team2005
asked on
How to save fields form
Hi!
Have this form :
I use this form o a webpage (php), and show the result from the selections.
My problem is that a query is executed, every time the same page is loaded.
I need a way to store the selected values from the form.
So the next time the page is loaded, it show the user the same selected values.
How can i do this ?
Have this form :
<form class="formqueryform" action="<?php $_PHP_SELF ?>" method="POST">
<table width="100%" align="left" class="formsql">
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Dato:</td>
<td align="left" valign="top">
<input type="date" name="date1" id="date" value=<?php echo $dagensdatopast ?> class="formreports" />
<input type="date" name="date2" id="date2" value=<?php echo $dagensdato ?> class="formreports" />
<label for="Scale" class="form-radio"><input type="checkbox" name="datobrukes" class="formreportsdate" id="datobrukes" checked> Dato</label>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Kontroller:</td>
<td class="rapport1_del3" align="left" valign="top">
<select id="recipient" name="kontroller" tabindex="6" class="selmenu">
<option>Alle kontrollere</option>
<?php
$result3 = mysql_query("SELECT Navn FROM {$table1} WHERE Bruker_id='{$brukerID}' and Kunde_id='{$kundeid}'") or die(mysql_error());
while ($row3 = mysql_fetch_array($result3)){
$navnkon = $row3['Navn'];
?>
<option><?php echo $navnkon; ?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Bruker:</td>
<td class="rapport1_del3" align="left" valign="top">
<select id="recipient" name="brukere" tabindex="6" class="selmenu">
<option>Alle brukere</option>
<?php
$result3 = mysql_query("SELECT Navn FROM {$table2} WHERE Kunde_id='{$kundeid}'") or die(mysql_error());
while ($row3 = mysql_fetch_array($result3)){
$navnbruker = $row3['Navn'];
?>
<option><?php echo $navnbruker; ?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Svar:</td>
<td>
<label for="Alle" class="form-radio"><input type="radio" value="0" name="svar" id="Alle" checked> Alle</label>
<label for="Ja" class="form-radio"><input type="radio" value="1" name="svar" id="Ja"> Ja</label>
<label for="Nei" class="form-radio"><input type="radio" value="2" name="svar" id="Nei"> Nei</label>
<label for="Scale" class="form-radio"><input type="radio" value="3" name="svar" id="Scale"> Scale</label>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Rapport:</td>
<td>
<label for="Rapport 1" class="form-radio"><input type="radio" name="rapport" value="1" id="Alle" checked>Rapport 1</label>
<label for="Rapport 2" class="form-radio"><input type="radio" name="rapport" value="2" id="Ja">Rapport 2</label>
</td>
</tr>
<tr>
<td class="rapport1_del4" align="right" valign="top">S</td>
<td>
<section id="buttons">
<!--<input type="reset" name="reset" id="resetbtn" class="resetbtn" value="Reset"> -->
<input type="submit" name="submit" id="submitbtn" class="submitbtn" tabindex="7" value="Soke">
<br style="clear:both;">
</section>
</td>
</tr>
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
</table>
</form>
I use this form o a webpage (php), and show the result from the selections.
My problem is that a query is executed, every time the same page is loaded.
I need a way to store the selected values from the form.
So the next time the page is loaded, it show the user the same selected values.
How can i do this ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi!
On top of my page i use:
session_start();
Then i use this code:
And then i set value in control like this:
But when i select somthing, it dosent remember the selected value ?
On top of my page i use:
session_start();
Then i use this code:
if (isset($_POST['submit'])) {
$datofra = $_POST["date1"];
$datotil = $_POST["date2"];
$svarsp = $_POST["svar"];
$kontr = $_POST["kontroller"];
$brukere = $_POST["brukere"];
$vilkenrapport = $_POST["rapport"];
$datobrukes = $_POST["datobrukes"];
$viserapport=1;
$_SESSION['kontroller'] = $_POST['kontroller'];
}
And then i set value in control like this:
<select id="recipient" name="kontroller" tabindex="6" value="<?php echo $_SESSION['kontroller'];?>" class="selmenu">
But when i select somthing, it dosent remember the selected value ?
Try using var_dump() to print out the contents of the variables. Also, please read the article. I have yet to see session_start() in any of your code snippets. It is required if you want to use the PHP session. If you omit it, your script can put data into $_SESSION but the data will be lost across the requests and PHP will not tell you about it!
You may also want to learn about the <select> control. It does not have a value attribute -- it only has the name attribute. The <option> control has the value attribute.
You may also want to learn about the <select> control. It does not have a value attribute -- it only has the name attribute. The <option> control has the value attribute.
ASKER
Hi!
This code:
echo "<option ";
if( $_POST["kontroller"] == $navnkon) echo ' selected="selected"';
echo ">$navnkon</option>";
It works after first time i have clicked button -> submit
But first time the form is shown, i get 1 value, but next value is:
Notice: Undefined index kontroller in.....
What is wrong ?
This code:
echo "<option ";
if( $_POST["kontroller"] == $navnkon) echo ' selected="selected"';
echo ">$navnkon</option>";
It works after first time i have clicked button -> submit
But first time the form is shown, i get 1 value, but next value is:
Notice: Undefined index kontroller in.....
What is wrong ?
Please go back to this answer. It is self-contained and teaches exactly what you're trying to do here. If you follow those design concepts you will get good results. The troubles you're having now are almost certainly the product of a logic error, but it would be impossible for us to guess what is wrong with the script from a single if() statement.
