PHP Session Handler不写入数据库

I need help with the class below - its not writing to the database and I have no idea why. I know the "read" method is called, but not the "write" method :S

This is the code I'm using:

require '../application/database.php';
$db = new Database('localhost', 'root', '', 'gemgale');

require '../application/session.php';
$session = new Session($db);

session_set_save_handler(
    array(&$session, 'open'),
    array(&$session, 'close'),
    array(&$session, 'read'),
    array(&$session, 'write'),
    array(&$session, 'destroy'),
    array(&$session, 'clean')
);
session_start();
var_dump($session);
$_SESSION['something'] = "gem";
var_dump($_SESSION);
#$session->delete();
#var_dump($_SESSION);

and this is the class ...

class Session
{
    ###########################################################################
    private $expiry = 3600;
    private $securityCode = "gnvriev847e8grdinvrdg5e8g4r7fr7rdvreh8^£*^£FGgyhf";
    private $tableName = "session_data";
    ###########################################################################
    private $dbh;

    function __construct(Database $db)
    {
        $this->dbh = $db->getConnection();

        ini_set('session.cookie_lifetime', 0);
        ini_set('session.gc_maxlifetime', $this->expiry);
    }

    function open($save_path, $session_name)
    {
        return true;
    }

    function close()
    {
        return true;
    }

    function read($session_id)
    {
        echo $session_id;
        print "READING";
        $time = time();
        $hua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
        $hua = $hua . $this->securityCode;
        $hua = md5($hua);
        try {
            $stmt = $this->dbh->prepare("
            SELECT session_data
            FROM :tableName
            WHERE session_id = :sesID
              AND session_expire > :time
              AND http_user_agent = :hua
            LIMIT 1
        ");
            $stmt->bindParam("tableName", $this->tableName);
            $stmt->bindParam("sesID", $session_id);
            $stmt->bindParam("time", $time);
            $stmt->bindParam("hua", $hua);
            $stmt->execute();
        } catch (PDOException $e) {
            echo $e->getMessage();
            return false;
        }
        $rs = $stmt->fetch();
        if (!$rs)
            return '';
        else
            return $rs['session_data'];

    }

    function write($session_id, $session_data)
    {
        print "WRITING";
        $expiry = time() + $this->expiry;
        $hua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
        $hua = $hua . $this->securityCode;
        $hua = md5($hua);
        try {
            $stmt = $this->dbh->prepare("
                INSERT INTO :tableName (
                  session_id,
                  http_user_agent,
                  session_data,
                  session_expiry
                )
                VALUES (
                  :sessID,
                  :hua,
                  :sdata,
                  :expiry
                )
                ON DUPLICATE KEY UPDATE
                  session_data = :sdata,
                  session_expire = :expiry
            ");

            $stmt->bindParam("tableName", $this->tableName);
            $stmt->bindParam("sessID", $session_id, PDO::PARAM_STR);
            $stmt->bindParam("hua", $hua);
            $stmt->bindParam("sdata", $session_data, PDO::PARAM_STR);
            $stmt->bindParam("expiry", $expiry);
            $stmt->execute();
        } catch (PDOException $e) {
            echo $e->getMessage();
            return false;
        }
        if ($stmt->rowCount() > 1)
            return true;
        else
            return '';

    }


    function destroy($session_id)
    {
        try {
            $stmt = $this->dbh->prepare("
                DELETE FROM :tableName
                WHERE session_id = :id
            ");
            $stmt->bindParam("tableName", $this->tableName, PDO::PARAM_STR);
            $stmt->bindParam("id", $session_id, PDO::PARAM_STR);
            $stmt->execute();
        } catch (PDOException $e) {
            echo $e->getMessage();
            return false;
        }
        return true;
    }


    function clean($maxLifeTime)
    {
        try {
            $x = time() - $maxLifeTime;
            $stmt = $this->dbh->prepare("
                DELETE FROM :tableName
                WHERE session_expire < :x
            ");
            $stmt->bindParam("tableName", $this->tableName, PDO::PARAM_STR);
            $stmt->bindParam("x", $x, PDO::PARAM_INT);
            $stmt->execute();
        } catch (PDOException $e) {
            die($e->getMessage());
        }
        return true;
    }

    function delete()
    {
        $oldID = session_id();
        session_regenerate_id();
        $this->destroy($oldID);
        session_unset();
        session_destroy();
    }


    function getActive()
    {
        $this->clean($this->expiry);
        try {
            $stmt = $this->dbh->prepare("
                SELECT COUNT(session_id) as count
                FROM :tableName
            ");
            $stmt->bindParam("tableName", $this->tableName, PDO::PARAM_STR);
            $stmt->execute();
            $rs = $stmt->fetch();
            return $rs['count'];
        } catch (PDOException $e) {
            die($e->getMessage());
        }
    }

}

Hope you guys can help :)

Thanks, Gem

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongyata3336 2012-11-20 14:36
关注
One, you don't need to pass by reference. Do this instead:

session_set_save_handler( array($session, 'open'), array($session, 'close'), array($session, 'read'), array($session, 'write'), array($session, 'destroy'), array($session, 'clean') );

To test if the save/write is working, you could try this:

session_start(); $_SESSION['something'] = "gem"; session_write_close(); echo "- Foo";

This should trigger a write to the session store and flush anything to be written. In this case it should display WRITING- Foo if your write method is being called.

