Solved

Session Value Lost in next page

Posted on 2008-06-16
46
487 Views
Last Modified: 2008-06-18
Hi,

I have a session variable ($_SESSION['email']) on the page: personalinfo.php. now after I submit the form on personalinfo.php, the browser automatically navigates to traininginfo.php. It achieves this with the javascript: window.location.replace('traininginfo.php');

now, my problem is that if I try to access the session variable on traininginfo.php, it displays "blank".

where could I have gone wrong?
//personalinfo.php
 

<?php
 

require_once('connection.php'); 
 

/**

  * This function can be used to check the sanity of variables

  *

  * @access private

  *

  * @param string $type  The type of variable can be bool, float, numeric, string, array, or object

  * @param string $string The variable name you would like to check

  * @param string $length The maximum length of the variable

  *

  * return bool

  */
 

  function sanityCheck($string, $type, $maxlength, $minlength){
 

  // assign the type

  $type = 'is_'.$type;
 

  $string = trim($string);

  

  if(!$type($string))

    {

    return FALSE;

    }

  // now we see if there is anything in the string

  elseif(empty($string))

    {

    return FALSE;

    }

  // then we check how long the string is

  elseif(strlen($string) > $maxlength || strlen($string) < $minlength)

    {

    return FALSE;

    }

  else

    {

     return true;

 

    }

}
 
 
 
 

 /**

  * This function if the $_POST vars are set 

  *

  * @access private

  *

  * return bool

  */

  function checkSet(){

  return isset($_POST['FullName'], $_POST['HomePhone'], $_POST['CellPhone'],  $_POST['Email'], $_POST['Occupation'], $_POST['WorkPlace'], $_POST['Sex'], $_POST['MaritalStatus']);

}
 

 

  function checkNumber($num, $maxlength, $minlength){ 

	$num = trim($num);

  if($num > 0 && strlen($num) <= $maxlength && strlen($num)>= $minlength)

        {

			return ereg("^[0-9]{1,}-?[0-9]{1,}-?[0-9]{1,}-?[0-9]{1,}$", $num);

       }

	

	else

	{

		return false;

	}

}
 
 

function checkEmail($email){

$regexp='/^[a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/';  

return preg_match($regexp, trim($email));

}
 
 
 

if ($_POST['process'] == 1)
 

{

$FullName = $_POST['FullName'];

$HomePhone = $_POST['HomePhone'];

$WorkPhone = $_POST['WorkPhone'];

 $CellPhone = $_POST['CellPhone'];

 $POBox = $_POST['POBox'];

 $Fax = $_POST['Fax'];

 $Email = $_POST['Email'];

 

 //store Email in session

 session_start(); 

$_SESSION['email'] = $Email;
 
 

 $Sex = $_POST['Sex'];

 $MaritalStatus = $_POST['MaritalStatus'];

 

 $Occupation = $_POST['Occupation'];

 $WorkPlace = $_POST['WorkPlace'];

 

if(checkSet())

{
 

 if(sanityCheck($_POST['FullName'], 'string', 50, 11) )

{

	if(checkNumber($_POST['HomePhone'], 16, 7))

	{

		        if(checkNumber($_POST['CellPhone'], 17, 10))

					{

						if(checkEmail($_POST['Email']) != FALSE)

							{

								if(sanityCheck($_POST['Occupation'], 'string', 50, 3))

									{

										if(sanityCheck($_POST['WorkPlace'], 'string', 50, 3))

											{

																if(!checkNumber($_POST['WorkPhone'], 16, 7))

																{

																	$WorkPhone = '';

																}

      		

																if(!checkNumber($_POST['Fax'], 16, 7))

																	{

																		$Fax = '';

																	}	

			

																if(!checkNumber($_POST['POBox'], 5, 5))

																	{

																		$POBox = '';

																	}			

					

															$strSQL = "INSERT INTO VOLUNTEER Values ('" . $FullName 															. "','" . $HomePhone . "','" .$WorkPhone . "', '" .																$CellPhone . "', '" .$Fax . "', '" .$POBox . "', '"																 . $Email . "', '" . $Sex . "', '" .$MaritalStatus 															. "', '" .$Occupation . "', '" .$WorkPlace . "')" ; 
 

															mysql_query("set names 'utf8'");

				

														$strResult = mysql_query($strSQL) or 

														$ErrorMessage = '%FQC #/.D* 'D'3E #H 'D(1J/ 'D'DC*1HFJ D4.5 ".1 E3,QD D/JF'';

														

														if($ErrorMessage != '%FQC #/.D* 'D'3E #H 'D(1J/ 'D'DC*1HFJ D4.5 ".1 E3,QD D/JF'')

														{

?>

											<script language=javascript>

											window.location.replace('traininginfo.php');

											</script>

													<?php

													

													}

												

											}

										else

											{

												$ErrorMessage = '%F ,G) 'D9ED :J1 5-J-)';

											}

									}

								else

									{

										$ErrorMessage = '%F 'DEGF) :J1 5-J-)';

									}

									}

									

						else

					{

					// if all is not well we echo an error message

						$ErrorMessage ='%F 'D(1J/ 'D'DC*1HFJ :J1 5-J-';

					}

              

					}

				else

					{

				$ErrorMessage = '%F 1BE 'D,H'D :J1 5-J-'; 

					}

	}
 

	else

	{

	$ErrorMessage = '%F 1BE 'DG'*A :J1 5-J-';

