Page 1 of 2

Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 6:20 am
by simonmlewis
I am posting info to variables and storing them in Sessions.
Then the person pays a fee, and returns back to the site, where the Session variables are inserted into the database.

This is working on the whole, however two of the variables are adjusted for apostophies and are now not inserting into the DB.

Code: Select all

$title=$_POST['title'];
$title = str_replace("'", '', $title);

if(isset($title))
{
    $title = $title;
    $_SESSION['title']=$title;
} else { $title=$_SESSION['title'];}
$title won't insert and I think it's because of the str_replace and then $title is becoming NULL. this is happening on a few fields, but if I can fix it on one, I can do them all.

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 7:20 am
by genix2011
Hi,

you are doing an str_replace with $title before you even check if $title is set.

Code: Select all

session_start(); // Has to be somewhere at the start of your code

$title=$_POST['title'];

if(isset($_POST['title'])) {
    $title = str_replace("'", '', $title);
    $_SESSION['title']=$title;
} else { 
    $title=$_SESSION['title'];
}
Greets.

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 7:23 am
by simonmlewis
session_start(); is at the top of the index.php page - trust me, that part works.
I'm unsure why it matters that I am doing the str_replace first. It *is* there, so it finds it and should store it.

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 7:31 am
by genix2011
I edited the code above, try it like that.

It should work now, if not, then there is some other bug in your code...

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 7:38 am
by simonmlewis
I'm sorry to say, it still doesn't work.
Your method is clearly 'cleaner', but it's basically the same as I what I did.

The other fields work. Those variables are not "messed with".
It's very bizarre as I have just tried your script without the extra so it's

Code: Select all

if(isset($_POST['title'])) {
    $_SESSION['title']=$title;
} else {
    $title=$_SESSION['title'];
}
And even that doesn't work. But with the "or die" in the SQL statement, there are no error warnings.

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 7:46 am
by simonmlewis
Also
If I put $title=$_POST['title']; at the top, and then echo it further down:

Code: Select all

echo "$title";
as echo " on the pre-pay page, it displays.

But if I don't put that at the top and only use your code, and echo it, it does not display.

This is all of it at the top:

Code: Select all

$catid = $_POST['catid'];
$subid = $_POST['subid'];
$catname = $_POST['catname'];
$subname = $_POST['subname'];
$title=$_POST['title'];
$description=$_POST['description'];
$description = str_replace("'", '', $description);
$posted_description = (get_magic_quotes_gpc()) ? stripslashes($_POST['description']) : $_POST['description'];
$description=mysql_real_escape_string($posted_description);
$video=$_POST['video'];
$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$postage = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['postage']));
$postage_location=$_POST['postage_location'];
$photo=$_POST['photo'];
$pic=($_FILES['photo']['name']);
$p=$_GET['p'];

if(isset($_POST['catname']))
{
    $catname = $_POST['catname'];
    $_SESSION['catname']=$catname;
} else { $catname=$_SESSION['catname'];}
if(isset($_POST['subname']))
{
    $subname = $_POST['subname'];
    $_SESSION['subname']=$subname;
} else { $subname=$_SESSION['subname'];}
if(isset($_POST['catid']))
{
    $catid = $_POST['catid'];
    $_SESSION['catid']=$catid;
} else { $catid=$_SESSION['catid'];}
if(isset($_POST['subid']))
{
    $subid = $_POST['subid'];
    $_SESSION['subid']=$subid;
} else { $subid=$_SESSION['subid'];}

if(isset($_POST['title'])) {
    $title = str_replace("'", '', $title);
    $_SESSION['title']=$title;
} else {
    $title=$_SESSION['title'];
}

if(isset($description))
{
    $description = $description;
    $_SESSION['description']=$description;
} else { $description=$_SESSION
I hadn't put *POST* in the description or title, as I was doing the "escape" thing to avoid hackers.
Maybe I have gone about that the wrong way??

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 7:59 am
by genix2011
Hi,

what are you trying to accomplish with your code?
Is this something like an multiple step form?

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 8:02 am
by simonmlewis
Yes.
They complete the form (including a file upload), it stores it all in sessions.
They are asked to pay a fee.
They are then taken back, after payment to this same page (or could be another page), and the session variables are then INSERT into the DB.

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 8:29 am
by genix2011
Hi,

the problem I see right now is this for example:

Code: Select all

$description=$_POST['description'];
$description = str_replace("'", '', $description);
In a multiple step form you do not always have the same $_POST variables in all steps, that means, that if $_POST['description'] was in step 2, but not in step 3, the str_replace above for example would fail in step 3.

So you would have to make sure, that all the variables you are using exist, before you use them.

