Hi Tbs!

Been messing about with php recently and i stumbled upon something rather weird. Consider the following code:

$username = $_SESSION['username']; // 'testing' has already been set

$query = mysql_query("SELECT * FROM users WHERE Username='$username' LIMIT 1");
$testing = mysql_query("SELECT * FROM users WHERE Username='testing' LIMIT 1");

$count = mysql_num_rows($query);
$count2 = mysql_num_rows($testing);

So $username == "testing" and both $query and $testing appear to be doing the exact same thing. However only $testing will return 1, it seems when i pass in a variable (session/cookie) it seems to grab it but any function using it doesn't seem to work. Anyone else had anything like this ?

Also have tried ` around the column names and also concatenating the variables into $sQuery ("WHERE `Username`='".$username."'"), there is no mysql_error either.

$username = $_SESSION['username']; // testing
$sQuery = mysql_query("SELECT * FROM `tblUsers`");

while($row = mysql_fetch_array($sQuery)){

if ($row['username'] == $username){
echo "found";
}else{
echo $row['username'].":".$username;
}

}

This also outputs testing:testing (no match found). Maybe it could be a configuration issue (?)

this might be a silly question, but you are aware that the variables are case sensitive, right?

also, i'm not entirely sure which browsers are affected, but cookies aren't stored by default on loopbacks like "localhost" & "127.0.0.1" so to check what is being passed, consider adding a debug section to your page. i use the following:

function spitItOut()
{
    $flag = false;$ts="--------------------------------------------------\r\n";$xs="\r\n\r\n";
    if(count($_FILES)) {echo("-[FILE]--$ts");print_r($_FILES);                  $flag=true;}
    if(count($_POST))  {echo((($flag)?$xs:"")."-[POST]--$ts");print_r($_POST);  $flag=true;}
    if(count($_GET))   {echo((($flag)?$xs:"")."-[GET]---$ts");print_r($_GET);   $flag=true;}
    if(count($_COOKIE)){echo((($flag)?$xs:"")."-[COOKIE]$ts");print_r($_COOKIE);$flag=true;}
    if (!$flag){echo "-- [NOTHING RECEIVED SERVER-SIDE] --";}
}

EDIT: if the cookies are the case, i found a possible work-around on stack-overflow:

also i'm not sure but i think i got around it by using my internal network address. you know, 192.168.0.#?

if i do:

echo $_SESSION['username'];

it shows "sniperkid", if i do:

$username = $_SESSION['username'];
$sQuery = "SELECT * FROM tblUsers WHERE Username='$username'";
echo "SELECT * FROM tblUsers WHERE Username='$username'";

it shows "SELECT * FROM tblUsers WHERE Username='sniperkid'".

The issue appears when i try to pass this sql through mysql_query(), i can copy and paste it via phpmyadmin and it works fine. Same for cookies, i am using Firefox so i will do some more testing on IE. However, i made one of them free websites (000webhosting) and the exact same code works fine....i tried it on one of my windows boxes (IIS 7 + PHP + Mysql) and it shows same as my linux box. I can only assume its a setting somewhere, just can't find anything about it anywhere!

also print_r($_SESSION) shows:

Array ( [username] => sniperkid )

So its def being set.

i have no doubt, but if the browser doesn't bind the session to a cookie, the session data's useless. put that code on and show me the output. also, are you running it with an xammp server? and what OS?

I added the $_SESSION line and it outputs:

-[SESSION]-------------------------------------------------- Array ( [username] => sniperkid ) 

CentOS 6 - Lamp
or
Windows Server 2008 R2 - IIS 7 with PHP

and the cookie? is there any output from the cookie data or is that all it passes through? i'm specifically looking for PHPSESSID