	}

}
 

else

    {

       $ErrorMessage = "%F '3EC 'D+D'+J :J1 5-J-";      

    }

	}

	

 else

			{

					$ErrorMessage = "A6D'K 'ED# ,EJ9 'D-BHD 'D61H1J)";

			} 

	}

	

?>
 
 
 

<?php require_once('header.php'); ?>
 

<!-- cell part of outer table -->

<td dir="rtl" valign="top">
 

<!-- beginning of table containing all body contents -->

<table align="center" cellpadding="10" name="BodyTable">
 

<tr>
 

<td valign="top">
 

<!-- beginning of links table -->

<table cellpadding="5" align="right" name = "LinksTable">

<tr width="100px">

<td align="right">

<a href="personalinfo.php" style="color: #D75A27">E9DHE'* 4.5J)</a>

</td>

</tr>
 

<tr width="100px">

<td align="right">

<a href="traininginfo.php" style="color: #E2E2E2">'D/H1'* HH14 'D9ED</a>

</td>

</tr>
 

<tr width="100px">

<td align="right">

<a href="languages.php" style="color: #E2E2E2">D:'*</a>

</td>

</tr>
 

<tr width="100px">

<td align="right">

<a href="preferredwork.php" style="color: #E2E2E2">'D#9E'D 'D*7H9J) 'DEA6D)</a>

</td>

</tr>
 

<tr width="100px">

<td align="right">

<a href="skills.php" style="color: #E2E2E2">EG'1'*</a>

</td>

</tr>
 

<!-- end of links table -->

</table>
 

<!-- end of first cell inside BodyTable -->

</td>
 

<!-- beginning of second cell inside BodyTable -->

<td>
 

<?php 

$ErrorMessage = $_SESSION['email'];

if(ErrorMessage != "") 

{ echo '<p style="color: #D75A27; text-align: center; font-weight:bold; font-size: 12pt">' .  htmlspecialchars($ErrorMessage) . '</p>'; } ?> 
 

<form name="thisForm" id="thisForm" accept-charset="utf-8"; method="post"; action="<?php echo $PHP_SELF; ?>" ; enctype="multipart/form-data: charset=utf-8 " > 
 

<FIELDSET style="width:300">

<LEGEND style="color:"><b>E9DHE'* 4.5J)</b></LEGEND>
 

<!-- beginning of FormTable -->

<table align="right" cellspacing="15px" class="form" name="FormTable">

<tr>

<td align="right" style="width:100"><b>

'D'3E 'D+D'+J</b>

</td>
 
 
 
 
 

<td>

<input type="text" name="FullName" value="<? print $FullName; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 
 
 

<tr align="right">

<td><b>

 G'*A 'DEF2D

</b>

</td>
 

<td>

<input type="text" name="HomePhone" value="<?print $HomePhone; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 
 

<tr align="right">

<td><b>

G'*A 'D9ED

</b>

</td>
 

<td >

<input type="text" name="WorkPhone" value="<?print $WorkPhone; ?>" />

</td>

</tr>
 

<tr align="right">

<td><b>

'D,H'D

</b>

</td>
 
 

<td>

<input type="text" name="CellPhone" value="<?print $CellPhone; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 

<tr align="right">

<td ><b>

'DA'C3

</b>

</td>
 
 

<td>

<input type="text" name="Fax" value="<?print $Fax; ?>" />

</td>

</tr>
 

<tr align="right">

<td><b>

5.(

</b>

</td>
 

<td>

<input type="text" name="POBox" value="<?print $POBox; ?>" />

</td>

</tr>
 
 

<tr align="right">

<td><b>

'D(1J/ 'D'DC*1HFJ

</b>

</td>
 

<td>

<input type="text" name="Email" value="<?print $Email; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 

<tr align="right">

<td>

'D,F3

</td>
 

<td>

<input type="radio" name="Sex" <?php if($Sex == "f"){echo " CHECKED";}?> value="f" />&nbsp; #F+I

<input type="radio" name="Sex" <?php if($Sex == "m"){echo " CHECKED";}?> value="m" />&nbsp; 0C1

</td>

</tr>
 

<tr align="right">

<td>

'D-'D) 'D',*E'9J)

</td>
 

<td>

<input type="radio" name="MaritalStatus" <?php if($MaritalStatus == "E*2H,"){echo " CHECKED";}?> value="E*2H," />&nbsp; E*2H,

<input type="radio" name="MaritalStatus" <?php if($MaritalStatus == "#92("){echo " CHECKED";}?> value="#92(" />&nbsp; #92(

</td>

</tr>
 
 

<tr align="right">

<td style="width:100"><b>

'DEGF)

</b>

</td>
 

<td>

<input type="text" name="Occupation" value="<?print $Occupation; ?>"/>&nbsp;<span style="color:red">*</span>

</td>

</tr>
 

<tr align="right">

<td><b>

,G) 'D9ED

</b>

</td>
 

<td>

<input type="text" name="WorkPlace" value="<?print $WorkPlace; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 

<!-- end of FormTable-->

</table>
 

</FIELDSET>
 

<br>
 

<input type="hidden" name="process" value="1">
 

<input type="submit" name="Continue" size="10" value="'D*'DJ >>" />
 

<!-- end of second cell inside BodyTable -->

</td>
 

</tr>
 

<!-- end of table containing all body contents -->

</table>
 

<!-- end of mid cell in outer table -->

</td>
 

</form>
 

<td width="155" bgcolor="#296566" valign="top"><img src="images/swirl.jpg" /></td>
 