If the DB is not being written, but the method is being called, there are other issues.

The first thing I'd look at is the :tableName you're replacing in the prepared statement. You cannot prepare-replace column names or tables. Change your statement to this:

$stmt = $this->dbh->prepare(" INSERT INTO ".$this->tableName." ( session_id, http_user_agent, session_data, session_expiry ) VALUES ( :sessID, :hua, :sdata, :expiry ) ON DUPLICATE KEY UPDATE session_data = :sdata, session_expire = :expiry ");

If you do substitue in variables for table names or columns, make sure you whitelist them before using to be safe against opening an injection hole.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

PHP Session Handler不写入数据库 database php
2012-11-20 14:27

回答 1 已采纳 One, you don't need to pass by reference. Do this instead: session_set_save_handler( array($s
类'SessionHandler'找不到PHP 5.3.3 php
2016-09-22 21:45

回答 1 已采纳 Right, the SessionHandler interface was not implemented in PHP until PHP 5.4. Unfortunately, PHP 5
php sleep redis session_handler while php redis
2016-10-19 02:27

回答 2 已采纳 Session will be written to file after request shutdown.
数据库系统工程师考点笔记
2021-04-14 10:52

@北海怪兽的博客本人在备战数据库系统工程师的考试，把刷历年真题碰到的知识点记录在这边。（目录是第四版教程）
session_write_close（）：无法使用用户定义的保存处理程序写入会话数据。 PHP 7.3.1 php
2019-08-20 03:05

回答 1 已采纳 I don't see a reason why you need to set a shutdown handler. Sessions are automatically saved when
所有项目的通用session.save_handler php symfony vagrant
2015-06-08 12:43

回答 1 已采纳 Sessions A simpler solution is to keep using the files session save handler, but have it use a di
php session_start（）忽略已创建的会话 php
2017-01-05 19:46

回答 1 已采纳 My bad, forgot to add COOKIE to the variables_order directive: variables_order = "GPCS" So that
MySQL数据库学习（进阶篇）
2023-05-07 16:13

麻衣带我去上学的博客 # Yes表示支持，No表示不支持默认profiling是关闭的，可以通过set语句在session/global级别开启profiling： SET profiling=1; 查看所有语句的耗时： show profiles; 查看指定query_id的SQL语句各阶段的耗时： show...
使用数据库时的PHP session.save_path php
2011-06-06 01:18

回答 1 已采纳 If you use session_set_save_handler(), then no, you don't need to specify session.save_path
session_set_save_handler - 为什么这段代码不起作用？ mysql php
2010-10-28 16:50

回答 2 已采纳 None of your query calls have any error checking. Instead of blindly assuming the database portion
数据库连接不上，dbutil有问题 java mysql
2023-03-07 12:56

回答 2 已采纳这个异常是由于 MySQL 8.0.3 及以上版本中的默认时区设置改变引起的。这些版本中默认时区设置为 SYSTEM，如果系统时区不是有效的时区，则会出现类似于报错；解决方案：在你的数据库连接url
php 开发谷歌扩展程序_PHP应用程序的水平扩展，第1部分
2020-08-17 01:00

culi3118的博客 php 开发谷歌扩展程序You’ve built a website. It was fun, and it feels rewarding to see all those visitors pour in. The traffic increases slowly, until one day, someone posts a link to your app to ...
php 权限给了为啥还提示写入日志权限不够我都777了 php 后端开发语言
2021-12-23 14:54

回答 1 已采纳你是什么系统什么环境的数据库
PHP_MVC框架开发,nosql学习，mysql优化，以及高并发web架构处理
2021-04-06 14:59

OceanSec的博客文章目录定义入口文件完成自动加载路由类.htaccessexplodetrimarray_slice实现控制器加载控制器数据库初始化连接数据查询函数视图extract其他类配置类日志类composer插件smart插件安装smarty使用whoopsvar_...
php使用memcache存储session
2017-04-18 17:02

csdn924618338的博客 web服务器的php session都给memcached ，这样你不管分发器把 ip连接分给哪个web服务器都不会有问题了，配置方法很简单，就在php的配置文件内增加一条语句就可以了，不过前提你需要...session.save_handler = memcache
没有解决我的问题, 去提问

悬赏问题

¥15 fluent的在模拟压强时使用希望得到一些建议
¥15 STM32驱动继电器
¥15 Windows server update services
¥15 关于#c语言#的问题：我现在在做一个墨水屏设计，2.9英寸的小屏怎么换4.2英寸大屏
¥15 模糊pid与pid仿真结果几乎一样
¥15 java的GUI的运用
¥15 Web.config连不上数据库
¥15 我想付费需要AKM公司DSP开发资料及相关开发。
¥15 怎么配置广告联盟瀑布流
¥15 Rstudio 保存代码闪退

PHP Session Handler不写入数据库

1条回答 默认 最新

悬赏问题

1条回答默认最新