Session not working - where have I gone wrong?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Session not working - where have I gone wrong?

Post by simonmlewis »

I am posting info to variables and storing them in Sessions.
Then the person pays a fee, and returns back to the site, where the Session variables are inserted into the database.

This is working on the whole, however two of the variables are adjusted for apostophies and are now not inserting into the DB.

Code: Select all

$title=$_POST['title'];
$title = str_replace("'", '', $title);

if(isset($title))
{
    $title = $title;
    $_SESSION['title']=$title;
} else { $title=$_SESSION['title'];}
$title won't insert and I think it's because of the str_replace and then $title is becoming NULL. this is happening on a few fields, but if I can fix it on one, I can do them all.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
genix2011
Forum Commoner
Posts: 74
Joined: Tue Aug 02, 2011 4:00 pm

Re: Session not working - where have I gone wrong?

Post by genix2011 »

Hi,

you are doing an str_replace with $title before you even check if $title is set.

Code: Select all

session_start(); // Has to be somewhere at the start of your code

$title=$_POST['title'];

if(isset($_POST['title'])) {
    $title = str_replace("'", '', $title);
    $_SESSION['title']=$title;
} else { 
    $title=$_SESSION['title'];
}
Greets.
Last edited by genix2011 on Mon Aug 22, 2011 7:29 am, edited 1 time in total.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Session not working - where have I gone wrong?

Post by simonmlewis »

session_start(); is at the top of the index.php page - trust me, that part works.
I'm unsure why it matters that I am doing the str_replace first. It *is* there, so it finds it and should store it.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
genix2011
Forum Commoner
Posts: 74
Joined: Tue Aug 02, 2011 4:00 pm

Re: Session not working - where have I gone wrong?

Post by genix2011 »

I edited the code above, try it like that.

It should work now, if not, then there is some other bug in your code...
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Session not working - where have I gone wrong?

Post by simonmlewis »

I'm sorry to say, it still doesn't work.
Your method is clearly 'cleaner', but it's basically the same as I what I did.

The other fields work. Those variables are not "messed with".
It's very bizarre as I have just tried your script without the extra so it's

Code: Select all

if(isset($_POST['title'])) {
    $_SESSION['title']=$title;
} else {
    $title=$_SESSION['title'];
}
And even that doesn't work. But with the "or die" in the SQL statement, there are no error warnings.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Session not working - where have I gone wrong?

Post by simonmlewis »

Also
If I put $title=$_POST['title']; at the top, and then echo it further down:

Code: Select all

echo "$title";
as echo " on the pre-pay page, it displays.

But if I don't put that at the top and only use your code, and echo it, it does not display.

This is all of it at the top:

Code: Select all

$catid = $_POST['catid'];
$subid = $_POST['subid'];
$catname = $_POST['catname'];
$subname = $_POST['subname'];
$title=$_POST['title'];
$description=$_POST['description'];
$description = str_replace("'", '', $description);
$posted_description = (get_magic_quotes_gpc()) ? stripslashes($_POST['description']) : $_POST['description'];
$description=mysql_real_escape_string($posted_description);
$video=$_POST['video'];
$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$postage = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['postage']));
$postage_location=$_POST['postage_location'];
$photo=$_POST['photo'];
$pic=($_FILES['photo']['name']);
$p=$_GET['p'];

if(isset($_POST['catname']))
{
    $catname = $_POST['catname'];
    $_SESSION['catname']=$catname;
} else { $catname=$_SESSION['catname'];}
if(isset($_POST['subname']))
{
    $subname = $_POST['subname'];
    $_SESSION['subname']=$subname;
} else { $subname=$_SESSION['subname'];}
if(isset($_POST['catid']))
{
    $catid = $_POST['catid'];
    $_SESSION['catid']=$catid;
} else { $catid=$_SESSION['catid'];}
if(isset($_POST['subid']))
{
    $subid = $_POST['subid'];
    $_SESSION['subid']=$subid;
} else { $subid=$_SESSION['subid'];}

if(isset($_POST['title'])) {
    $title = str_replace("'", '', $title);
    $_SESSION['title']=$title;
} else {
    $title=$_SESSION['title'];
}

if(isset($description))
{
    $description = $description;
    $_SESSION['description']=$description;
} else { $description=$_SESSION
I hadn't put *POST* in the description or title, as I was doing the "escape" thing to avoid hackers.
Maybe I have gone about that the wrong way??
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
genix2011
Forum Commoner
Posts: 74
Joined: Tue Aug 02, 2011 4:00 pm

