Page 1 of 1

Setting session variable using text box onChange event.

Posted: Wed Jul 27, 2005 4:27 pm
by hmartyb
I need to set a session variable on the fly. I was using cookies, but I need way too many (much more than the 20 allowed):

<script language="JavaScript">

function setCookie (name, value)
{
document.cookie = name + '=' + escape(value)
}

</script>

<input type="text" name="MiddleName" onChange=
"setCookie('MiddleName', MiddleName.value)"
value="<?php echo "{$_COOKIE['MiddleName']}"; ?>" size="25">

Is there any way to do this without cookies?

Posted: Wed Jul 27, 2005 4:43 pm
by josh
sure, just use javascript to make a http request to a php script, pass along the variables and have php write the session cookie.

Posted: Wed Jul 27, 2005 6:37 pm
by hmartyb
Okay, got that far, but it poses another problem. Now I need to dynamically name a session variable. I'm fairly new to sessions, so please bear with me. I tried something like this (which doesn't work):

Code: Select all

<?php 
     session_start();
     $SessionName = "SomeName";
     $_SESSION[$SessionName] = "SomeValue";
?>
What I was trying to do was make $_SESSION['SomeName']="SomeValue" dynamically. Can this be done?

Posted: Wed Jul 27, 2005 6:43 pm
by josh
That should work, try $_SESSION["$variable"];

EDIT: Does $_SESSION['someName'] have a value already?

Posted: Wed Jul 27, 2005 7:00 pm
by hmartyb
I'll play with it a bit more tomorrow. $_SESSION['SomeName'] may or may not have a value, as I'm tying this bit of code to my header request. I'll post the a better picture of what I'm trying to accomplish tomorrow, thanks for your help so far!!

Marty

Posted: Wed Jul 27, 2005 7:18 pm
by josh
hmartyb wrote:I'll play with it a bit more tomorrow. $_SESSION['SomeName'] may or may not have a value, as I'm tying this bit of code to my header request. I'll post the a better picture of what I'm trying to accomplish tomorrow, thanks for your help so far!!

Marty
Try this:

Code: Select all

session_start();

$name='foo';

// You have to give it a value or it 'won't work' (won't output a value)
$_SESSION['foo']='bar';

echo $_SESSION[$name];

Posted: Thu Jul 28, 2005 11:10 am
by hmartyb
I was afraid of that. I was trying to get around having to do this:

Code: Select all

<?php
	session_start();	    
       $name = stripslashes($_GET['name']);
       $value = stripslashes($_GET['value']);
	switch ($name)
	    {
	    case "FirstName":
		$_SESSION['FirstName'] = $value;
                break;
	    case "LastName":
		$_SESSION['LastName'] = $value;
                break;
	    }
        echo $name ." = ".$_SESSION[$name];
?>
By doing this:

Code: Select all

<?php
	session_start();
       $name = $_GET['name'];
       $value = $_GET['value'];
	$_SESSION['$name']=$value;
	echo $_SESSION[$name];
?>
As I will be setting about 80 session variables.

Posted: Thu Jul 28, 2005 11:31 am
by josh
NEVER do:

Code: Select all

<?php
    session_start();
       $name = $_GET['name'];
       $value = $_GET['value'];
    $_SESSION['$name']=$value;
    echo $_SESSION[$name];
?>
This poses the same risks as leaving register globals on, what happens when someone sets $name to 'admin' and $value to 1? Although, yes this code would do what you intended it would leave a huge security hole.

Try something like this:

Code: Select all

$array=array("list", "of", "acceptable", "session", "names");
$count=count($array);
for ($x=0; $x<=$count; $x++) {
     $_SESSION[$array[$x]]=htmlentities($_POST[$array[$x]]);
}
print_r($_SESSION);
This should populate your session data as long as you specify all the allowed values.

Posted: Thu Jul 28, 2005 1:05 pm
by hmartyb
This poses the same risks as leaving register globals on, what happens when someone sets $name to 'admin' and $value to 1?
Yeah, I was so intent on solving my coding, it didn't occur to me! Thanks for pointing it out! Also thanks for steering me in the right direction on setting my session variables. I think you've answered all of my questions.

Marty