Setting session variable using text box onChange event.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
hmartyb
Forum Newbie
Posts: 5
Joined: Wed Jul 27, 2005 4:03 pm

Setting session variable using text box onChange event.

Post by hmartyb »

I need to set a session variable on the fly. I was using cookies, but I need way too many (much more than the 20 allowed):

<script language="JavaScript">

function setCookie (name, value)
{
document.cookie = name + '=' + escape(value)
}

</script>

<input type="text" name="MiddleName" onChange=
"setCookie('MiddleName', MiddleName.value)"
value="<?php echo "{$_COOKIE['MiddleName']}"; ?>" size="25">

Is there any way to do this without cookies?
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

sure, just use javascript to make a http request to a php script, pass along the variables and have php write the session cookie.
hmartyb
Forum Newbie
Posts: 5
Joined: Wed Jul 27, 2005 4:03 pm

Post by hmartyb »

Okay, got that far, but it poses another problem. Now I need to dynamically name a session variable. I'm fairly new to sessions, so please bear with me. I tried something like this (which doesn't work):

Code: Select all

<?php 
     session_start();
     $SessionName = "SomeName";
     $_SESSION[$SessionName] = "SomeValue";
?>
What I was trying to do was make $_SESSION['SomeName']="SomeValue" dynamically. Can this be done?
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

That should work, try $_SESSION["$variable"];

EDIT: Does $_SESSION['someName'] have a value already?
hmartyb
Forum Newbie
Posts: 5
Joined: Wed Jul 27, 2005 4:03 pm

Post by hmartyb »

I'll play with it a bit more tomorrow. $_SESSION['SomeName'] may or may not have a value, as I'm tying this bit of code to my header request. I'll post the a better picture of what I'm trying to accomplish tomorrow, thanks for your help so far!!

Marty
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

hmartyb wrote:I'll play with it a bit more tomorrow. $_SESSION['SomeName'] may or may not have a value, as I'm tying this bit of code to my header request. I'll post the a better picture of what I'm trying to accomplish tomorrow, thanks for your help so far!!

Marty
Try this:

Code: Select all

session_start();

$name='foo';

// You have to give it a value or it 'won't work' (won't output a value)
$_SESSION['foo']='bar';

echo $_SESSION[$name];
hmartyb
Forum Newbie
Posts: 5
Joined: Wed Jul 27, 2005 4:03 pm

Post by hmartyb »

I was afraid of that. I was trying to get around having to do this:

Code: Select all

<?php
	session_start();	    
       $name = stripslashes($_GET['name']);
       $value = stripslashes($_GET['value']);
	switch ($name)
	    {
	    case "FirstName":
		$_SESSION['FirstName'] = $value;
                break;
	    case "LastName":
		$_SESSION['LastName'] = $value;
                break;
	    }
        echo $name ." = ".$_SESSION[$name];
?>
By doing this:

Code: Select all

<?php
	session_start();
       $name = $_GET['name'];
       $value = $_GET['value'];
	$_SESSION['$name']=$value;
	echo $_SESSION[$name];
?>
As I will be setting about 80 session variables.
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

NEVER do:

Code: Select all

<?php
    session_start();
       $name = $_GET['name'];
       $value = $_GET['value'];
    $_SESSION['$name']=$value;
    echo $_SESSION[$name];
?>
This poses the same risks as leaving register globals on, what happens when someone sets $name to 'admin' and $value to 1? Although, yes this code would do what you intended it would leave a huge security hole.

Try something like this:

Code: Select all

$array=array("list", "of", "acceptable", "session", "names");
$count=count($array);
for ($x=0; $x<=$count; $x++) {
     $_SESSION[$array[$x]]=htmlentities($_POST[$array[$x]]);
}
print_r($_SESSION);
This should populate your session data as long as you specify all the allowed values.
hmartyb
Forum Newbie
Posts: 5
Joined: Wed Jul 27, 2005 4:03 pm

Post by hmartyb »

This poses the same risks as leaving register globals on, what happens when someone sets $name to 'admin' and $value to 1?
Yeah, I was so intent on solving my coding, it didn't occur to me! Thanks for pointing it out! Also thanks for steering me in the right direction on setting my session variables. I think you've answered all of my questions.

Marty
Post Reply