Re: Session not working - where have I gone wrong?

Post by genix2011 »

Hi,

what are you trying to accomplish with your code?
Is this something like an multiple step form?
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Session not working - where have I gone wrong?

Post by simonmlewis »

Yes.
They complete the form (including a file upload), it stores it all in sessions.
They are asked to pay a fee.
They are then taken back, after payment to this same page (or could be another page), and the session variables are then INSERT into the DB.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
genix2011
Forum Commoner
Posts: 74
Joined: Tue Aug 02, 2011 4:00 pm

Re: Session not working - where have I gone wrong?

Post by genix2011 »

Hi,

the problem I see right now is this for example:

Code: Select all

$description=$_POST['description'];
$description = str_replace("'", '', $description);
In a multiple step form you do not always have the same $_POST variables in all steps, that means, that if $_POST['description'] was in step 2, but not in step 3, the str_replace above for example would fail in step 3.

So you would have to make sure, that all the variables you are using exist, before you use them.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Session not working - where have I gone wrong?

Post by simonmlewis »

Mmmmm... this fails too tho.
Remember, it accepts Video and ALL other fields, but not:
title
description
price
postage

Code: Select all

$catid = $_POST['catid'];
$subid = $_POST['subid'];
$catname = $_POST['catname'];
$subname = $_POST['subname'];
$video=$_POST['video'];
$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$postage = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['postage']));
$postage_location=$_POST['postage_location'];
$photo=$_POST['photo'];
$pic=($_FILES['photo']['name']);
$p=$_GET['p'];

if(isset($_POST['catname']))
{
    $catname = $_POST['catname'];
    $_SESSION['catname']=$catname;
} else { $catname=$_SESSION['catname'];}
if(isset($_POST['subname']))
{
    $subname = $_POST['subname'];
    $_SESSION['subname']=$subname;
} else { $subname=$_SESSION['subname'];}
if(isset($_POST['catid']))
{
    $catid = $_POST['catid'];
    $_SESSION['catid']=$catid;
} else { $catid=$_SESSION['catid'];}
if(isset($_POST['subid']))
{
    $subid = $_POST['subid'];
    $_SESSION['subid']=$subid;
} else { $subid=$_SESSION['subid'];}

if(isset($_POST['title'])) {
    $title = str_replace("'", '', $title);
    $_SESSION['title']=$title;
} else {
    $title=$_SESSION['title'];
}

if(isset($_POST['description']))
{
    $description = str_replace("'", '', $description);
    $_SESSION['description']=$description;
} else { $description=$_SESSION['description'];}

if(isset($_POST['video']))
{
    $video = $_POST['video'];
    $_SESSION['video']=$video;
} else { $video=$_SESSION['video'];}
if(isset($_POST['price']))
{
    $price = $_POST['price'];
    $_SESSION['price']=$price;
} else { $price=$_SESSION['price'];}
if(isset($_POST['postage']))
{
    $postage = $_POST['postage'];
    $_SESSION['postage']=$postage;
} else { $postage=$_SESSION['postage'];}
if(isset($_POST['postage_location']))
{
    $postage_location = $_POST['postage_location'];
    $_SESSION['postage_location']=$postage_location;
} else { $postage_location=$_SESSION['postage_location'];}
if(isset($_FILES['photo']))
{
    $photo = $_FILES['photo'];
    $_SESSION['photo']=$photo;
} else { $photo=$_SESSION['photo'];}
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
genix2011
Forum Commoner
Posts: 74
Joined: Tue Aug 02, 2011 4:00 pm

Re: Session not working - where have I gone wrong?