</tr>
 

<?php require_once('footer.php'); ?>
 
 

//traininginfo.php

<?php

session_start(); 
 

require_once('connection.php'); 
 

/**

  * This function can be used to check the sanity of variables

  *

  * @access private

  *

  * @param string $type  The type of variable can be bool, float, numeric, string, array, or object

  * @param string $string The variable name you would like to check

  * @param string $length The maximum length of the variable

  *

  * return bool

  */
 

  function sanityCheck($string, $type, $maxlength, $minlength){
 

  // assign the type

  $type = 'is_'.$type;
 

  $string = trim($string);

  

  if(!$type($string))

    {

    return FALSE;

    }

  // now we see if there is anything in the string

  elseif(empty($string))

    {

    return FALSE;

    }

  // then we check how long the string is

  elseif(strlen($string) > $maxlength || strlen($string) < $minlength)

    {

    return FALSE;

    }

  else

    {

     return true;

 

    }

}
 
 
 
 
 

 // checks that all required fields are filled

 

  function checkSet(){

  return (isset($_POST['CourseName'], $_POST['CourseInstructor']) && $_POST['CourseMonth'] != 'Month' &&  $_POST['CourseYear'] != 'Year');

}
 
 
 

if ($_POST['process'] == 1)
 

{

$Email = $_SESSION['email'];

$CourseName = $_POST['CourseName'];

$CourseInstructor = $_POST['CourseInstructor'];

$CourseTitle = $_POST['CourseTitle'];

 $CourseMonth = $_POST['CourseMonth'];

 $CourseYear = $_POST['CourseYear'];

 
 

 

if(checkSet())

{
 

 if(sanityCheck($_POST['CourseName'], 'string', 70, 2) )

{

	if(sanityCheck($_POST['CourseInstructor'], 'string',  100, 3))

	{

		        if(!sanityCheck($_POST['CourseTitle'], 'string', 70, 3))

					{

						$CourseTitle='';

					}

					

															$strSQL = "INSERT INTO VOLUNTEER_TRAINING Values ('" . $Email 															. "','" . $CourseName . "','" .$CourseInstructor . "', '" .																$CourseTitle . "', '" .$CourseMonth . "', '" .$CourseYear . "')" ; 
 

															mysql_query("set names 'utf8'");

				

														$strResult = mysql_query($strSQL) or $ErrorMessage='%F '3E 'D/H1) EC11';
 

									}

								else

									{

										$ErrorMessage = '%F 'DE-'61 :J1 5-J-';

									}

									}

									

						else

					{

					// if all is not well we echo an error message

						$ErrorMessage ='%F '3E 'D/H1) :J1 5-J-';

					}

            

	}

 else

			{

					$ErrorMessage = "A6D'K 'ED# ,EJ9 'D-BHD 'D61H1J)";

			} 

	}

	

?>
 

<?php require_once('header.php'); ?>
 

<!-- cell part of outer table -->

<td dir="rtl" valign="top">
 

<!-- beginning of table containing all body contents -->

<table align="center" cellpadding="10" name="BodyTable">
 

<tr>
 

<!-- beginning of first cell inside BodyTable -->

<td valign="top">
 

<!-- beginning of links table -->

<table cellpadding="5" align="right" name = "LinksTable">

<tr width="250">

<td align="right">

<a href="personalinfo.php" style="color: #E2E2E2">E9DHE'* 4.5J)</a>

</td>

</tr>
 

<tr width="200px">

<td align="right">

<a href="traininginfo.php" style="color: #D75A27">'D/H1'* HH14 'D9ED</a>

</td>

</tr>
 

<tr width="200px">

<td align="right">

<a href="languages.php" style="color: #E2E2E2">D:'*</a>

</td>

</tr>
 

<tr width="200px">

<td align="right">

<a href="preferredwork.php" style="color: #E2E2E2">'D#9E'D 'D*7H9J) 'DEA6D)</a>

</td>

</tr>
 

<tr width="200px">

<td align="right">

<a href="skills.php" style="color: #E2E2E2">EG'1'*</a>

</td>

</tr>
 

<!-- end of links table -->

</table>
 

<!-- end of first cell inside BodyTable -->

</td>
 

<!-- beginning of second cell inside BodyTable -->

<td>
 

<?php

$ErrorMessage = $_SESSION['email'];

 if(ErrorMessage != "") 

{ echo '<p style="color: #D75A27; text-align: center; font-weight:bold">' .  htmlspecialchars($ErrorMessage) . '</p>'; } ?> 
 

<form name="thisForm" id="thisForm" accept-charset="utf-8"; method="post"; action="<?php echo $PHP_SELF; ?>" ; enctype="multipart/form-data: charset=utf-8 " > 
 

<FIELDSET style="width:300">

<LEGEND style="color:296566"><b>'D/H1'* H H14 'D9ED 'DE,*'2)</b></LEGEND>
 

<br>
 

<!-- beginning of FormTable -->

<table cellpadding=3px class="form" name="FormTable" align="right">

<tr>

<td width=150px>

'3E 'D/H1)

</td>

<td>

<input type="text" name="CourseName" value="<?php echo $CourseName ?>" />

</td>

</tr>
 
 

<tr>

<td>

&#1575;&#1604;&#1605;&#1581;&#1575;&#1590;&#1585;

</td>

<td>

<input type="text" name="CourseInstructor" value="<?php echo $CourseInstructor ?>" />

</td>

</tr>
 

<tr>

<td>

9FH'FG'

