by referring to a session ID and using the _SESSION associative array.


  1. Sessions exist until browser is closed or PHP garbage collector removes the session data file.

  2. Establishing a session and writing session variables:
    $_SESSION["username"] = $username;
    $_SESSION["password"] = $password;
    1. session_start() and new/resumed sessions.

  3. The session ID constant: SID.

  4. Checking to see if a session variable already exists:
    if (isset($_SESSION["username"])
       $username = $_SESSION["username"];
       $_SESSION["username"] = $username;

  5. Deleting a session variable (enhanced security):
    Also possible to delete entire session --- see online docs.

  6. Avoiding garbage collection:
    1. Garbage collector invoked by any session_start().

    2. Session files older (mod time) than 24 minutes are reclaimed.

    3. Avoiding garbage collection? Read/write a session variable.

PostgreSQL Connectivity

  1. Processing model:
    1. Establish connection, receive handle.

    2. Send SQL query, receive results ``array.''

    3. Process results array.

    4. Free results array.

    5. Repeat as needed.

    6. Close connection.

  2. Establishing a connection:
    $handle = pg_connect("dbname=databaseName user=userName password=pwd");

    Check handle status!! Why handles? (Script could have multiple DB connections open.)

  3. Sending a query:
    $result = pg_exec($handle, "query string");

    Check result status!!

  4. Determining the size of a result: pg_numrows($result), pg_numfields($result).

  5. Accessing the result:
    $item = pg_result($result, $row, $field);
    $item = pg_result($result, $row, "fieldName");
    $row and $field are 0-based numeric indices. fieldName is an associative array-style index.

  6. Freeing a result, closing a connection:

Example Code Walk-through

Refer to Class Materials section of course web site.

Things to note for each file:

  1. login.html:
    1. Form tag: method and action.

    2. Input tags: types and names.

  2. authenticate.php:
    1. Debugging notes.

    2. Retrieval of username, password. Associative array.

    3. Database connection and error checking.

    4. Sending a query and error checking.

    5. Accessing query results. Associative array.

      Why the check on pg_numrows()?

    6. Establishing the session and saving session variables.

    7. Passing SID back to the server as a GET parameter.

      SID will be empty when we resume the session.

    8. Freeing the result and closing the database. Why?

  3. query.php:
    1. Retrieving session variables.

    2. Iterating through the result.

Thomas P. Kelliher
Thu Feb 14 18:09:51 EST 2002
Tom Kelliher