If you're still having difficulties after you review the earlier response please prepare the SSCCE that demonstrates your difficulty and post it here. I'll try to help you with the example.
If you're still having difficulties after you review the earlier response please prepare the SSCCE that demonstrates your difficulty and post it here. I'll try to help you with the example.
ASKER
Hi!
Have followed your example, and done this:
Top of page i set session:
Afther this i use: (where i know Submit is clicked
Then i set the value of listbox:
But this dosent work ?
Have followed your example, and done this:
Top of page i set session:
session_start();
if (!isset($_SESSION["formname"]))
{
// INITIALIZE THE VALUES FOR USE IN THE FORM LATER
$_SESSION["kontroller"] = '';
}
Afther this i use: (where i know Submit is clicked
$_SESSION["kontroller"] = $_POST["kontroller"];
Then i set the value of listbox:
<select id="recipient" name="kontroller" tabindex="6" class="selmenu" value="{$_SESSION["kontroller"]}">
But this dosent work ?
What is "formname?" Wouldn't you want to use "kontroller?"
ASKER
Hi!
Ok, fixed that.
But still dosent work ?
Ok, fixed that.
But still dosent work ?
ASKER
Hi!
Sorry, but i cant find any thing wrong here:
Top of page i set session:
session_start();
if (!isset($_SESSION["formnam e"]))
{
// INITIALIZE THE VALUES FOR USE IN THE FORM LATER
$_SESSION["kontroller"] = '';
}
Afther this i use: (where i know Submit is clicked
$_SESSION["kontroller"] = $_POST["kontroller"];
Then i set the value of listbox:
<select id="recipient" name="kontroller" tabindex="6" class="selmenu" value="{$_SESSION["kontrol ler"]}">
I dont know what is wrong with this code ?
Sorry, but i cant find any thing wrong here:
Top of page i set session:
session_start();
if (!isset($_SESSION["formnam
{
// INITIALIZE THE VALUES FOR USE IN THE FORM LATER
$_SESSION["kontroller"] = '';
}
Afther this i use: (where i know Submit is clicked
$_SESSION["kontroller"] = $_POST["kontroller"];
Then i set the value of listbox:
<select id="recipient" name="kontroller" tabindex="6" class="selmenu" value="{$_SESSION["kontrol
I dont know what is wrong with this code ?
Please, please work with me here! I need to see your
http://sscce.org/
and then I can show you exactly what is wrong and exactly how to fix it.ASKER
Hi!
Here is the file:
Here is the file:
<?php // RAY_EE_login.php
session_start();
require_once('RAY_EE_config.php');
$table1 = 'Kontroller';
$table2 = 'brukere';
$rec_limit = 5;
if (!isset($_SESSION["kontroller"]))
{
// INITIALIZE THE VALUES FOR USE IN THE FORM LATER
$_SESSION["kontroller"] = '';
}
// ACCESS TO THIS PAGE IS TESTED BUT NOT CONTROLLED
if ($uid = access_control(TRUE))
{
if (isset($_POST['submit'])) {
$datofra = $_POST["date1"];
$datotil = $_POST["date2"];
$svarsp = $_POST["svar"];
$kontr = $_POST["kontroller"];
$brukere = $_POST["brukere"];
$vilkenrapport = $_POST["rapport"];
$datobrukes = $_POST["datobrukes"];
$viserapport=1;
$_SESSION["kontroller"] = $_POST["kontroller"];
$_SESSION["date1"] = $_POST["date1"];
/* Rutiner for database */
$sql = "SELECT count(Trans_id) FROM Transaksoner";
if ($datobrukes==true){
$sql = $sql." Where Opprettetdato BETWEEN '{$datofra}' AND '{$datotil}'";
}
$substr = "Alle kontrollere";
if (strpos($kontr, $substr) === false) {
$sql = $sql." and K_Navn='{$kontr}'";
}
$substr = "Alle brukere";
if (strpos($brukere, $substr) === false) {
$brID = hentbrukerident($brukere);
$sql = $sql." and Bruker_id='{$brID}'";
}
if ($svarsp=="1"){
$sql = $sql." and Svar='Ja'";
}
if ($svarsp=="2"){
$sql = $sql." and Svar='Nei'";
}
if ($svarsp=="3"){
$sql = $sql." and Svar<>'Ja' and Svar<>'Nei' ";
}
$retval = mysql_query($sql);
if(!$retval)
{
die('Could not get data xx: ' . mysql_error());
}
$row = mysql_fetch_array($retval, MYSQL_NUM );
$rec_count = $row[0];
if ($rec_count>0)
{
$antsider = intval($rec_count/$rec_limit);
}
if( isset($_GET{'page'} ) )
{
if (isset($_POST["page"])) {
if ($page<$antsider){
$page = $_GET{'page'} + 1; }
}
$offset = $rec_limit * $page ;
}
else
{
$page = 0;
$offset = 0;
}
$left_rec = $rec_count - ($page * $rec_limit);
}
else
{
$viserapport=0;
$svarsp=-1;
if( isset($_GET{'page'} ) )
{
$rec_count = $_GET["rec_count"];
$antsider = $_GET["antsider"];
if ($page<$antsider){
$page = $_GET{'page'} + 1; }
$offset = $rec_limit * $page ;
}
else
{
$page = 0;
$offset = 0;
$rec_count = 0;
$antsider = 0;
}
$left_rec = $rec_count - ($page * $rec_limit);
}
if (isset($funksjon)) {
$funksjon = $_GET['funksjon'];
}
if (isset($nyttsok))
{
$nyttsok = $_GET['nyttsok'];
}
if (isset($navigering)) {
$navigering = $_GET['navigering'];
}
$brukerID = brukerident('xxx');
$kundeid = kundeid();
if (isset($navigering)) {
if ($navigering == 1)
{
echo '<script type="text/javascript"> alert("Du trykte på NAV 1") </script>';
}
if ($navigering == 2)
{