</td>

<td>

<input type="text" name="CourseTitle" value="<?php echo $CourseTitle ?>" />

</td>

</tr>
 

<tr>

<td>

*'1J. 'F9B'/G'

</td>

<td>

<select name="CourseMonth">

<option value="Month">4G1</option>

<option value="01"<?php if($CourseMonth == "01"){echo " SELECTED";}?>>01</option>

<option value="02"<?php if($CourseMonth == "02"){echo " SELECTED";}?>>02</option>

<option value="03"<?php if($CourseMonth == "03"){echo " SELECTED";}?>>03</option>

<option value="04"<?php if($CourseMonth == "04"){echo " SELECTED";}?>>04</option>

<option value="05"<?php if($CourseMonth== "05"){echo " SELECTED";}?>>05</option>

<option value="06"<?php if($CourseMonth == "06"){echo " SELECTED";}?>>06</option>

<option value="07"<?php if($CourseMonth == "07"){echo " SELECTED";}?>>07</option>

<option value="08"<?php if($CourseMonth == "08"){echo " SELECTED";}?>>08</option>

<option value="09"<?php if($CourseMonth== "09"){echo " SELECTED";}?>>09</option>

<option value="10"<?php if($CourseMonth== "10"){echo " SELECTED";}?>>10</option>

<option value="11"<?php if($CourseMonth == "11"){echo " SELECTED";}?>>11</option>

<option value="12"<?php if($CourseMonth == "12"){echo " SELECTED";}?>>12</option>

</select>
 

<select name="CourseYear">

<option value="Year">3F)</option>

<option value="08"<?php if($CourseYear == "08"){echo " SELECTED";}?>>08</option>

<option value="07"<?php if($CourseYear == "07"){echo " SELECTED";}?>>07</option>

<option value="06"<?php if($CourseYear == "06"){echo " SELECTED";}?>>06</option>

<option value="05"<?php if($CourseYear == "05"){echo " SELECTED";}?>>05</option>

<option value="04"<?php if($CourseYear == "04"){echo " SELECTED";}?>>04</option>

<option value="03"<?php if($CourseYear == "03"){echo " SELECTED";}?>>03</option>

<option value="02"<?php if($CourseYear == "02"){echo " SELECTED";}?>>02</option>

<option value="01"<?php if($CourseYear == "01"){echo " SELECTED";}?>>01</option>

<option value="00"<?php if($CourseYear == "00"){echo " SELECTED";}?>>00</option>

<option value="99"<?php if($CourseYear == "99"){echo " SELECTED";}?>>99</option>

<option value="98"<?php if($CourseYear == "98"){echo " SELECTED";}?>>98</option>

<option value="97"<?php if($CourseYear == "97"){echo " SELECTED";}?>>97</option>

<option value="96"<?php if($CourseYear == "96"){echo " SELECTED";}?>>96</option>

<option value="95"<?php if($CourseYear == "95"){echo " SELECTED";}?>>95</option>

<option value="94"<?php if($CourseYear == "94"){echo " SELECTED";}?>>94</option>

<option value="93"<?php if($CourseYear == "93"){echo " SELECTED";}?>>93</option>

<option value="92"<?php if($CourseYear == "92"){echo " SELECTED";}?>>92</option>

<option value="91"<?php if($CourseYear == "91"){echo " SELECTED";}?>>91</option>

<option value="90"<?php if($CourseYear == "90"){echo " SELECTED";}?>>90</option>

<option value="89"<?php if($CourseYear == "89"){echo " SELECTED";}?>>89</option>

<option value="88"<?php if($CourseYear == "88"){echo " SELECTED";}?>>88</option>

<option value="87"<?php if($CourseYear == "87"){echo " SELECTED";}?>>87</option>

<option value="86"<?php if($CourseYear == "86"){echo " SELECTED";}?>>86</option>

<option value="85"<?php if($CourseYear == "85"){echo " SELECTED";}?>>85</option>

<option value="84"<?php if($CourseYear == "84"){echo " SELECTED";}?>>84</option>

<option value="83"<?php if($CourseYear == "83"){echo " SELECTED";}?>>83</option>

<option value="82"<?php if($CourseYear == "82"){echo " SELECTED";}?>>82</option>

<option value="81"<?php if($CourseYear == "81"){echo " SELECTED";}?>>81</option>

<option value="80"<?php if($CourseYear == "80"){echo " SELECTED";}?>>80</option>

<option value="79"<?php if($CourseYear == "79"){echo " SELECTED";}?>>79</option>

<option value="78"<?php if($CourseYear == "78"){echo " SELECTED";}?>>78</option>

<option value="77"<?php if($CourseYear == "77"){echo " SELECTED";}?>>77</option>

<option value="76"<?php if($CourseYear == "76"){echo " SELECTED";}?>>76</option>

<option value="75"<?php if($CourseYear == "75"){echo " SELECTED";}?>>75</option>

</select>
 

</td>

</tr>
 

<tr ><td align="center" colspan="2">

<input type="hidden" name="process" value="1">

<br>

<input type="submit" name="Save" size="10" value="-A8" />

</td></tr> 

</table>
 

</FIELDSET>
 

<br>
 

<a href="languages.php?$email=".$email style="color: #106E6A" align="left" ><b>'D*'DJ >> </b></a>
 

<!-- end of second cell inside BodyTable -->

</td>
 

</tr>
 

<!-- end of BodyTable -->

</table>

</form>
 

<!-- end of mid cell in outer table -->

</td>
 
 

