Ok looked over it, and rewrote some parts, and tested it, so that the post vars are really saved in the session:
Code: Select all
<?php
/**
* Requires PHP 5.3
* Retrieves the value from $_POST or $_SESSION at index $name
* if found in $_POST and $set_session is true sets $_SESSION value at index $name to $_POST value
*/
function get_safe_value($name, $set_session=true, $filter=null){
$out = null;
if(isset($_POST[$name])){
if($set_session){
$_SESSION[$name] = $_POST[$name];
}
$out = $_POST[$name];
} else {
if(isset($_SESSION[$name])){
$out = $_SESSION[$name];
}
}
if($out != null){
if($filter != null){
$out = $filter($out);
} else {
$out = str_replace("'", '', $out);
}
}
return $out;
}
$catname = get_safe_value('catname');
$category = get_safe_value('category', false);
$catid = get_safe_value('catid');
$subid = get_safe_value('subid');
$subname = get_safe_value('subname');
$description = get_safe_value('description');
$video = get_safe_value('video');
$filter_func = function($val){
return sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $val));
};
$price = get_safe_value('price', true, $filter_func);
$postage = get_safe_value('postage', true, $filter_func);
$postage_location = get_safe_value('postage_location');
$photo = get_safe_value('photo');
$pic = (isset($_FILES['photo']['name']) ? $_FILES['photo']['name'] : null);
$p = (isset($_GET['p']) ? $_GET['p'] : null);
include "dbconn.php";
$cookietype = null;
$cookieid = null;
if(isset($_COOKIE['type'])){
$cookietype = $_COOKIE['type'];
}
if(isset($_COOKIE['userid'])){
$cookieid = $_COOKIE['userid'];
}
?>