echo '<script type="text/javascript"> alert("Du trykte på NAV 2") </script>';
}
if ($navigering == 3)
{
echo '<script type="text/javascript"> alert("Du trykte på NAV 3") </script>';
}
if ($navigering == 4)
{
echo '<script type="text/javascript"> alert("Du trykte på NAV 4") </script>';
}
}
if (isset($funksjon)) {
if ($funksjon == 1)
{
echo '<script type="text/javascript"> alert("Du trykte på Excel") </script>';
}
}
}
else
{
header("location: login.php");
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Agrippa report system</title>
<link href="css/redmond/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
</head>
<body>
<link rel="stylesheet" href="reportcss.css">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<Div>
<table width="100%" align="left" border="1" padding-right="10px" class="headertabell">
<tr class="rapport1_del5">
<td class="rapport1_del5" align="left">
<a href="agrippareports.php?funksjon=1" target="_self"><img src="images/excel.png" align="left"/> Excel </a></td>
<td class="rapport1_del5" align="left">
<a href="hovedside.php" target="_self"> <img src="images/skriver.png" align="left" /> Printer </a></td>
<td class="rapport1_del5" align="left>
<a href="hovedside.php" target="_self"> <img src="images/PDF.png" align="left" /> PDF </a>
</td>
<td class="rapport1_del6_4"> <a href="agrippareports.php?page=0&antsider=<?php echo $antsider?>&rec_count=<?php echo $rec_count;?>" target="_self"> <img src="images/b1.png" align="left"/></a> </td>
<td class="rapport1_del6_2"> <a href="agrippareports.php?page=<?php echo $last; ?>&antsider=<?php echo $antsider?>&rec_count=<?php echo $rec_count;?>" target="_self"> <img src="images/b2.png" align="left" /></a> </td>
<?php
if ($antsider==0){
?>
<td class="rapport1_del6_2"> <input class="txtboxsider" type="text" id="email" value = "<?php echo $page; ?> av <?php echo $antsider; ?>" align="right" /></td>
<?php }
else {
?>
<td class="rapport1_del6_2"> <input class="txtboxsider" type="text" id="email" value = "<?php echo $page+1; ?> av <?php echo $antsider; ?>" align="right" /></td>
<?php }?>
<td class="rapport1_del6_2"> <a href="agrippareports.php?page=<?php echo $page; ?>&antsider=<?php echo $antsider?>&rec_count=<?php echo $rec_count;?>" target="_self"> <img src="images/b3.png" align="left" /></a> </td>
<td class="rapport1_del6_3"> <a href="agrippareports.php?page=<?php echo $antsider?>&antsider=<?php echo $antsider?>&rec_count=<?php echo $rec_count;?>" target="_self"> <img src="images/b4.png" align="left" /></a> </td>
</tr>
</table>
</Div>
<?php
$dagensdato=date('Y-m-d');
$dagensdatopast = date('Y-m-d', strtotime('-3 month'));
?>
</br>
<form class="formqueryform" action="<?php $_PHP_SELF ?>" method="POST">
<table width="100%" align="left" class="formsql">
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Dato:</td>
<td align="left" valign="top">
<input type="date" name="date1" id="date" value=<?php echo $dagensdatopast ?> class="formreports" />
<input type="date" name="date2" id="date2" value=<?php echo $dagensdato ?> class="formreports" />
<label for="Scale" class="form-radio"><input type="checkbox" name="datobrukes" class="formreportsdate" id="datobrukes" checked> Dato</label>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Kontroller:</td>
<td class="rapport1_del3" align="left" valign="top">
<select id="recipient" name="kontroller" tabindex="6" class="selmenu" value=<?php echo $kontroller?>>
<option>Alle kontrollere</option>
<?php
$result3 = mysql_query("SELECT Navn FROM {$table1} WHERE Bruker_id='{$brukerID}' and Kunde_id='{$kundeid}'") or die(mysql_error());
while ($row3 = mysql_fetch_array($result3)){
$navnkon = $row3['Navn'];
?>
<option><?php echo $navnkon;?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Bruker:</td>
<td class="rapport1_del3" align="left" valign="top">
<select id="recipient" name="brukere" tabindex="6" class="selmenu">
<option>Alle brukere</option>
<?php
$result3 = mysql_query("SELECT Navn FROM {$table2} WHERE Kunde_id='{$kundeid}'") or die(mysql_error());
while ($row3 = mysql_fetch_array($result3)){
$navnbruker = $row3['Navn'];
?>
<option><?php echo $navnbruker; ?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Svar:</td>
<td>
<label for="Alle" class="form-radio"><input type="radio" value="0" name="svar" id="Alle" checked> Alle</label>
<label for="Ja" class="form-radio"><input type="radio" value="1" name="svar" id="Ja"> Ja</label>
<label for="Nei" class="form-radio"><input type="radio" value="2" name="svar" id="Nei"> Nei</label>
<label for="Scale" class="form-radio"><input type="radio" value="3" name="svar" id="Scale"> Scale</label>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Rapport:</td>
<td>
<label for="Rapport 1" class="form-radio"><input type="radio" name="rapport" value="1" id="Alle" checked>Rapport 1</label>
<label for="Rapport 2" class="form-radio"><input type="radio" name="rapport" value="2" id="Ja">Rapport 2</label>