<td width="155" bgcolor="#296566" valign="top"><img src="images/swirl.jpg" /></td>
 

</tr>
 

<?php require_once('footer.php'); ?>

Open in new window

0
Comment
Question by:ChefMaha
  • 25
  • 19
  • 2
46 Comments
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Have you added session_start() to all your scripts?
0
 
LVL 1

Expert Comment

by:kambo_rambo
Comment Utility
You need to keep open all your sessions with session_start() before anything.
0
 
LVL 1

Expert Comment

by:kambo_rambo
Comment Utility
********on all files using the session variables.
0
 

Author Comment

by:ChefMaha
Comment Utility
I am using session_start() on both files (before the html tag and before accessing the session variable)
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
what does print_r($_SESSION) give you? Do you have register_globals on or off?
0
 

Author Comment

by:ChefMaha
Comment Utility
print_r($_SESSION) gives me blank (nothing)

and i haven't set register_globals to anything
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Can you add below line and be sure that the session id stays the same?

echo '[Session Id: '.session_id().']';
0
 

Author Comment

by:ChefMaha
Comment Utility
I tried it. the session id is the same on both pages
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Instead of the window.location.replace can you try and use:

window.location.replace('traininginfo.php?email=<?php echo urlencode($Email);?>');


Also I see a lot of
if($a) {
  if($b) {
    if($c) {
    }
  } else {
   $ErrorMessage ='asdasd';
  }
} else {
  $ErrorMessage = 'adadsad';
}

It is far more easier to maintain and for others to interpret, if you'd used:
if(!$a) {
  $ErrorMessage = 'adadsad';
} else if (!$b) {
  $ErrorMessage = 'dadads';
} else {
  // all good.
}

Kind regards

-r-
0
 

Author Comment

by:ChefMaha
Comment Utility
thanks it worked!

and I appreciate your advice on the code. and you're right. but my problem is that I want all conditions to be true in order to execute the db insert command. so that's the only way I was able to organize the if statements!

I really appreciate your advice though..

but one last question before I accept your answer. the window.location.replace statement you gave me; does it have to do with session? or is it a query string?

in other words, can I remove the session statements from my code?
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
It uses a querystring and therefor is not a safe way. I posted the code to determine if the $Email variable was actually set properly. (You could tell from the url).

If this code however makes the rest of your script work, then it implies that register_globals = On. This means that any entry in the $_POST, $_GET, $_COOKIE and $_SESSION is turned into a global var automatically

If you then change the $email variable anywhere in your code, it affects your session variable. This might explain the strange behavior.

Depending on the scope of your website (private / intranet / internet) you could choose to use the querystring instead of a session. An alternative is to pass the primairy key of the record you just added into the VOLUNTEERS table. If you have an auto increment field in the table, you could have mysql_insert_id() after you run the insert query.
$recordPrimairyKey = mysql_insert_id();

Kind regards

-r-
0
 

Author Comment

by:ChefMaha
Comment Utility
I'm sorry pal

the last message you posted kind of "not clear" and a bit tangled up. will you please clarify?

thanks
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Query string might prove a workable solution, but passing the email in such a way allows for manual manipulation by people with bad intentions. (Spammers or spambot scripts).

If it is an intranet application or at least fairly locked away, then this will not be an issue.

When it it a public website, then you might need to look into other ways to track the users between the two pages.

As you add a new record to the VOLUNTEERS table just before continueing to your second page, you could take the primairy key field value of the new record and pass it on. On the second script you can use that id to retrieve the volunteers record from the database and get his/her email from it.
0
 

Author Comment

by:ChefMaha
Comment Utility
the problem is that the email is the primary key of the record.. can't I use session to achieve this?
0
 

Author Comment

by:ChefMaha
Comment Utility
btw my application is a website. so, security is a main factor
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Then you should only test the email in your second script, if it actually exists in your database.
0
 

Author Comment

by:ChefMaha
Comment Utility
aha not a bad idea.. mmmm but u know what it's not just 2 pages I have 5 pages in a row that all need to access the $Email variable. that's why I thought session would be the most appropriate way to achieve that.. don't you think so?
0
 
LVL 49

Accepted Solution

by:
Roonaan earned 125 total points
Comment Utility
I do think sessions would be best, you could store your form data in it as well.

The problem however is that the session seems to get cleared in some way. You could use $_SESSION['sess_email'] instead of $_SESSION['email'] and make sure you NEVER use a $sess_email variable anywhere.

Also, it might be easiest to put the session_start() in your connection.php to be sure it's always there.
0
 

Author Comment

by:ChefMaha
Comment Utility
thanks for your help.. i appreciate it alot. My work day has finished so i'll follow up with you tomorrow morning on this subject.

I would like to use the SESSION variable and find out what the problem is exactly. I'd appreciate it if we could work this through together

c ya tomorrow morning!
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Might be that I get in late. I'm in europe/paris timezone. But I try to follow up.
0
 

Author Comment

by:ChefMaha
Comment Utility
good morning

I followed both your guidelines:
1. use $_SESSION['sess_email'] instead of $_SESSION['email']
2.  put the session_start() in your connection.php

but still no luck :(

what could the problem possibly be?
0
 

Author Comment

by:ChefMaha
Comment Utility
by the way, when I try to print the session on the same page where it is saved (personalinfo.php) -  I get the correct result. So, I believe maybe the problem has to do with the way I am navigating to the next page (window.location.replace).. don't you think so?
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
As the session id does not change and is the same on both pages you would think that the browser re-opens the correct session.

