Prev: libmcrypt usage
Next: Session Vars loaded from MSSQL Query drop, those loadedfrom MYSQL Query stick
From: "Cheryl Sullivan" on 16 Sep 2010 14:03 We are actually running the query through a function that removes single ticks, etc to avoid this, but I didn't think that was relevant to the question so I didn't include it. Thanks, though! -----Original Message----- From: Peter Lind [mailto:peter.e.lind(a)gmail.com] Sent: Thursday, September 16, 2010 12:03 PM To: Cheryl Sullivan Cc: ash(a)ashleysheridan.co.uk; php-general(a)lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On 16 September 2010 16:26, Cheryl Sullivan <csulliva(a)shh.org> wrote: > Absolutely - > > > > This is from the first page > > > > <?php > > $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); > > $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']); > > > > //access MS SQL Server database > > $q1 = "select * from emps where emp_last = > '".$_SESSION['UserLastName']."' and emp_badge = > '".$_SESSION['BadgeID']."'"; > > $rs_emp_info = hitMSSQL($q1,"xxxx_sql","database","table","password",1); > > $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); > > $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); > You're sticking values from $_POST into an SQL query without sanitizing them first. That spells out SQL INJECTION VULNERABILITY. Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype> Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you.
From: "Cheryl Sullivan" on 16 Sep 2010 14:12 Tommy - I ran phpinfo() but I don't see anything in it referencing MSSQL or SQLSRV. I have included all the references to "sql" I see below, but the only references I see to databases are to mySQL and SQLLite. Unfortunately I don't have any control over how service-packed the database server is. Is there something in SP 4 for SQL Server 2000 that is supposed to fix the issue I'm having, I may be able to plead my case for getting the latest SP. Is this the case, do you know? mysql MySQL Support enabled Active Persistent Links 0 Active Links 0 Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 size 2000 free_items 2000 references 2 Directive Local Value Master Value mysql.allow_local_infile On On mysql.allow_persistent On On mysql.cache_size 2000 2000 mysql.connect_timeout 60 60 mysql.default_host no value no value mysql.default_password no value no value mysql.default_port no value no value mysql.default_socket no value no value mysql.default_user no value no value mysql.max_links Unlimited Unlimited mysql.max_persistent Unlimited Unlimited mysql.trace_mode Off Off mysqli MysqlI Support enabled Client API library version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Active Persistent Links 0 Inactive Persistent Links 0 Active Links 0 Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 size 2000 free_items 2000 references 2 Directive Local Value Master Value mysqli.allow_local_infile On On mysqli.allow_persistent On On mysqli.cache_size 2000 2000 mysqli.default_host no value no value mysqli.default_port 3306 3306 mysqli.default_pw no value no value mysqli.default_socket no value no value mysqli.default_user no value no value mysqli.max_links Unlimited Unlimited mysqli.max_persistent Unlimited Unlimited mysqli.reconnect Off Off mysqlnd mysqlnd enabled Version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Command buffer size 2048 Read buffer size 32768 Collecting statistics Yes Collecting memory statistics Yes PDO PDO support enabled PDO drivers mysql, sqlite pdo_mysql PDO Driver for MySQL enabled Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 size 2000 free_items 2000 references 2 Directive Local Value Master Value pdo_mysql.cache_size 2000 2000 pdo_sqlite PDO Driver for SQLite 3.x enabled SQLite Library 3.6.15 -----Original Message----- From: Tommy Pham [mailto:tommyhp2(a)gmail.com] Sent: Thursday, September 16, 2010 11:39 AM To: php-general(a)lists.php.net Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick > -----Original Message----- > From: Cheryl Sullivan [mailto:csulliva(a)SHH.ORG] > Sent: Thursday, September 16, 2010 8:33 AM > To: Tommy Pham; php-general(a)lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > SQL Server 8.00.818 - SP3 (Enterprise Edition) > 8? I think that's SQL 2000. If that's the case, you're 1 service pack behind. The latest service pack for SQL 2000 is 4. > Unfortunately I am fairly new to PHP and my boss just went home sick for > the day, so I don't know how to answer the question about the extension. > Can you tell me where I can find that? > phpinfo(); will give all the information pertaining to your PHP environment. Regards, Tommy > -----Original Message----- > From: Tommy Pham [mailto:tommyhp2(a)gmail.com] > Sent: Thursday, September 