</td>
</tr>
<tr>
<td class="rapport1_del4" align="right" valign="top">S</td>
<td>
<section id="buttons">
<!--<input type="reset" name="reset" id="resetbtn" class="resetbtn" value="Reset"> -->
<input type="submit" name="submit" id="submitbtn" class="submitbtn" tabindex="7" value="Soke">
<br style="clear:both;">
</section>
</td>
</tr>
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
</table>
</form>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js"></script>
<script src="js/jquery-ui.js"></script>
<script>
(function() {
var elem = document.createElement('input');
elem.setAttribute('type', 'date');
if ( elem.type === 'text' ) {
$('#date').datepicker({
dateFormat: 'yy-mm-dd',
// defaultDate: +5
});
$('#date2').datepicker({
dateFormat: 'yy-mm-dd',
// defaultDate: +5
});
}
})();
</script>
<br>
</br>
<?php
if ($viserapport==1) {
$sql = "SELECT K_Navn,Lokasjons_id,K_ID,Kunde_id,Spmtekst,Bilde,Kommentar,Opprettetdato,Svar,Bruker_id,Spm_id FROM Transaksoner";
if ($datobrukes==true){
$sql = $sql." Where Opprettetdato BETWEEN '{$datofra}' AND '{$datotil}'";
}
$substr = "Alle kontrollere";
if (strpos($kontr, $substr) === false) {
$sql = $sql." and K_Navn='{$kontr}'";
}
$substr = "Alle brukere";
if (strpos($brukere, $substr) === false) {
$brID = hentbrukerident($brukere);
$sql = $sql." and Bruker_id='{$brID}'";
}
if ($svarsp=="1"){
$sql = $sql." and Svar='Ja'";
}
if ($svarsp=="2"){
$sql = $sql." and Svar='Nei'";
}
if ($svarsp=="3"){
$sql = $sql." and Svar<>'Ja' and Svar<>'Nei' ";
}
$sql = $sql." ORDER BY K_ID LIMIT {$offset}, {$rec_limit}";
$retval = mysql_query($sql);
if(! $retval )
{
die('Could not get data aa: ' . mysql_error());
}
$TMP_KID=0;
$forstekontroller = 1;
$TMP_LOK=0;
while($row3 = mysql_fetch_array($retval, MYSQL_ASSOC)){
$kontrollernavn = mysql_real_escape_string($row3['K_Navn']);
$lokasjonnr = $row3['Lokasjons_id'];
$K_ID = $row3['K_ID'];
$kunde_ID = $row3['Kunde_id'];
$lokasjonnavn = hent_lokasjons_tekst($lokasjonnr,$kunde_ID,$K_ID);
$sporsmal = $row3['Spmtekst'];
$bilderef = $row3['Bilde'];
$kommentar = $row3['Kommentar'];
$transdato = $row3['Opprettetdato'];
$svar = $row3['Svar'];
$brukernavn = hentbrukerensnavn($row3['Bruker_id']);
$scaleant = sjekk_type_sporsmal($row3['Spm_id'],$kunde_ID);
if ($vilkenrapport==1){
if ($forstekontroller==1)
{
$forstekontroller=0;
$TMP_KID = $K_ID;
$TMP_LOK = $lokasjonnr;
?>
<table width="100%" align="center" class="testtabell">
<tr>
<td class="rapport1_del1" height="40px" colspan="4"><?php echo $kontrollernavn; ?></td>
</tr>
<tr>
<td class="rapport1_del2" colspan="3" height="40px"><?php echo $lokasjonnavn; ?> </td>
<td class="rapport_brukernavn" align="right"><?php echo $brukernavn; ?></td>
</tr>
<?php
}
?>
<?php
if ((($TMP_KID<>$K_ID) or ($TMP_LOK<>$lokasjonnr)) and $forstekontroller==2)
{
if ($TMP_KID<>$K_ID) {$TMP_KID = $K_ID;}
if ($TMP_LOK<>$lokasjonnr) {$TMP_LOK = $lokasjonnr;} ?>
</table>
<table width="100%" align="center" class="testtabell">
<tr>
<td class="rapport1_del1" colspan="4" height="40px"><?php echo $kontrollernavn; ?></td>
</tr>
<tr>
<td class="rapport1_del2" colspan="3" height="40px"><?php echo $lokasjonnavn; ?></td>
<td class="rapport_brukernavn" align="right"><?php echo $brukernavn; ?></td>
</tr>
<?php
}
?>
<tr class="blank_row_noborder">
<td colspan="4"></td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top"> Sporsmål: </td>
<td class="rapport1_del3" valign="top"> <?php echo $sporsmal;?> </td>
<?php
if ($bilderef=="")
{ ?>
<td class="rapport1_del3" valign="top"></td>
<td valign="top" class="rapport_image1" rowspan="4"><img src="images/ingen.png" width="150" align="right" /></td>
<?php
}
else
{
?>
<td class="rapport1_del3" valign="top"></td>
<td valign="top" class="rapport_image1" rowspan="4"><img src="uploads/<?php echo $bilderef; ?>" width="150" align="right" /></td>
<?php
}
?>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top"> Dato: </td>
<td class="rapport1_del3" valign="top" colspan="2"><?php echo $transdato; ?></td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top"> Svar:</td>
<?php
if (($svar=="Ja") or ($svar=="Nei"))
{ ?>
<td class="rapport1_del3" valign="top" colspan="2"><?php echo $svar; ?></td>
<?php
}
else {
?>
<td class="rapport1_del3" valign="top" colspan="2"><?php echo $svar; ?> av <?php echo $scaleant; ?></td>
<?php }
?>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top"> Kommentar:</td>
<td class="rapport1_del3" valign="top" colspan="2"><?php echo $kommentar; ?></td>
</tr>
<tr class="blank_row">
<td colspan="4"></td>
</tr>
<?php
$forstekontroller=2;
?>
<?php
} } }
if( $page > 0 )
{
$last = $page - 2;
}
else if( $page == 0 )
{
}
else if( $left_rec < $rec_limit )
{
$last = $page - 2;
}
?>
</body>
</html>
That's not the SSCCE. The SSCCE has all of the irrelevant parts removed, so that the problem is isolated and reproducible.