Can you run this test script? (Save an separate file, and run it a couple of times from your browser)

<?php
# Enable error reporting
error_reporting(E_ALL);
ini_set('display_errors', true);

# Start session
session_start();

# See if the 'history' array is available in the session
if(!isset($_SESSION['visits'])) {
  echo '<br/>This is the first visit';
} else {
  echo '<br/>You have visited this page before:<br />- '.implode('<br/>- ', $_SESSION['visits']);
}

# Add the current visit to our 'history'
$_SESSION['visits'][] = date('Y-m-d H:i:s');

# Get the last visit on top
rsort($_SESSION['visits']);

# Make sure we store only a list of ten
$_SESSION['visits'] = array_slice($_SESSION['visits'], 0 , 10);

?>
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:ChefMaha
Comment Utility
ok i ran it severl times and got this:

You have visited this page before:
- 2008-06-17 05:35:30
- 2008-06-17 05:35:22
- 2008-06-17 05:35:17
- 2008-06-17 05:35:09
- 2008-06-17 05:35:06

what's next?
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
That indicates that you session is properly configured on your server and is actually working :-)

So the problem is programmatically.

As both pages have a session_id(), and have session_start() I don't understand where the session data is getting lost.
Have you moved the session_start() to your connection php?

0
 

Author Comment

by:ChefMaha
Comment Utility
session_start() is in connection.php

but anyway, I think it's working now!

thanks for your efforts
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
So the assumption is that somewhere along the line the session was not started?

I think I know what happened.

Can you add (for debug purposes) the following two lines to your connection php:

error_reporting(E_ALL);
ini_set('display_errors','1');

I think we missed an error saying "Session headers could not be sent. Output already started at {filename} on line {number}" before.
This is fixed by putting the session_start() to the top, before any output.
0
 

Author Comment

by:ChefMaha
Comment Utility
I suppose you're right!

I got this message:

Warning: Cannot modify header information - headers already sent by (output started at /home/adhd/public_html/connection.php:50) in /home/adhd/public_html/header.php on line 1538

what does this message tell us and how can we solve it?
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Your php response consists of two parts: the header info and the content info. the content is the html you put out, and the header is things like cookies and stuff.

The session_start() tries to set a cookie, but when midst of your code it cannot add any header info when the content has already started.

When we moved the session_start() to the connection.php we made sure session_start() cookie was send out before any content. So you can remove the session_start() from the middle of the code.

What is on 1538? Is it the session_start, or another header command?
0
 

Author Comment

by:ChefMaha
Comment Utility
thanks for the clarification.

this line is at 1538: <?php header('Content-type: text/html; charset=utf-8'); ?>
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Is that a general header that should be applied to all your pages? Then move it into connection.php as well.
0
 

Author Comment

by:ChefMaha
Comment Utility
this statement is included inside header.php which is used in all pages on the site. (the top design on the page)

should I include the statement: <?php header('Content-type: text/html; charset=utf-8'); ?> inside connection.php?
0
 

Author Comment

by:ChefMaha
Comment Utility
thanks for your assistance Roonaan. I'm really sorry but my work day is finished.

I will be able to reply to you tomorrow around 9am in my time (around 7am in your time)

thanks for your help

take care
0
 

Author Comment

by:ChefMaha
Comment Utility
ok I'm back again

let's get back to my previous post:

this statement is included inside header.php which is used in all pages on the site. (the top design on the page)

should I include the statement: <?php header('Content-type: text/html; charset=utf-8'); ?> inside connection.php?

thanks
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
The problem is that there is some output on connection.php line 50. That prevents this header statement from working properly.
0
 

Author Comment

by:ChefMaha
Comment Utility
there is no statement on line 50

the last statement in the file is on line 39 and it's the session_start();

I'm really confused
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Was this warning fixed then?

>Warning: Cannot modify header information - headers already sent by (output started at /home/adhd/public_html/connection.php:50) in /home/adhd/public_html/header.php on line 1538
0
 

Author Comment

by:ChefMaha
Comment Utility
you mean it was fixed when I included the statement: <?php header('Content-type: text/html; charset=utf-8'); ?> inside connection.php?
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Moving to connection.php was a good move.

I wondered about the line 50, because you had an error earlier stating that output started at line 50 of connection.php, whilst now you say the file had only 39 lines. So that was confusing.
0
 

Author Comment

by:ChefMaha
Comment Utility
ok let me test everything again
0
 

Author Comment

by:ChefMaha
Comment Utility
ok this is what i did: I found out that the 50 is that last empty line in connection.php. So I removed the empty lines from the end of the file and the error was gone. I only got the following weird error (I don't know if it's relevant):

Notice: Undefined index: process in /home/adhd/public_html/personalinfo.php on line 81

btw line 81 in personalinfo.php contains just a curly bracket '{'
and the line number doesnt' change even if I increase/decrease new lines.
0
 

Author Comment

by:ChefMaha
Comment Utility
if you wanna see the page go to : http://www.adhd.org.sa/personalinfo.php
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
What is the current php code?