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 8:45 am
by simonmlewis
Mmmmm... this fails too tho.
Remember, it accepts Video and ALL other fields, but not:
title
description
price
postage

Code: Select all

$catid = $_POST['catid'];
$subid = $_POST['subid'];
$catname = $_POST['catname'];
$subname = $_POST['subname'];
$video=$_POST['video'];
$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$postage = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['postage']));
$postage_location=$_POST['postage_location'];
$photo=$_POST['photo'];
$pic=($_FILES['photo']['name']);
$p=$_GET['p'];

if(isset($_POST['catname']))
{
    $catname = $_POST['catname'];
    $_SESSION['catname']=$catname;
} else { $catname=$_SESSION['catname'];}
if(isset($_POST['subname']))
{
    $subname = $_POST['subname'];
    $_SESSION['subname']=$subname;
} else { $subname=$_SESSION['subname'];}
if(isset($_POST['catid']))
{
    $catid = $_POST['catid'];
    $_SESSION['catid']=$catid;
} else { $catid=$_SESSION['catid'];}
if(isset($_POST['subid']))
{
    $subid = $_POST['subid'];
    $_SESSION['subid']=$subid;
} else { $subid=$_SESSION['subid'];}

if(isset($_POST['title'])) {
    $title = str_replace("'", '', $title);
    $_SESSION['title']=$title;
} else {
    $title=$_SESSION['title'];
}

if(isset($_POST['description']))
{
    $description = str_replace("'", '', $description);
    $_SESSION['description']=$description;
} else { $description=$_SESSION['description'];}

if(isset($_POST['video']))
{
    $video = $_POST['video'];
    $_SESSION['video']=$video;
} else { $video=$_SESSION['video'];}
if(isset($_POST['price']))
{
    $price = $_POST['price'];
    $_SESSION['price']=$price;
} else { $price=$_SESSION['price'];}
if(isset($_POST['postage']))
{
    $postage = $_POST['postage'];
    $_SESSION['postage']=$postage;
} else { $postage=$_SESSION['postage'];}
if(isset($_POST['postage_location']))
{
    $postage_location = $_POST['postage_location'];
    $_SESSION['postage_location']=$postage_location;
} else { $postage_location=$_SESSION['postage_location'];}
if(isset($_FILES['photo']))
{
    $photo = $_FILES['photo'];
    $_SESSION['photo']=$photo;
} else { $photo=$_SESSION['photo'];}

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 8:50 am
by genix2011
the same of course with this too:

Code: Select all

$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$postage = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['postage']));
or are you sending price and postage in every step with $_POST?

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 8:54 am
by simonmlewis
It's posted ONCE. then it is stored in the session and used when the page is called back again.
If $title is now stored in the same way as $price, why doesn't $title work?

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 8:56 am
by genix2011
Give me your whole code for this, I'm going to look over it.

As the code stands above, with all the changes, everything should work fine.

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 9:00 am
by genix2011
And you forget, that if you use the same script for saving in session and then callback, that this are indeed 2 steps, one with all the $_POST variables, and one by only using the $_SESSION variables without the $_POST variables existing.

Re: Session not working - where have I gone wrong?

Posted: Mon Aug 22, 2011 9:01 am
by simonmlewis
Thanks.

Code: Select all

<?php
$category=$_POST['category'];
$catid = $_POST['catid'];
$subid = $_POST['subid'];
$catname = $_POST['catname'];
$subname = $_POST['subname'];
$video=$_POST['video'];
$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$postage = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['postage']));
$postage_location=$_POST['postage_location'];
$photo=$_POST['photo'];
$pic=($_FILES['photo']['name']);
$p=$_GET['p'];

if(isset($_POST['catname']))
{
    $catname = $_POST['catname'];
    $_SESSION['catname']=$catname;
} else { $catname=$_SESSION['catname'];}

if(isset($_POST['subname']))
{
    $subname = $_POST['subname'];
    $_SESSION['subname']=$subname;
} else { $subname=$_SESSION['subname'];}

if(isset($_POST['catid']))
{
    $catid = $_POST['catid'];
    $_SESSION['catid']=$catid;
} else { $catid=$_SESSION['catid'];}

if(isset($_POST['subid']))
{
    $subid = $_POST['subid'];
    $_SESSION['subid']=$subid;
} else { $subid=$_SESSION['subid'];}


if(isset($_POST['title'])) {
    $title = $_POST['title'];
    $title = str_replace("'", '', $title);
    $_SESSION['title']=$title;
} 
else { $title=$_SESSION['title'];}

if(isset($_POST['description']))
{
    $description = str_replace("'", '', $description);
    $_SESSION['description']=$description;
} else { $description=$_SESSION['description'];}