Once upon a time in the history of PHP this scripts would have worked because of a security hole called Register Globals. Please read this article to understand why Register Globals was removed.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_7317-Register-Globals-a-bad-idea-from-day-one.html
The reason it would have worked is because of this variable:
$_SESSION["kontroller"]
In the Register Globals world, that would have caused the injection of $kontroller into the symbol table.
To find the problem, I relied on your earlier assertion that this statement was in the script:
<select id="recipient" name="kontroller" tabindex="6" class="selmenu" value="{$_SESSION["kontrol ler"]}">
I searched the script for all occurrences of $_SESSION["kontroller"] expecting to find it in the select tag (more on that later). I did not find it; instead I found a different variable on line 250. According to my code scanner, this is an undefined variable.
This script should probably be refactored by a professional programmer. In no particular order, these are the things that need to be fixed.
1. You must get off the MySQL extension because PHP is doing away with it. The article explains why and what you must do to keep your scripts running.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
2. You must start programming with error_reporting(E_ALL) which would have alerted you to such things as an undefined variable.
3. You probably want to learn to use comments and coding standards to make the code more readable.
4. You need to understand how select and option tags work. The select tag contains the name= attribute. The option tag contains the value= attribute. In this script, the generated HTML will likely be useless because there will not be any values.
Once upon a time in the history of PHP this scripts would have worked because of a security hole called Register Globals. Please read this article to understand why Register Globals was removed.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_7317-Register-Globals-a-bad-idea-from-day-one.html
The reason it would have worked is because of this variable:
$_SESSION["kontroller"]
In the Register Globals world, that would have caused the injection of $kontroller into the symbol table.
To find the problem, I relied on your earlier assertion that this statement was in the script:
<select id="recipient" name="kontroller" tabindex="6" class="selmenu" value="{$_SESSION["kontrol
I searched the script for all occurrences of $_SESSION["kontroller"] expecting to find it in the select tag (more on that later). I did not find it; instead I found a different variable on line 250. According to my code scanner, this is an undefined variable.
This script should probably be refactored by a professional programmer. In no particular order, these are the things that need to be fixed.
1. You must get off the MySQL extension because PHP is doing away with it. The article explains why and what you must do to keep your scripts running.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
2. You must start programming with error_reporting(E_ALL) which would have alerted you to such things as an undefined variable.
3. You probably want to learn to use comments and coding standards to make the code more readable.
4. You need to understand how select and option tags work. The select tag contains the name= attribute. The option tag contains the value= attribute. In this script, the generated HTML will likely be useless because there will not be any values.
ASKER
Hi!
I send you the old file, sorry about that
here is my latest file:
You say that i cant use this:
I know i not a expert in php + html
but i try my best
So please explane what is so wrong width my code ?