(do we need to open another question? We've been posting in this one for days :) )
0
 

Author Comment

by:ChefMaha
Comment Utility
it's ok we're almost done :)

check out the error on page: http://www.adhd.org.sa/personalinfo.php (you will find it at the very top of the page and you need to highlight it to make it readable)

the php code for personalinfo.php is:
<?php
 

require_once('connection.php'); 
 

/**

  * This function can be used to check the sanity of variables

  *

  * @access private

  *

  * @param string $type  The type of variable can be bool, float, numeric, string, array, or object

  * @param string $string The variable name you would like to check

  * @param string $length The maximum length of the variable

  *

  * return bool

  */
 

  function sanityCheck($string, $type, $maxlength, $minlength){
 

  // assign the type

  $type = 'is_'.$type;
 

  $string = trim($string);

  

  if(!$type($string))

    {

    return FALSE;

    }

  // now we see if there is anything in the string

  elseif(empty($string))

    {

    return FALSE;

    }

  // then we check how long the string is

  elseif(strlen($string) > $maxlength || strlen($string) < $minlength)

    {

    return FALSE;

    }

  else

    {

     return true;

 

    }

}
 
 
 
 

 /**

  * This function if the $_POST vars are set 

  *

  * @access private

  *

  * return bool

  */

  function checkSet(){

  return isset($_POST['FullName'], $_POST['HomePhone'], $_POST['CellPhone'],  $_POST['Email'], $_POST['Occupation'], $_POST['WorkPlace'], $_POST['Sex'], $_POST['MaritalStatus']);

}
 

 

  function checkNumber($num, $maxlength, $minlength){ 

	$num = trim($num);

  if($num > 0 && strlen($num) <= $maxlength && strlen($num)>= $minlength)

        {

			return ereg("^[0-9]{1,}-?[0-9]{1,}-?[0-9]{1,}-?[0-9]{1,}$", $num);

       }

	

	else

	{

		return false;

	}

}
 
 

function checkEmail($email){

$regexp='/^[a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/';  

return preg_match($regexp, trim($email));

}
 
 
 

if ($_POST['process'] == 1)
 

{

$FullName = $_POST['FullName'];

$HomePhone = $_POST['HomePhone'];

$WorkPhone = $_POST['WorkPhone'];

 $CellPhone = $_POST['CellPhone'];

 $POBox = $_POST['POBox'];

 $Fax = $_POST['Fax'];

 $Email = $_POST['Email'];

 //store Email in session

$_SESSION['session_email'] = $Email;

									

 $Sex = $_POST['Sex'];

 $MaritalStatus = $_POST['MaritalStatus'];

 

 $Occupation = $_POST['Occupation'];

 $WorkPlace = $_POST['WorkPlace'];

 

if(checkSet())

{
 

 if(sanityCheck($_POST['FullName'], 'string', 50, 11) )

{

	if(checkNumber($_POST['HomePhone'], 16, 7))

	{

		        if(checkNumber($_POST['CellPhone'], 17, 10))

					{

						if(checkEmail($_POST['Email']) != FALSE)

							{

								if(sanityCheck($_POST['Occupation'], 'string', 50, 3))

									{

										if(sanityCheck($_POST['WorkPlace'], 'string', 50, 3))

											{

																if(!checkNumber($_POST['WorkPhone'], 16, 7))

																{

																	$WorkPhone = '';

																}

      		

																if(!checkNumber($_POST['Fax'], 16, 7))

																	{

																		$Fax = '';

																	}	

			

																if(!checkNumber($_POST['POBox'], 5, 5))

																	{

																		$POBox = '';

																	}			

					

															$strSQL = "INSERT INTO VOLUNTEER Values ('" . $FullName 															. "','" . $HomePhone . "','" .$WorkPhone . "', '" .																$CellPhone . "', '" .$Fax . "', '" .$POBox . "', '"																 . $Email . "', '" . $Sex . "', '" .$MaritalStatus 															. "', '" .$Occupation . "', '" .$WorkPlace . "')" ; 
 

															mysql_query("set names 'utf8'");

				

														$strResult = mysql_query($strSQL) or 

														$ErrorMessage = '%FQC #/.D* 'D'3E #H 'D(1J/ 'D'DC*1HFJ D4.5 ".1 E3,QD D/JF'';

														

														if($ErrorMessage != '%FQC #/.D* 'D'3E #H 'D(1J/ 'D'DC*1HFJ D4.5 ".1 E3,QD D/JF'')

														{

														

									session_write_close();

									

?>

											<script language=javascript>

											window.location.replace('traininginfo.php');

											</script>

													<?php

													

													}

												

											}

										else

											{

												$ErrorMessage = '%F ,G) 'D9ED :J1 5-J-)';

											}

									}

								else

									{

										$ErrorMessage = '%F 'DEGF) :J1 5-J-)';

									}

									}

									

						else

					{

					// if all is not well we echo an error message

						$ErrorMessage ='%F 'D(1J/ 'D'DC*1HFJ :J1 5-J-';

					}

              

					}

				else

					{

				$ErrorMessage = '%F 1BE 'D,H'D :J1 5-J-'; 

					}

	}
 

	else

	{

	$ErrorMessage = '%F 1BE 'DG'*A :J1 5-J-';

	}

}
 

else

    {

       $ErrorMessage = "%F '3EC 'D+D'+J :J1 5-J-";      

    }

	}

	

 else

			{

					$ErrorMessage = "A6D'K 'ED# ,EJ9 'D-BHD 'D61H1J)";

			} 

	}

	

?>
 
 
 