16, 2010 11:00 AM > To: php-general(a)lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > > -----Original Message----- > > From: Cheryl Sullivan [mailto:csulliva(a)SHH.ORG] > > Sent: Thursday, September 16, 2010 7:12 AM > > To: php-general(a)lists.php.net > > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded > > from MYSQL Query stick > > > > Hi there - I'm new to this news group. Any help with this is > appreciated - > > > > When I populate session vars from a MYSQL query, they are still there > when > > I change pages. If I populate them from an MSSQL query, they drop. > > > > It doesn't matter if I get to the next page using a header redirect or > a form > > submit. I have two session vars I'm loading from a MYSQL query and > they > > remain, the two loaded from MSSQL disappear. > > > > What SQL Server version? What PHP extension are you using? MSSQL? > sqlsrv? > > Regards, > Tommy > > > I have confirmed that all four session vars are loading ok initially > and I can > > echo them out to the page, but when the application moves to the next > > page via redirect or form submit, the two vars loaded from MSSQL are > > empty. > > > > Any ideas? > > > > > > Cheryl L. Sullivan > > Interface Analyst / Web Developer > > > > Sacred Heart Hospital (www.shh.org) > > 421 Chew Street * Allentown, PA 18102 > > Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the > environment > > before printing this e-mail > > > > > > > > Notice: This communication, including attachments, may contain > > information that is confidential and protected. It constitutes > non-public > > information intended to be conveyed only to the designated > recipient(s). If > > you believe that you have received this communication in error, please > > notify the sender immediately by return e-mail and promptly delete > this e- > > mail, including attachments without reading or saving them in any > manner. > > The unauthorized use, dissemination, distribution, or reproduction of > this > > e-mail, including attachments, is prohibited and may be unlawful. > Thank > > you. > > > -- > PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: > http://www.php.net/unsub.php > > > Notice: This communication, including attachments, may contain > information that is confidential and protected. It constitutes non-public > information intended to be conveyed only to the designated recipient(s). If > you believe that you have received this communication in error, please > notify the sender immediately by return e-mail and promptly delete this e- > mail, including attachments without reading or saving them in any manner. > The unauthorized use, dissemination, distribution, or reproduction of this > e-mail, including attachments, is prohibited and may be unlawful. Thank > you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
From: "Tommy Pham" on 16 Sep 2010 19:25 > -----Original Message----- > From: Cheryl Sullivan [mailto:csulliva(a)SHH.ORG] > Sent: Thursday, September 16, 2010 11:12 AM > To: Tommy Pham; php-general(a)lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > Tommy - I ran phpinfo() but I don't see anything in it referencing MSSQL or > SQLSRV. I have included all the references to "sql" I see below, but the only > references I see to databases are to mySQL and SQLLite. Unfortunately I > don't have any control over how service-packed the database server is. Is > there something in SP 4 for SQL Server 2000 that is supposed to fix the issue > I'm having, I may be able to plead my case for getting the latest SP. Is this > the case, do you know? > Here's the long lists of fixes in SP4 for SQL2000: http://support.microsoft.com/kb/888799/ http://support.microsoft.com/kb/888800/ As for if it's related to your current problem, we need to find out what are the possible causes for your problem. If you're not using mssql or sqlsrv extension, how are you able to access SQL Server, via ODBC? If you're not using ODBC either, then there is something seriously wrong with your app... or where you think you're getting the data that is supposed to be from MS SQL Server. Look at your class hitMSSQL. What does the internal of the class uses to connect, execute the query, and fetch the results? Are there any error catching/logging within the class? Or are all the statements begin with @? Regards, Tommy > mysql > MySQL Support enabled > Active Persistent Links 0 > Active Links 0 > Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ > Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 > size 2000 free_items 2000 references 2 > > Directive Local Value Master Value > mysql.allow_local_infile On On > mysql.allow_persistent On On > mysql.cache_size 2000 2000 > mysql.connect_timeout 60 60 > mysql.default_host no