I send you the old file, sorry about that
here is my latest file:
<?php // RAY_EE_login.php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
require_once('RAY_EE_config.php');
$table1 = 'Kontroller';
$table2 = 'brukere';
$rec_limit = 5;
$vilkenrapport=1;
if (!isset($_SESSION["kontroller"]))
{
// INITIALIZE THE VALUES FOR USE IN THE FORM LATER
$_SESSION["kontroller"] = '';
}
// ACCESS TO THIS PAGE IS TESTED BUT NOT CONTROLLED
if ($uid = access_control(TRUE))
{
if (isset($_POST['submit'])) {
$datofra = $_POST["date1"];
$datotil = $_POST["date2"];
$svarsp = $_POST["svar"];
$kontr = $_POST["kontroller"];
$brukere = $_POST["brukere"];
$vilkenrapport = $_POST["rapport"];
$datobrukes = $_POST["datobrukes"];
$viserapport=1;
if ($vilkenrapport==2){ $rec_limit = 20; }
if (isset($_POST["page"])) {$page = $_POST["page"];}
$_SESSION["kontroller"] = $_POST["kontroller"];
$_SESSION["date1"] = $_POST["date1"];
/* Rutiner for database */
$sql = "SELECT count(Trans_id) FROM Transaksoner";
if ($datobrukes==true){
$sql = $sql." Where Opprettetdato BETWEEN '{$datofra}' AND '{$datotil}'";
}
$substr = "Alle kontrollere";
if (strpos($kontr, $substr) === false) {
$sql = $sql." and K_Navn='{$kontr}'";
}
$substr = "Alle brukere";
if (strpos($brukere, $substr) === false) {
$brID = hentbrukerident($brukere);
$sql = $sql." and Bruker_id='{$brID}'";
}
if ($svarsp=="1"){
$sql = $sql." and Svar='Ja'";
}
if ($svarsp=="2"){
$sql = $sql." and Svar='Nei'";
}
if ($svarsp=="3"){
$sql = $sql." and Svar<>'Ja' and Svar<>'Nei' ";
}
$retval = mysql_query($sql);
if(!$retval)
{
die('Could not get data xx: ' . mysql_error());
}
$row = mysql_fetch_array($retval, MYSQL_NUM );
$rec_count = $row[0];
if ($rec_count>0)
{
$antsider = intval($rec_count/$rec_limit);
}
if( isset($_GET{'page'} ) )
{
if (isset($_POST["page"])) {
if ($page<$antsider){
$page = $_GET{'page'} + 1; }
$offset = $rec_limit * $page ;}
}
else
{
$page = 0;
$offset = 0;
}
$left_rec = $rec_count - ($page * $rec_limit);
}
else
{
$viserapport=0;
$svarsp=-1;
if( isset($_GET{'page'} ) )
{
$rec_count = $_GET["rec_count"];
$antsider = $_GET["antsider"];
$page = $_GET["page"];
if ($page<$antsider){
$page = $_GET['page'] + 1; }
$offset = $rec_limit * $page ;
}
else
{
$page = 0;
$offset = 0;
$rec_count = 0;
$antsider = 0;
}
$left_rec = $rec_count - ($page * $rec_limit);
}
if (isset($funksjon)) {
$funksjon = $_GET['funksjon'];
}
if (isset($nyttsok))
{
$nyttsok = $_GET['nyttsok'];
}
if (isset($navigering)) {
$navigering = $_GET['navigering'];
}
$brukerID = brukerident('xxx');
$kundeid = kundeid();
if (isset($navigering)) {
if ($navigering == 1)
{
echo '<script type="text/javascript"> alert("Du trykte på NAV 1") </script>';
}
if ($navigering == 2)
{
echo '<script type="text/javascript"> alert("Du trykte på NAV 2") </script>';
}
if ($navigering == 3)
{
echo '<script type="text/javascript"> alert("Du trykte på NAV 3") </script>';
}
if ($navigering == 4)
{
echo '<script type="text/javascript"> alert("Du trykte på NAV 4") </script>';
}
}
if (isset($funksjon)) {
if ($funksjon == 1)
{
echo '<script type="text/javascript"> alert("Du trykte på Excel") </script>';
}
}
}
else
{
header("location: login.php");
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Agrippa report system</title>
<link href="css/redmond/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
</head>
<body>
<link rel="stylesheet" href="reportcss.css">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<Div>
<table width="100%" align="left" border="1" padding-right="10px" class="headertabell">
<tr class="rapport1_del5">
<td class="rapport1_del5" align="left">
<a href="agrippareports.php?funksjon=1" target="_self"><img src="images/excel.png" align="left"/> Excel </a></td>
<td class="rapport1_del5" align="left">
<a href="hovedside.php" target="_self"> <img src="images/skriver.png" align="left" /> Printer </a></td>
<td class="rapport1_del5" align="left>
<a href="hovedside.php" target="_self"> <img src="images/PDF.png" align="left" /> PDF </a>
</td>
<td class="rapport1_del6_4"> <a href="agrippareports.php?page=0&antsider=<?php echo $antsider?>&rec_count=<?php echo $rec_count;?>" target="_self"> <img src="images/b1.png" align="left"/></a> </td>
<td class="rapport1_del6_2"> <a href="agrippareports.php?page=<?php echo $last; ?>&antsider=<?php echo $antsider?>&rec_count=<?php echo $rec_count;?>" target="_self"> <img src="images/b2.png" align="left" /></a> </td>
<?php
if ($antsider==0){
?>
<td class="rapport1_del6_2"> <input class="txtboxsider" type="text" id="email" value = "<?php echo $page; ?> av <?php echo $antsider; ?>" align="right" /></td>
<?php }
else {
?>
<td class="rapport1_del6_2"> <input class="txtboxsider" type="text" id="email" value = "<?php echo $page+1; ?> av <?php echo $antsider; ?>" align="right" /></td>