<?php require_once('header.php'); ?>
 

<!-- cell part of outer table -->

<td dir="rtl" valign="top">
 

<!-- beginning of table containing all body contents -->

<table align="center" cellpadding="10" name="BodyTable">
 

<tr>
 

<td valign="top">
 

<!-- beginning of links table -->

<table cellpadding="5" align="right" name = "LinksTable">

<tr width="100px">

<td align="right">

<a href="personalinfo.php" style="color: #D75A27">E9DHE'* 4.5J)</a>

</td>

</tr>
 

<tr width="100px">

<td align="right">

<a href="traininginfo.php" style="color: #E2E2E2">'D/H1'* HH14 'D9ED</a>

</td>

</tr>
 

<tr width="100px">

<td align="right">

<a href="languages.php" style="color: #E2E2E2">D:'*</a>

</td>

</tr>
 

<tr width="100px">

<td align="right">

<a href="preferredwork.php" style="color: #E2E2E2">'D#9E'D 'D*7H9J) 'DEA6D)</a>

</td>

</tr>
 

<tr width="100px">

<td align="right">

<a href="skills.php" style="color: #E2E2E2">EG'1'*</a>

</td>

</tr>
 

<!-- end of links table -->

</table>
 

<!-- end of first cell inside BodyTable -->

</td>
 

<!-- beginning of second cell inside BodyTable -->

<td>
 

<?php 
 

if($ErrorMessage != "") 

{ echo '<p style="color: #D75A27; text-align: center; font-weight:bold; font-size: 12pt">' .  htmlspecialchars($ErrorMessage) . '</p>'; } ?> 
 

<form name="thisForm" id="thisForm" accept-charset="utf-8"; method="post"; action="<?php echo $PHP_SELF; ?>" ; enctype="multipart/form-data: charset=utf-8 " > 
 

<FIELDSET style="width:300">

<LEGEND style="color:"><b>E9DHE'* 4.5J)</b></LEGEND>
 

<!-- beginning of FormTable -->

<table align="right" cellspacing="15px" class="form" name="FormTable">

<tr>

<td align="right" style="width:100"><b>

'D'3E 'D+D'+J</b>

</td>
 
 
 
 
 

<td>

<input type="text" name="FullName" value="<? print $FullName; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 
 
 

<tr align="right">

<td><b>

 G'*A 'DEF2D

</b>

</td>
 

<td>

<input type="text" name="HomePhone" value="<?print $HomePhone; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 
 

<tr align="right">

<td><b>

G'*A 'D9ED

</b>

</td>
 

<td >

<input type="text" name="WorkPhone" value="<?print $WorkPhone; ?>" />

</td>

</tr>
 

<tr align="right">

<td><b>

'D,H'D

</b>

</td>
 
 

<td>

<input type="text" name="CellPhone" value="<?print $CellPhone; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 

<tr align="right">

<td ><b>

'DA'C3

</b>

</td>
 
 

<td>

<input type="text" name="Fax" value="<?print $Fax; ?>" />

</td>

</tr>
 

<tr align="right">

<td><b>

5.(

</b>

</td>
 

<td>

<input type="text" name="POBox" value="<?print $POBox; ?>" />

</td>

</tr>
 
 

<tr align="right">

<td><b>

'D(1J/ 'D'DC*1HFJ

</b>

</td>
 

<td>

<input type="text" name="Email" value="<?print $Email; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 

<tr align="right">

<td>

'D,F3

</td>
 

<td>

<input type="radio" name="Sex" <?php if($Sex == "f"){echo " CHECKED";}?> value="f" />&nbsp; #F+I

<input type="radio" name="Sex" <?php if($Sex == "m"){echo " CHECKED";}?> value="m" />&nbsp; 0C1

</td>

</tr>
 

<tr align="right">

<td>

'D-'D) 'D',*E'9J)

</td>
 

<td>

<input type="radio" name="MaritalStatus" <?php if($MaritalStatus == "E*2H,"){echo " CHECKED";}?> value="E*2H," />&nbsp; E*2H,

<input type="radio" name="MaritalStatus" <?php if($MaritalStatus == "#92("){echo " CHECKED";}?> value="#92(" />&nbsp; #92(

</td>

</tr>
 
 

<tr align="right">

<td style="width:100"><b>

'DEGF)

</b>

</td>
 

<td>

<input type="text" name="Occupation" value="<?print $Occupation; ?>"/>&nbsp;<span style="color:red">*</span>

</td>

</tr>
 

<tr align="right">

<td><b>

,G) 'D9ED

</b>

</td>
 

<td>

<input type="text" name="WorkPlace" value="<?print $WorkPlace; ?>" />&nbsp;<span style="color:red">*</span>

</td>

</tr>
 

<!-- end of FormTable-->

</table>
 

</FIELDSET>
 

<br>
 

<input type="hidden" name="process" value="1">
 

<input type="submit" name="Continue" size="10" value="'D*'DJ >>" />
 

<!-- end of second cell inside BodyTable -->

</td>
 

</tr>
 

<!-- end of table containing all body contents -->

</table>
 

<!-- end of mid cell in outer table -->

</td>
 

</form>
 

<td width="155" bgcolor="#296566" valign="top"><img src="images/swirl.jpg" /></td>
 

</tr>
 

<?php require_once('footer.php'); ?>

Open in new window

0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
Try changing:
if ($_POST['process'] == 1)

Into
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['process']) && $_POST['process'] == 1)
0
 

Author Comment

by:ChefMaha
Comment Utility
OK! it's gone!

thanks for your assistance and I really appreciate your patience and concern (even though I had already marked one of your posts as an answer)

I really appreciate your hard work and commitment to solve my question.

thanks again
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now