This article introduces about saving sessions in PHP database. Now I share it with everyone. It can also be a reference for friends in need. Let’s take a look together
Foreword:
By default, PHP will save all session data in text files on the server. These files are usually saved on the server. Inside the temporary directory on.
Then why do we need to save the session in the database?
The main reason: to improve the security of the system. On a shared server, without special settings, all websites will use the same temporary directory, which means that dozens of programs are reading and writing files in the same location. Not only was the speed slowed down, but it was also possible for someone else to steal my site's user data.
Saving session data to the database can also make it easier to search for more information about web site sessions. We can query the number of active sessions (the number of users online at the same time), and we can also query Session data is backed up.
If my site runs on multiple servers at the same time, then a user may send multiple requests to different servers during a session, but if the session data is saved in On a certain server, other servers cannot use these session data. If one of my servers only plays the role of a database, wouldn't it be very convenient for you to save all session data in the database?
For more understanding of PHP session, please refer to this blog. Thoroughly understand PHP’s SESSION mechanism
1. Create a session table
Since the session data is stored on the server, and an index (sessionID) is stored on the client, this index corresponds to a certain piece of session data on the server. Therefore, the two fields that the table must contain are id and data, and the session will have expiration time, so there is another field here which is last_accessed. Here I build the table under the test database:
CREATE TABLE sessions(
id CHAR(32) NOT NULL,
data TEXT,
last_accessed TIMESTAMP NOT NULL, PRIMARY KEY(id)
);
PS: If the program needs to save a large amount of data in the session, the data field may need to be defined as MEDIUMTEXT or LONGTEXT type.
2、定义会话函数:
这里我们主要有两个步骤:
定义与数据库交互的函数
使PHP能使用这些自定义函数
在第二步中,是通过调用函数 session_set_save_handler()来完成的,调用它需要6个参数,分别是 open(启动会话)、close(关闭会话)、read(读取会话)、write(写入会话)、destroy(销毁会话)、clean(垃圾回收)。
我们新建php文件 sessions.inc.php ,代码如下:
<?php$sdbc = null; //数据库连接句柄,在后面的函数里面让它成为全局变量//启动会话function open_session(){
global $sdbc; //使用全局的$sdbc
$sdbc = mysqli_connect('localhost', 'root', 'lsgogroup', 'test'); //数据库 test
if (!$sdbc) { return false;
} return true;
}//关闭会话function close_session(){
global $sdbc; return mysqli_close($sdbc);
}//读取会话数据function read_session($sid){
global $sdbc; $sql = sprintf("SELECT data FROM sessions WHERE id='%s'", mysqli_real_escape_string($sdbc, $sid)); $res = mysqli_query($sdbc, $sql); if (mysqli_num_rows($res) == 1) { list($data) = mysqli_fetch_array($res, MYSQLI_NUM); return $data;
} else { return '';
}
}//写入会话数据function write_session($sid, $data){
global $sdbc; $sql = sprintf("INSERT INTO sessions(id,data,last_accessed) VALUES('%s','%s','%s')", mysqli_real_escape_string($sdbc, $sid), mysqli_real_escape_string($sdbc, $data), date("Y-m-d H:i:s", time())); $res = mysqli_query($sdbc, $sql); if (!$res) { return false;
} return true;
}//销毁会话数据function destroy_session($sid){
global $sdbc; $sql = sprintf("DELETE FROM sessions WHERE id='%s'", mysqli_real_escape_string($sdbc, $sid)); $res = mysqli_query($sdbc, $sql); $_SESSION = array(); if (!mysqli_affected_rows($sdbc) == 0) { return false;
} return true;
}//执行垃圾回收(删除旧的会话数据)function clean_session($expire){
global $sdbc; $sql = sprintf("DELETE FROM sessions WHERE DATE_ADD(last_accessed,INTERVAL %d SECOND)<NOW()", (int)$expire); $res = mysqli_query($sdbc, $sql); if (!$res) { return false;
} return true;
}//告诉PHP使用会话处理函数session_set_save_handler('open_session', 'close_session', 'read_session', 'write_session', 'destroy_session', 'clean_session');//启动会话,该函数必须在session_set_save_handler()函数后调用,不然我们所定义的函数就没法起作用了。session_start();//由于该文件被包含在需要使用会话的php文件里面,因此不会为其添加PHP结束标签PS:
处理“读取”函数外,其他函数必须返回一个布尔值,“读取”函数必须返回一个字符串。
.每次会话启动时,“打开”和“读取”函数将会立即被调用。当“读取”函数被调用的时候,可能会发生垃圾回收过程。
当脚本结束时,“写入”函数就会被调用,然后就是“关闭”函数,除非会话被销毁了,而这种情况下,“写入”函数不会被调用。但是,在“关闭”函数之后,“销毁”函数将会被调用。
.session_set_save_handler()函数参数顺序不能更改,因为它们一一对应 open 、close、read、、、、
会话数据最后将会以数据序列化的方式保存在数据库中。
3、使用新会话处理程序
使用新会话处理程序只是调用session_set_save_handler()函数,使我们的自定义函数能够被自动调用而已。其他关于会话的操作都没有发生变化(以前怎么用现在怎么用,我们的函数会在后台自动被调用),包括在会话中存储数据,访问保存的会话数据以及销毁数据。
在这里,我们新建 sessions.php 文件,该脚本将在没有会话信息时创建一些会话数据,并显示所有的会话数据,在用户点击 ‘log out’(注销)时销毁会话数据。
代码:
<?php//引入sessions.inc.php文件,即上面的代码require('sessions.inc.php');?><!doctype html><html lang='en'><head>
<meta charset="utf-8">
<title>DB session test</title></head><body><?php//创建会话数据if(empty($_SESSION)){ $_SESSION['blah'] = "umlaut"; $_SESSION['this'] = 12345; $_SESSION['that'] = 'blue'; echo "<p>Session data stored</p>";
}else{ echo "<p>Session data exists:<pre class="brush:php;toolbar:false">".print_r($_SESSION,1)."";
}if(isset($_GET['logout'])){ //销毁会话数据
session_destroy(); echo "session destroyed
"; }else{ echo "log out"; }echo "session data :
".print_r($_SESSION,1)."";echo '
The above is the detailed content of PHP database save session session. For more information, please follow other related articles on the PHP Chinese website!
PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AMPHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct
How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AMThe best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.
Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AMCustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr
Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AMSending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.
What is the best way to send an email using PHP?May 08, 2025 am 12:21 AMThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu
Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AMThe reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.
PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AMPHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.
PHP Email Security: Best Practices for Sending EmailsMay 08, 2025 am 12:16 AMThebestpracticesforsendingemailssecurelyinPHPinclude:1)UsingsecureconfigurationswithSMTPandSTARTTLSencryption,2)Validatingandsanitizinginputstopreventinjectionattacks,3)EncryptingsensitivedatawithinemailsusingOpenSSL,4)Properlyhandlingemailheaderstoa
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
Dreamweaver Mac version
Visual web development tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
SublimeText3 Mac version
God-level code editing software (SublimeText3)