<?php }?>
<td class="rapport1_del6_2"> <a href="agrippareports.php?page=<?php echo $page; ?>&antsider=<?php echo $antsider?>&rec_count=<?php echo $rec_count;?>" target="_self"> <img src="images/b3.png" align="left" /></a> </td>
<td class="rapport1_del6_3"> <a href="agrippareports.php?page=<?php echo $antsider?>&antsider=<?php echo $antsider?>&rec_count=<?php echo $rec_count;?>" target="_self"> <img src="images/b4.png" align="left" /></a> </td>
</tr>
</table>
</Div>
<?php
$dagensdato=date('Y-m-d');
$dagensdatopast = date('Y-m-d', strtotime('-3 month'));
?>
</br>
<form class="formqueryform" action="<?php $_PHP_SELF ?>" method="POST">
<table width="100%" align="left" class="formsql">
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Dato:</td>
<td align="left" valign="top">
<input type="date" name="date1" id="date" value=<?php echo $dagensdatopast ?> class="formreports" />
<input type="date" name="date2" id="date2" value=<?php echo $dagensdato ?> class="formreports" />
<label for="Scale" class="form-radio"><input type="checkbox" name="datobrukes" class="formreportsdate" id="datobrukes" checked> Dato</label>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Kontroller:</td>
<td class="rapport1_del3" align="left" valign="top">
<select id="recipient" name="kontroller" tabindex="6" class="selmenu" value="{$_SESSION["kontroller"]}">
<option>Alle kontrollere</option>
<?php
$result3 = mysql_query("SELECT Navn FROM {$table1} WHERE Bruker_id='{$brukerID}' and Kunde_id='{$kundeid}'") or die(mysql_error());
while ($row3 = mysql_fetch_array($result3)){
$navnkon = $row3['Navn'];
?>
<option><?php echo $navnkon ?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Bruker:</td>
<td class="rapport1_del3" align="left" valign="top">
<select id="recipient" name="brukere" tabindex="6" class="selmenu">
<option>Alle brukere</option>
<?php
$result3 = mysql_query("SELECT Navn FROM {$table2} WHERE Kunde_id='{$kundeid}'") or die(mysql_error());
while ($row3 = mysql_fetch_array($result3)){
$navnbruker = $row3['Navn'];
?>
<option><?php echo $navnbruker; ?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Svar:</td>
<td>
<label for="Alle" class="form-radio"><input type="radio" value="0" name="svar" id="Alle" checked> Alle</label>
<label for="Ja" class="form-radio"><input type="radio" value="1" name="svar" id="Ja"> Ja</label>
<label for="Nei" class="form-radio"><input type="radio" value="2" name="svar" id="Nei"> Nei</label>
<label for="Scale" class="form-radio"><input type="radio" value="3" name="svar" id="Scale"> Scale</label>
</td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top">Rapport:</td>
<td>
<label for="Rapport 1" class="form-radio"><input type="radio" name="rapport" value="1" id="Alle" checked>Rapport 1</label>
<label for="Rapport 2" class="form-radio"><input type="radio" name="rapport" value="2" id="Ja">Rapport 2</label>
</td>
</tr>
<tr>
<td class="rapport1_del4" align="right" valign="top">S</td>
<td>
<section id="buttons">
<!--<input type="reset" name="reset" id="resetbtn" class="resetbtn" value="Reset"> -->
<input type="submit" name="submit" id="submitbtn" class="submitbtn" tabindex="7" value="Soke">
<br style="clear:both;">
</section>
</td>
</tr>
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
<tr class="blank_row_noborder">
<td colspan="3"></td>
</tr>
</table>
</form>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js"></script>
<script src="js/jquery-ui.js"></script>
<script>
(function() {
var elem = document.createElement('input');
elem.setAttribute('type', 'date');
if ( elem.type === 'text' ) {
$('#date').datepicker({
dateFormat: 'yy-mm-dd',
// defaultDate: +5
});
$('#date2').datepicker({
dateFormat: 'yy-mm-dd',
// defaultDate: +5
});
}
})();
</script>
<br>
</br>
<?php
if ($viserapport==1) {
$sql = "SELECT K_Navn,Lokasjons_id,K_ID,Kunde_id,Spmtekst,Bilde,Kommentar,Opprettetdato,Svar,Bruker_id,Spm_id FROM Transaksoner";
if ($datobrukes==true){
$sql = $sql." Where Opprettetdato BETWEEN '{$datofra}' AND '{$datotil}'";
}
$substr = "Alle kontrollere";
if (strpos($kontr, $substr) === false) {
$sql = $sql." and K_Navn='{$kontr}'";
}
$substr = "Alle brukere";
if (strpos($brukere, $substr) === false) {
$brID = hentbrukerident($brukere);
$sql = $sql." and Bruker_id='{$brID}'";
}
if ($svarsp=="1"){
$sql = $sql." and Svar='Ja'";
}
if ($svarsp=="2"){
$sql = $sql." and Svar='Nei'";
}
if ($svarsp=="3"){
$sql = $sql." and Svar<>'Ja' and Svar<>'Nei' ";
}
$sql = $sql." ORDER BY K_ID LIMIT {$offset}, {$rec_limit}";
$retval = mysql_query($sql);
if(! $retval )
{
die('Could not get data aa: ' . mysql_error());
}
$TMP_KID=0;
$forstekontroller = 1;
$TMP_LOK=0;
while($row3 = mysql_fetch_array($retval, MYSQL_ASSOC)){
