sessionRead
The sessionRead( ) handler function-shown in Example D-4-is called by PHP each time a session is initialized. The handler returns the serialized string that holds the session variables for the given session ID $sess_id. The function executes a query to find the row with a session_id equal to $sess_id and, if the row is found, the session_variable attribute is returned. If no session is found, sessionRead( ) returns a blank string. If an error occurs when the SELECT query is executed, showerror( ) is called.
The query is constructed using the global variables $session_table and executed using the global variable $connection set up by the sessionOpen( ) handler. Note that this function returns all the session variables in the one serialized string. The calling PHP code converts the string to the individual session variables and sets up the $HTTP_SESSION_VARS array and the associated global variables if register_globals has been enabled.
Example D-4. The sessionRead handler
// This function is called whenever a session_start( )
// call is made and reads the session variables
// Returns "" when a session is not found
// (serialized)string - session exists
function sessionRead($sess_id)
{
// Access the DBMS connection
global $connection;
// Access the global variable that holds the name
// of the table that holds the session variables
global $session_table;
// Formulate a query to find the session
// identified by $sess_id
$search_query =
"SELECT * FROM $session_table
WHERE session_id = '$sess_id'";
// Execute the query
if (!($result = @ mysql_query($search_query,
$connection)))
showerror( );
if(mysql_num_rows($result) == 0)
// No session found - return an empty string
return "";
else
{
// Found a session - return the serialized string
$row = mysql_fetch_array($result);
return $row["session_variable"];
}
}