Post by genix2011 »

the same of course with this too:

Code: Select all

$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$postage = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['postage']));
or are you sending price and postage in every step with $_POST?
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Session not working - where have I gone wrong?

Post by simonmlewis »

It's posted ONCE. then it is stored in the session and used when the page is called back again.
If $title is now stored in the same way as $price, why doesn't $title work?
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
genix2011
Forum Commoner
Posts: 74
Joined: Tue Aug 02, 2011 4:00 pm

Re: Session not working - where have I gone wrong?

Post by genix2011 »

Give me your whole code for this, I'm going to look over it.

As the code stands above, with all the changes, everything should work fine.
genix2011
Forum Commoner
Posts: 74
Joined: Tue Aug 02, 2011 4:00 pm

Re: Session not working - where have I gone wrong?

Post by genix2011 »

And you forget, that if you use the same script for saving in session and then callback, that this are indeed 2 steps, one with all the $_POST variables, and one by only using the $_SESSION variables without the $_POST variables existing.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Session not working - where have I gone wrong?

Post by simonmlewis »

Thanks.

Code: Select all

<?php
$category=$_POST['category'];
$catid = $_POST['catid'];
$subid = $_POST['subid'];
$catname = $_POST['catname'];
$subname = $_POST['subname'];
$video=$_POST['video'];
$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$postage = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['postage']));
$postage_location=$_POST['postage_location'];
$photo=$_POST['photo'];
$pic=($_FILES['photo']['name']);
$p=$_GET['p'];

if(isset($_POST['catname']))
{
    $catname = $_POST['catname'];
    $_SESSION['catname']=$catname;
} else { $catname=$_SESSION['catname'];}

if(isset($_POST['subname']))
{
    $subname = $_POST['subname'];
    $_SESSION['subname']=$subname;
} else { $subname=$_SESSION['subname'];}

if(isset($_POST['catid']))
{
    $catid = $_POST['catid'];
    $_SESSION['catid']=$catid;
} else { $catid=$_SESSION['catid'];}

if(isset($_POST['subid']))
{
    $subid = $_POST['subid'];
    $_SESSION['subid']=$subid;
} else { $subid=$_SESSION['subid'];}


if(isset($_POST['title'])) {
    $title = $_POST['title'];
    $title = str_replace("'", '', $title);
    $_SESSION['title']=$title;
} 
else { $title=$_SESSION['title'];}

if(isset($_POST['description']))
{
    $description = str_replace("'", '', $description);
    $_SESSION['description']=$description;
} else { $description=$_SESSION['description'];}

if(isset($_POST['video']))
{
    $video = $_POST['video'];
    $_SESSION['video']=$video;
} else { $video=$_SESSION['video'];}
if(isset($_POST['price']))
{
    $price = $_POST['price'];
    $_SESSION['price']=$price;
} else { $price=$_SESSION['price'];}
if(isset($_POST['postage']))
{
    $postage = $_POST['postage'];
    $_SESSION['postage']=$postage;
} else { $postage=$_SESSION['postage'];}
if(isset($_POST['postage_location']))
{
    $postage_location = $_POST['postage_location'];
    $_SESSION['postage_location']=$postage_location;
} else { $postage_location=$_SESSION['postage_location'];}
if(isset($_FILES['photo']))
{
    $photo = $_FILES['photo'];
    $_SESSION['photo']=$photo;
} else { $photo=$_SESSION['photo'];}

include "dbconn.php";
$cookietype=$_COOKIE['type'];
$cookieid=$_COOKIE['userid'];
$todaydate = (date('Y-m-d'));

if ($cookietype != NULL)
{
  if ($p == NULL)
  { 
echo "<div class='head'>Adding your product</div>
 INFO HERE ON HOW TO PAY FOR THIS"; 
  }

