Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 323
  • Last Modified:

PASSING values via link to show image

Hi
i m trying to pass this link to another page php that displayes a graph
when i pass it with
<img src="http://localhost:8080/campion/css2/litre.php?start=<?php echo $start?>&end=<?php echo $end?>";
like this it works
but when i add client to my link it is not working
<img src="http://localhost:8080/campion/css2/litre.php?start=<?php echo $start?>&end=<?php echo $end?>&client=<?php echo $client?>'
litre.php
<?php
SESSION_START();
 
$report=$_GET['report'];
$start=$_GET['start'];
$end=$_GET['end'];
$netw=$_POST['netw'];
$client=$_POST['client'];
$i=0;
$db=mysql_pconnect("localhost:3306","root","root");
mysql_select_db("campion",$db); 
$sql = "SELECT DATE_FORMAT(tran_date,'%d')as datei,unit_serial,sum(unit_qty) as total,account_no,customer_no  FROM count_transactions
        WHERE DATE(tran_date) BETWEEN '$start' AND '$end' and customer_no=$client   
        GROUP BY DATE(tran_date)";
$result = mysql_query($sql);
$num=mysql_num_rows($result);
$somme=array();
$jour=array();
while($row = mysql_fetch_array($result)){
   $somme[]=$row[total];
   $jour[]=$row[datei];
}
$num=mysql_num_rows($result);
include("../css/phplot.php");
if(preg_match('/(?i)msie [1-8]/',$_SERVER['HTTP_USER_AGENT'])) {
   $graph =& new PHPlot(750,350);
  }
 else { 
$graph =& new PHPlot(800,300);
}
//Define the object
//Define some data
$data = array();
//Define some data
for($i=0;$i<=$num;$i++)   
$data[] = array($jour[$i],$somme[$i]);
 $graph->SetDataValues($data);
 $graph->SetXTickPos('none');
 $graph->SetXTickLabelPos('none');
 //Draw it
$graph->DrawGraph();
?>

Open in new window

0
asaidi
Asked:
asaidi
  • 6
  • 5
1 Solution
 
Aaron TomoskyTechnology ConsultantCommented:
1. Probably want to switch to post instead of get as whatever is in that variable could be invalid or a URL. If not, then you have to urlencode and other messy stuff to eliminate the problem
2. Use the Firefox plugin "tamper data" or a proxy like fiddler or owasp zap. This will let you see the request and response (and mess with it if you want)
0
 
asaidiAuthor Commented:
Hi
<img src="http://localhost:8080/campion/css2/litre.php?start=2012-07-1&end=2012-07-31&client=13 '/&gt;" <="" tr="">
the value of the client is there but in litre.php it seems not taken and the 2 dates are taken by litre.php
the 2 dates were passed but the client value no
0
 
Aaron TomoskyTechnology ConsultantCommented:
Right, you can't pass
13 '/&gt;" <="" tr="">
in a url

so change to post, or
&client=<?php echo urlencode($client)?>'

and then you might need to urldecode() in the receiving script but sometimes it works without that.



EDIT:
Just looked at your code closer. In the top few lines, change $_post['client'] to $_get or $_request
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
asaidiAuthor Commented:
Hi
that is my link
i think it is correct
<img src="http://localhost:8080/campion/css2/litre.php?start=<?php echo $start?>&end=<?php echo $end?>&client=<?php echo urlencode($client)?>'/>"

Open in new window

0
 
Aaron TomoskyTechnology ConsultantCommented:
Don't forget to change the post to get. Or you have to send as post
0
 
asaidiAuthor Commented:
i change it but still not working
<?php
SESSION_START();
$start=$_GET['start'];
$end=$_GET['end'];
$netw=$_GET['netw'];
$client=$_GET['client'];
$i=0;
$db=mysql_pconnect("localhost:3306","root","root");
mysql_select_db("campion",$db); 

$sql = "SELECT DATE_FORMAT(tran_date,'%d')as datei,unit_serial,sum(unit_qty) as total,account_no,customer_no  FROM count_transactions
        WHERE DATE(tran_date) BETWEEN '$start' AND '$end' AND customer_no=urldecode($client)
        GROUP BY DATE(tran_date)";
$result = mysql_query($sql);
$num=mysql_num_rows($result);
$somme=array();
$jour=array();
while($row = mysql_fetch_array($result)){
   $somme[]=$row[total];
   $jour[]=$row[datei];
}
$num=mysql_num_rows($result);
include("../css/phplot.php");
if(preg_match('/(?i)msie [1-8]/',$_SERVER['HTTP_USER_AGENT'])) {
   $graph =& new PHPlot(750,350);
}
else { 
$graph =& new PHPlot(800,300);
}
//Define the object
//Define some data
$data = array();
//Define some data
for($i=0;$i<=$num;$i++)   
$data[] = array($jour[$i],$somme[$i]);
$graph->SetDataValues($data);
$graph->SetXTickPos('none');
$graph->SetXTickLabelPos('none');
//Draw it
$graph->DrawGraph();
?>

Open in new window

0
 
Aaron TomoskyTechnology ConsultantCommented:
ok good. can you echo $client or something after line 6 to see what value it's getting?
0
 
asaidiAuthor Commented:
nothing is echoing maybe because it is an image...
0
 
Aaron TomoskyTechnology ConsultantCommented:
OK

a script calls a URL. In that URL are GET variables. GET variables can't have special characters like it looks like you are using. So we urlencode() the string before sending to turn anything weird into &??? so it can be passed that way.

The question is what does your litre.php page see as the variable. You have to have a way to see this but you can't normally since the page isn't called directly. SO in the main page, just echo the whole img tag (or view source in the browser), then copy that link and paste it into a new browser tab. Now you are hitting the page directly. The echo on the $client variable should now show up for you.
0
 
asaidiAuthor Commented:
It was correct the script..only i was taking wrong table
i have table one to many and i m taking the customer from the many table..
thanks for your help
0
 
Aaron TomoskyTechnology ConsultantCommented:
No prolem. Lacking an IDE with debugging it's very important to be able to simply look at the data throughout its path. The solution is usually evident when you find a way to see what's going on.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now