Registering PHP Session Variable

I'm trying to create a simple login form. I have session_start(); as the first thing loaded on the page. I have a file login.php which contains the log开发者_如何学JAVAin related code which is processed through an ajax call when the Login button is clicked. It contains:

if ($_GET['cemail']) {

$email = $_GET['cemail']; 
$password = md5($_GET['cpassword']); 
$sql = "select * from users where email='" . $email . "' and password='" . $password . "'";
$result = mysql_query($sql);
if (mysql_num_rows($result) >= 1) { 
    session_register("email");
}
else {
    echo "<span style='color:#ffffff;'>Invalid Email/Password</span><br>";
}

}

When I click the Login button, I get this warning:

Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /home/clicker/public_html/hstrial-RBochner/login.php:1) in /home/clicker/public_html/hstrial-RBochner/login.php on line 82

Line 82 is the line that says session_register("email");

I also tried to create a Logout button which just calls session_destroy(), but it gives me this:

Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in /home/clicker/public_html/hstrial-RBochner/login.php on line 66

What am I doing wrong here? I've tried placing session_start() in various places. Any help/ideas? Thanks.

---

you need:

1. put session_start() in start of your code
2. don't use session_register(), is an obsolete function, replace by $_SESSION['foo'] = 'baa';

3. destruct session:

   session_start();
   session_destroy();

4. your web application is vulnerably to SQL injection attack. -check best way to stop SQL Injection in PHP

---

about your logout-button question. You have to start your session first

<?php
//logout.php
session_start();
session_destroy();
echo "Logouted"

instead of

  session_register()

use just

   $_SESSION['email'] = ''; 

---

I got it to work by putting all php code at the very beginning of the page.

---

From what I can read over at the session_register() PHP documentation (link), it seems that session_register() is deprecated and that $_SESSION["email"] = "email@example.com"; is the new way to do it as of PHP 4.1.0.

A code example would then be (I am not sure if this works tho, but it should guide you in the right direction);

<?php
    if ($_GET['cemail']) {
        $email = $_GET['cemail']; 
        $password = md5($_GET['cpassword']); 
        $sql = "select * from users where email='" . $email . "' and password='" . $password . "'";
        $result = mysql_query($sql);
        if (mysql_num_rows($result) >= 1) { 
            $_SESSION['email'] = $email;
        }
        else {
            echo "<span style='color:#ffffff;'>Invalid Email/Password</span><br>";
        }
    }
?>

For the logout you would then do:

<?php
    session_start(); 
    session_destroy();
?>

or

<?php
    session_start();  
    if(isset($_SESSION['email']))
        unset($_SESSION['email']); 
?>

---

Move session_register before you execute a print or echo.