if(isset($_POST['video']))
{
    $video = $_POST['video'];
    $_SESSION['video']=$video;
} else { $video=$_SESSION['video'];}
if(isset($_POST['price']))
{
    $price = $_POST['price'];
    $_SESSION['price']=$price;
} else { $price=$_SESSION['price'];}
if(isset($_POST['postage']))
{
    $postage = $_POST['postage'];
    $_SESSION['postage']=$postage;
} else { $postage=$_SESSION['postage'];}
if(isset($_POST['postage_location']))
{
    $postage_location = $_POST['postage_location'];
    $_SESSION['postage_location']=$postage_location;
} else { $postage_location=$_SESSION['postage_location'];}
if(isset($_FILES['photo']))
{
    $photo = $_FILES['photo'];
    $_SESSION['photo']=$photo;
} else { $photo=$_SESSION['photo'];}

include "dbconn.php";
$cookietype=$_COOKIE['type'];
$cookieid=$_COOKIE['userid'];
$todaydate = (date('Y-m-d'));

if ($cookietype != NULL)
{
  if ($p == NULL)
  { 
echo "<div class='head'>Adding your product</div>
 INFO HERE ON HOW TO PAY FOR THIS"; 
  }

if ($p == "y")
{
$pp = $_GET['pp'];
if ($pp == '1')
{
$ppdate = date('Y-m-d', strtotime('+7 days'));
}
if ($pp == '4')
{
$ppdate = date('Y-m-d', strtotime('+1 year'));
}
      
if ($photo == NULL)
{

mysql_query("INSERT INTO products
(catid, userid, catname, subid, subname, title, description, video, price, postage, status, postage_location) VALUES 
('$catid', '$cookieid', '$catname', '$subid', '$subname', '$title', '$description', '$video', '$price', '$postage', 'live', '$postage_location')") or die(mysql_error()); 
$newid = mysql_insert_id();
echo "
  <script>
  window.location.replace('index.php?page=product&product=$newid&s=$subid&c=$catid&cname=$catname&sname=$subname&menu=sub')
  </script>";
}

elseif ($photo != NULL)
{
if(get_magic_quotes_gpc()) {
      $input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
     
      while(list($k, $v) = each($input)) {
        foreach($v as $key => $val) {
          if(!is_array($val)) {
            $input[$k][$key] = stripslashes($val);
            continue;
          }
          $input[] =& $input[$k][$key];
        }
      }
      unset($input);
    }
    
error_reporting(0);

$change="";
$abc="";

 define ("MAX_SIZE","400");
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

 $errors=0;
  
 if($_SERVER["REQUEST_METHOD"] == "POST")
 {
 	$image =$_FILES["photo"]["name"];
	$uploadedfile = $_FILES['photo']['tmp_name'];    
 
 	if ($image) 
 	{
 	
 		$filename = stripslashes($_FILES['photo']['name']);
 	
  		$extension = getExtension($_FILES['photo']['name']);
 		$extension = strtolower($extension);
		
		
 if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
 		{
		
 			$change='<div class="msgdiv">Unknown Image extension </div> ';
 			$errors=1;
 		}
 		else
 		{

 $sizechange=filesize($_FILES['photo']['tmp_name']);


if ($sizechange > MAX_*1024)
{
	$change='<div class="msgdiv">You have exceeded the size limit!</div> ';
	$errors=1;
}


if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);

}
else if($extension=="png")
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);

}
else 
{
$src = imagecreatefromgif($uploadedfile);
}

echo $scr;

list($width,$height)=getimagesize($uploadedfile);
$tmp=imagecreatetruecolor($width,$height);

$newwidth1=142;
$newheight1=($height/$width)*$newwidth1;
$tmp1=imagecreatetruecolor($newwidth1,$newheight1);

imagecopyresampled($tmp,$src,0,0,0,0,$width,$height,$width,$height);
imagecopyresampled($tmp1,$src,0,0,0,0,$newwidth1,$newheight1,$width,$height);
$pic=($_FILES['photo']['name']);
srand(time());
$random = (rand()%99999999);
$newname="$random"."$pic";
$filename = "images/productphotos/". $newname;
$filename1 = "images/productphotos/small/". $newname;
imagejpeg($tmp,$filename,100);
imagejpeg($tmp1,$filename1,100);
imagedestroy($src);
imagedestroy($tmp);
imagedestroy($tmp1);
}}
}

mysql_query("INSERT INTO products
(catid, userid, catname, subid, subname, title, description, video, price, postage, photoprimary, status, postage_location) VALUES 
('$catid', '$cookieid', '$catname', '$subid', '$subname', '$title', '$description', '$video', '$price', '$postage', '$newname', 'live', '$postage_location')") or die(mysql_error()); 
$newid = mysql_insert_id();
}


echo "
  <script>
  window.location.replace('index.php?page=product&product=$newid&s=$subid&c=$catid&cname=$catname&sname=$subname&menu=sub')
  </script>";
}

if ($p == "n")
{
echo "
  <script>window.location.replace('index.php?page=myproducts&p=nn')
  </script>";
}

}
?>