HTML, XHTML and CSS All-In-One for Dummies - Andy Harris [226]
You can manipulate the local variable, but if you want to use the value the next time the program runs for this user, you need to store the value back into the session after you change it.
For example, the following code loads the variable $count from the session, adds 1 to it, and stores it back into the session:
$count = $_SESSION[“count”];
$count++;
$_SESSION[“count”] = $count;
6. Initialize the session variables if they do not exist.
Sometimes you need access to a session variable, but that session doesn’t already exist. Usually, this will happen on the first pass of a program meant to run multiple times. It will also happen if the user jumps straight into a program without going through the appropriate prior programs (say you have got a system with three PHP programs and the user uses a bookmark to jump straight to program 3 without going to program 1, which sets up the sessions). In these situations, you’ll either want to pass an error message or quietly create new session variables. In my example, I simply create a new session if it doesn’t already exist. It’s an easy matter of assigning values to the $_SESSION superglobal:
//if count doesn’t exist, this is our first pass,
//so initialize both session variables
$_SESSION[“count”] = 1;
$_SESSION[“total”] = 0;
$count = 1;
If you want to reset your sessions for testing purposes, you can write a quick program to set the variables to 0, or you can use the Web Developer toolbar: Cookies⇒Clear Session Cookies. Note that the session data itself isn’t stored in the cookie. The cookie just contains a reference number so the server can look up the session data in a file stored on the server.
Sessions and security
The session mechanism is powerful and easy to use. It isn’t quite foolproof, though. Sessions are automatically handled through a browser mechanism called cookies. Cookies aren’t inherently good or evil, but they’ve gotten a bad reputation because some programs use them maliciously. You’ll occasionally run across a user who’s turned off cookies, but this is not a major problem because PHP can automatically use other options when cookies are not available. There’s rarely a need to work with cookies directly in PHP because sessions are a higher-level abstraction of the cookie concept.
Like all data passed through the HTTP protocol, session and cookie information is passed entirely in the clear. A person with evil intent can capture your session information and use it to do bad things.
Generally, you should stay away from sensitive information (credit card data, Social Security numbers, and so on) unless you’re extremely comfortable with security measures. If you must pass potentially sensitive data in your PHP program, investigate a technology called TLS (Transport Layer Security), which automatically encrypts all data transferred through your site. TLS replaces the older SSL technology and is available as a free plugin to Apache servers.
Chapter 6: Working with Files and Directories
In This Chapter
Saving to text files
Reading from text files
Reading a file as an array
Parsing delimited text data
Working with file and directory functions
An important part of any programming language is file manipulations. Whether you need to create a comma-separated value (CSV) file or generate a dynamic list of files in a directory, or just need a semi-permanent place to log records on the server, file manipulation functions are an indispensable part of your PHP toolbox.
Text File Manipulation
Work with text files is split into two basic categories: writing and reading. Writing and reading come down to six basic functions. See the following bullet list for a brief explanation of the six basic file functions. Each function has an entire subsection in the following “Writing text to files” and “Reading from the file” sections:
♦ fopen(): Stores a connection to a file you specify in a variable you specify
♦ fwrite(): Writes text you specify to a file you specify
♦ fclose(): Closes the connection