$kontrollernavn = mysql_real_escape_string($row3['K_Navn']);
$lokasjonnr = $row3['Lokasjons_id'];
$K_ID = $row3['K_ID'];
$kunde_ID = $row3['Kunde_id'];
$lokasjonnavn = hent_lokasjons_tekst($lokasjonnr,$kunde_ID,$K_ID);
$sporsmal = $row3['Spmtekst'];
$bilderef = $row3['Bilde'];
$kommentar = $row3['Kommentar'];
$transdato = $row3['Opprettetdato'];
$svar = $row3['Svar'];
$brukernavn = hentbrukerensnavn($row3['Bruker_id']);
$scaleant = sjekk_type_sporsmal($row3['Spm_id'],$kunde_ID);
if ($vilkenrapport==1){
if ($forstekontroller==1)
{
$forstekontroller=0;
$TMP_KID = $K_ID;
$TMP_LOK = $lokasjonnr;
?>
<table width="100%" align="center" class="testtabell">
<tr>
<td class="rapport1_del1" height="40px" colspan="4"><?php echo $kontrollernavn; ?></td>
</tr>
<tr>
<td class="rapport1_del2" colspan="3" height="40px"><?php echo $lokasjonnavn; ?> </td>
<td class="rapport_brukernavn" align="right"><?php echo $brukernavn; ?></td>
</tr>
<?php
}
?>
<?php
if ((($TMP_KID<>$K_ID) or ($TMP_LOK<>$lokasjonnr)) and $forstekontroller==2)
{
if ($TMP_KID<>$K_ID) {$TMP_KID = $K_ID;}
if ($TMP_LOK<>$lokasjonnr) {$TMP_LOK = $lokasjonnr;} ?>
</table>
<table width="100%" align="center" class="testtabell">
<tr>
<td class="rapport1_del1" colspan="4" height="40px"><?php echo $kontrollernavn; ?></td>
</tr>
<tr>
<td class="rapport1_del2" colspan="3" height="40px"><?php echo $lokasjonnavn; ?></td>
<td class="rapport_brukernavn" align="right"><?php echo $brukernavn; ?></td>
</tr>
<?php
}
?>
<tr class="blank_row_noborder">
<td colspan="4"></td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top"> Sporsmål: </td>
<td class="rapport1_del3" valign="top"> <?php echo $sporsmal;?> </td>
<?php
if ($bilderef=="")
{ ?>
<td class="rapport1_del3" valign="top"></td>
<td valign="top" class="rapport_image1" rowspan="4"><img src="images/ingen.png" width="150" align="right" /></td>
<?php
}
else
{
?>
<td class="rapport1_del3" valign="top"></td>
<td valign="top" class="rapport_image1" rowspan="4"><img src="uploads/<?php echo $bilderef; ?>" width="150" align="right" /></td>
<?php
}
?>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top"> Dato: </td>
<td class="rapport1_del3" valign="top" colspan="2"><?php echo $transdato; ?></td>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top"> Svar:</td>
<?php
if (($svar=="Ja") or ($svar=="Nei"))
{ ?>
<td class="rapport1_del3" valign="top" colspan="2"><?php echo $svar; ?></td>
<?php
}
else {
?>
<td class="rapport1_del3" valign="top" colspan="2"><?php echo $svar; ?> av <?php echo $scaleant; ?></td>
<?php }
?>
</tr>
<tr>
<td class="rapport1_del3" align="right" valign="top"> Kommentar:</td>
<td class="rapport1_del3" valign="top" colspan="2"><?php echo $kommentar; ?></td>
</tr>
<tr class="blank_row">
<td colspan="4"></td>
</tr>
<?php
$forstekontroller=2;
?>
<?php
}
else { ?>
<?php
if ($forstekontroller==1)
{
$forstekontroller=0;
$TMP_KID = $K_ID;
$TMP_LOK = $lokasjonnr;
?>
<table width="100%" align="left" class="testtabell">
<tr>
<th class="rapport1_del1" height="40px" align="left">Kontroller</th>
<th class="rapport1_del1" height="40px" align="left">Lokasjon</th>
<th class="rapport1_del1" height="40px" align="left">Dato</th>
<th class="rapport1_del1" height="40px" align="left">Spørsmål</th>
<th class="rapport1_del1" height="40px" align="left">Svar</th>
</tr>
<?php }?>
<tr>
<td class="rapport1_del8" bgcolor="#ccc" align="left"> <?php echo $kontrollernavn; ?></td>
<td class="rapport1_del8" bgcolor="#ccc" align="left"><?php echo $lokasjonnr; ?></td>
<td class="rapport1_del8" bgcolor="#ccc" align="left"><?php echo $transdato; ?></td>
<td class="rapport1_del8" bgcolor="#ccc" align="left"><?php echo $sporsmal; ?></td>
<td class="rapport1_del8" bgcolor="#ccc" align="left"><?php echo $svar; ?></td>
</tr>
<?php }?>
<?php
} }
if ($vilkenrapport==2){ ?>
</table>
<?php }?>
<?php
if( $page > 0 )
{
$last = $page - 2;
}
else if( $page == 0 )
{
}
else if( $left_rec < $rec_limit )
{
$last = $page - 2;
}
?>
</br>
</br>
</body>
</html>
You say that i cant use this:
if (!isset($_SESSION["kontroller"]))
{
// INITIALIZE THE VALUES FOR USE IN THE FORM LATER
$_SESSION["kontroller"] = '';
}
I know i not a expert in php + html
but i try my best
So please explane what is so wrong width my code ?
ASKER
Thank you
(1) Copy the selected POST variables into the PHP session, and copy the session variables back into the HTML form at the time the form was regenerated.
(2) Do the same, but use a data base table instead of the session. This method allows long persistence, whereas the session will only persist the variables as long as the client keeps the browser open and active.
More information on PHP sessions is here:
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
Code example:
Open in new window
Best regards, ~Ray