if ($p == "y")
{
$pp = $_GET['pp'];
if ($pp == '1')
{
$ppdate = date('Y-m-d', strtotime('+7 days'));
}
if ($pp == '4')
{
$ppdate = date('Y-m-d', strtotime('+1 year'));
}
      
if ($photo == NULL)
{

mysql_query("INSERT INTO products
(catid, userid, catname, subid, subname, title, description, video, price, postage, status, postage_location) VALUES 
('$catid', '$cookieid', '$catname', '$subid', '$subname', '$title', '$description', '$video', '$price', '$postage', 'live', '$postage_location')") or die(mysql_error()); 
$newid = mysql_insert_id();
echo "
  <script>
  window.location.replace('index.php?page=product&product=$newid&s=$subid&c=$catid&cname=$catname&sname=$subname&menu=sub')
  </script>";
}

elseif ($photo != NULL)
{
if(get_magic_quotes_gpc()) {
      $input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
     
      while(list($k, $v) = each($input)) {
        foreach($v as $key => $val) {
          if(!is_array($val)) {
            $input[$k][$key] = stripslashes($val);
            continue;
          }
          $input[] =& $input[$k][$key];
        }
      }
      unset($input);
    }
    
error_reporting(0);

$change="";
$abc="";

 define ("MAX_SIZE","400");
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

 $errors=0;
  
 if($_SERVER["REQUEST_METHOD"] == "POST")
 {
 	$image =$_FILES["photo"]["name"];
	$uploadedfile = $_FILES['photo']['tmp_name'];    
 
 	if ($image) 
 	{
 	
 		$filename = stripslashes($_FILES['photo']['name']);
 	
  		$extension = getExtension($_FILES['photo']['name']);
 		$extension = strtolower($extension);
		
		
 if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
 		{
		
 			$change='<div class="msgdiv">Unknown Image extension </div> ';
 			$errors=1;
 		}
 		else
 		{

 $sizechange=filesize($_FILES['photo']['tmp_name']);


if ($sizechange > MAX_*1024)
{
	$change='<div class="msgdiv">You have exceeded the size limit!</div> ';
	$errors=1;
}


if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);

}
else if($extension=="png")
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);

}
else 
{
$src = imagecreatefromgif($uploadedfile);
}

echo $scr;

list($width,$height)=getimagesize($uploadedfile);
$tmp=imagecreatetruecolor($width,$height);

$newwidth1=142;
$newheight1=($height/$width)*$newwidth1;
$tmp1=imagecreatetruecolor($newwidth1,$newheight1);

imagecopyresampled($tmp,$src,0,0,0,0,$width,$height,$width,$height);
imagecopyresampled($tmp1,$src,0,0,0,0,$newwidth1,$newheight1,$width,$height);
$pic=($_FILES['photo']['name']);
srand(time());
$random = (rand()%99999999);
$newname="$random"."$pic";
$filename = "images/productphotos/". $newname;
$filename1 = "images/productphotos/small/". $newname;
imagejpeg($tmp,$filename,100);
imagejpeg($tmp1,$filename1,100);
imagedestroy($src);
imagedestroy($tmp);
imagedestroy($tmp1);
}}
}

mysql_query("INSERT INTO products
(catid, userid, catname, subid, subname, title, description, video, price, postage, photoprimary, status, postage_location) VALUES 
('$catid', '$cookieid', '$catname', '$subid', '$subname', '$title', '$description', '$video', '$price', '$postage', '$newname', 'live', '$postage_location')") or die(mysql_error()); 
$newid = mysql_insert_id();
}


echo "
  <script>
  window.location.replace('index.php?page=product&product=$newid&s=$subid&c=$catid&cname=$catname&sname=$subname&menu=sub')
  </script>";
}

if ($p == "n")
{
echo "
  <script>window.location.replace('index.php?page=myproducts&p=nn')
  </script>";
}

}
?>
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
Post Reply