Session variable not displaying - should be easy
Posted: Wed Jan 07, 2009 6:26 am
Hey everyone,
I'm writing a form validation script, fairly straightforward. In psuedocode, this is what's happening:
- session_start()
- we validate the user's form input
- if any of the input is invalid, we set $hasErrors to true, and add an error message to $errorText string
- when all validation tests are complete, if $hasErrors is false, we insert the data. if it's true, we store $errorText in a session variable called $_SESSION['response'] and return to the form, displaying the $_SESSION['response'] at the top to illustrate the error and then running session_destroy afterwards
- if $hasErrors was false and the data was inserted, we update $_SESSION['response'] to give a message of success
The problem happens here. If the form was correctly submitted, nothing is displayed when I output $_SESSION['response']. If I take out the call to session_destroy, it displays, but then it will display on page reloads too until the session is closed.
Here's the code:
I'm writing a form validation script, fairly straightforward. In psuedocode, this is what's happening:
- session_start()
- we validate the user's form input
- if any of the input is invalid, we set $hasErrors to true, and add an error message to $errorText string
- when all validation tests are complete, if $hasErrors is false, we insert the data. if it's true, we store $errorText in a session variable called $_SESSION['response'] and return to the form, displaying the $_SESSION['response'] at the top to illustrate the error and then running session_destroy afterwards
- if $hasErrors was false and the data was inserted, we update $_SESSION['response'] to give a message of success
The problem happens here. If the form was correctly submitted, nothing is displayed when I output $_SESSION['response']. If I take out the call to session_destroy, it displays, but then it will display on page reloads too until the session is closed.
Here's the code:
Code: Select all
session_start();
$hasErrors = false;
if(isset($_POST['addProduct'])) {
$cleanvars = array_map('clean', $_POST); // apply clean() function to all form input
extract($cleanvars,EXTR_PREFIX_ALL,'prod'); // produce array of $prod_ variables of the form fields
// first check for empty values
foreach($cleanvars as $value) { // loop through all of the cleaned up fields to validate them
if(!isset($value) || $value == "") {
$hasErrors = true;
$errors .= "<li>Make sure you've filled out all of the fields.</li>\n";
break;
}
}
// now check the numbers are numbers
if(!is_numeric($prod_retailPrice)) { $hasErrors = true; $errors .= "<li>Please make sure the retail price is a number.</li>\n"; }
if(!is_numeric($prod_bulkPrice)) { $hasErrors = true; $errors .= "<li>Please make sure the wholesale price is a number.</li>\n"; }
if(!is_numeric($prod_stock)) { $hasErrors = true; $errors .= "<li>Please make sure the stock level is a number.</li>\n"; }
if($hasErrors) { $_SESSION['response'] = $errors."</ul>\n"; } // if there's errors, set the session variable to the error string
if(!$hasErrors) { // only add product if there's no errors
if(addProduct($prod_code, $prod_range, $prod_description, $prod_retailPrice, $prod_bulkPrice, $prod_stock, $prod_photo)) {
$_SESSION['response'] = "<p>Congratulations! Product was added successfully.</p>";
header("Location: admin.php"); // reload the page to prevent duplicate form submissions
}
}
}
?>
<h2>Add Product</h2>
<?php echo @$_SESSION['response']; session_unset(); ?>
// form goes here