value no value > mysql.default_password no value no value mysql.default_port no value no > value mysql.default_socket no value no value mysql.default_user no value > no value mysql.max_links Unlimited Unlimited mysql.max_persistent > Unlimited Unlimited mysql.trace_mode Off Off > > > mysqli > MysqlI Support enabled > Client API library version mysqlnd 5.0.5-dev - 081106 - $Revision: > 1.3.2.27 $ > Active Persistent Links 0 > Inactive Persistent Links 0 > Active Links 0 > Persistent cache enabled > put_hits 0 > put_misses 0 > get_hits 0 > get_misses 0 > size 2000 > free_items 2000 > references 2 > > Directive Local Value Master Value > mysqli.allow_local_infile On On > mysqli.allow_persistent On On > mysqli.cache_size 2000 2000 > mysqli.default_host no value no value > mysqli.default_port 3306 3306 > mysqli.default_pw no value no value > mysqli.default_socket no value no value mysqli.default_user no value no > value mysqli.max_links Unlimited Unlimited mysqli.max_persistent > Unlimited Unlimited mysqli.reconnect Off Off > > > mysqlnd > mysqlnd enabled > Version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Command buffer > size 2048 Read buffer size 32768 Collecting statistics Yes Collecting > memory statistics Yes > > PDO > PDO support enabled > PDO drivers mysql, sqlite > > > pdo_mysql > PDO Driver for MySQL enabled > Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ > Persistent cache enabled > put_hits 0 > put_misses 0 > get_hits 0 > get_misses 0 > size 2000 > free_items 2000 > references 2 > > Directive Local Value Master Value > pdo_mysql.cache_size 2000 2000 > > > pdo_sqlite > PDO Driver for SQLite 3.x enabled > SQLite Library 3.6.15 > > -----Original Message----- > From: Tommy Pham [mailto:tommyhp2(a)gmail.com] > Sent: Thursday, September 16, 2010 11:39 AM > To: php-general(a)lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > > -----Original Message----- > > From: Cheryl Sullivan [mailto:csulliva(a)SHH.ORG] > > Sent: Thursday, September 16, 2010 8:33 AM > > To: Tommy Pham; php-general(a)lists.php.net > > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > > loaded from MYSQL Query stick > > > > SQL Server 8.00.818 - SP3 (Enterprise Edition) > > > > 8? I think that's SQL 2000. If that's the case, you're 1 service pack > behind. The latest service pack for SQL 2000 is 4. > > > Unfortunately I am fairly new to PHP and my boss just went home sick > for > > the day, so I don't know how to answer the question about the > extension. > > Can you tell me where I can find that? > > > > phpinfo(); will give all the information pertaining to your PHP > environment. > > Regards, > Tommy > > > -----Original Message----- > > From: Tommy Pham [mailto:tommyhp2(a)gmail.com] > > Sent: Thursday, September 16, 2010 11:00 AM > > To: php-general(a)lists.php.net > > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > > loaded from MYSQL Query stick > > > > > -----Original Message----- > > > From: Cheryl Sullivan [mailto:csulliva(a)SHH.ORG] > > > Sent: Thursday, September 16, 2010 7:12 AM > > > To: php-general(a)lists.php.net > > > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded > > > from MYSQL Query stick > > > > > > Hi there - I'm new to this news group. Any help with this is > > appreciated - > > > > > > When I populate session vars from a MYSQL query, they are still > there > > when > > > I change pages. If I populate them from an MSSQL query, they drop. > > > > > > It doesn't matter if I get to the next page using a header redirect > or > > a form > > > submit. I have two session vars I'm loading from a MYSQL query and > > they > > > remain, the two loaded from MSSQL disappear. > > > > > > > What SQL Server version? What PHP extension are you using? MSSQL? > > sqlsrv? > > > > Regards, > > Tommy > > > > > I have confirmed that all four session vars are loading ok initially > > and I can > > > echo them out to the page, but when the application moves to the > next > > > page via redirect or form submit, the two vars loaded from MSSQL are > > > empty. > > > > > > Any ideas? > > > > > > > > > Cheryl L. Sullivan > > > Interface Analyst / Web Developer > > > > > > Sacred Heart Hospital (www.shh.org) > > > 421 Chew Street * Allentown, PA 18102 > > > Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the > > environment > > > before printing this e-mail > > > > > > > > > > > > Notice: This communication, including attachments, may contain > > > information that is confidential and protected. It constitutes > > non-public > > > information intended to be conveyed only to the designated > > recipient(s). If > > > you believe that you have received this communication in error, > please > > > notify the sender immediately by return e-mail and promptly delete > > this e- > > > mail, including attachments without reading or saving them in any > > manner. > > > The unauthorized use, dissemination, distribution, or reproduction > of > > this > > > e-mail, including attachments, is prohibited and may be unlawful. > > Thank > > > you. > > > > > > -- > > PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: > > http://www.php.net/unsub.php > > > > > > Notice: This communication, including attachments, may contain > > information that is confidential and protected. It constitutes > non-public > > information intended to be conveyed only to the designated > recipient(s). > If > > you believe that you have received this communication in error, please > > notify the sender immediately by return e-mail and promptly delete > this e- > > mail, including attachments without reading or saving them in any > manner. > > The unauthorized use, dissemination, distribution, or reproduction of > this > > e-mail, including attachments, is prohibited and may be unlawful. > Thank > > you. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php
From: "Cheryl Sullivan" on 17 Sep 2010 08:13 Hi Andrew - I didn't mean to ignore your reply... Here is your earlier post - " The fact that you can echo the $_SESSION information on the same page and they contain the correct values suggest to me that the issue of MySQL/MSSQL is a red herring. I would look into things like the value for register_globals to make sure you don't have a global variable stepping on some of your session variables." Register_globals is off in our php.ini file. Again, I am fairly new to PHP. I guess I don't understand how a global variable can "step on" a session variable if the only thing I'm assigning anywhere in my application to said session variable is a value from a database query. When PHP changes pages, it might be arbitrarily assigning some value to a session variable, even though I'm not telling it to? Can you please explain this to me? Thanks - -----Original Message----- From: Andrew Ballard [mailto:aballard(a)gmail.com] Sent: Thursday, September 16, 2010 2:21 PM To: Cheryl Sullivan Cc: Tommy Pham; php-general(a)lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On Thu, Sep 16, 2010 at 10:26 AM, Cheryl Sullivan <csulliva(a)shh.org> wrote: [snip] > When I echo all five $_SESSION vars from here, they are all populated. > Then I can either redirect or form post to the next page. In either > case, the $_SESSION vars populated from SQL Server ( the SSN and Cost > Center vars) are blank when I echo them on the destination page. On Thu, Sep 16, 2010 at 2:12 PM, Cheryl Sullivan <csulliva(a)shh.org> wrote: > Tommy - I ran phpinfo() but I don't see anything in it referencing > MSSQL or SQLSRV. I have included all the references to "sql" I see > below, but the only references I see to databases are to mySQL and > SQLLite. Unfortunately I don't have any control over how service-packed > the database server is. Is there something in SP 4 for SQL Server 2000 > that is supposed to fix the issue I'm having, I may be able to plead my > case for getting the latest SP. Is this the case, do you know? > [snip] Again, I ask - based on what you said earlier - are you sure this is even a database issue? You said that when you echo the values in your $_SESSION array AFTER reading them from the database they are there, and you only lose them on the next request after either a redirect or a manual form POST. If the values are getting into $_SESSION correctly within this page, your issue is not related to the database at all. Am I misunderstanding you? Andrew Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you.
From: "Cheryl Sullivan" on 17 Sep 2010 10:50 Hi there - just to clear things up, I didn't mean your answer was irrelevant. It was an excellent point - I just took the function call encompassing the query string out of the code I posted to avoid people having to read too much. I thought showing the function call was irrelevant. Hope that makes sense - I did not intend to insult people who are taking the time to try to help me! Anyhoo - at the risk of going off the deep end in the other directions here are is everything - the three pages that currently encompass this application. You can see by the output I posted that appears on empForm.php that the SSN and Cost Center session vars come up blank, while the other three session vars and the hidden form fields do not. Thank you! Default.php ----------------------------- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Employee Illness - Injury Report</title> <link href="injury.css" rel="stylesheet" type="text/css" /> <script language="javascript" src="functions.js"></script> </head> <body onload="javascript:frmValidateMe.txtLastName.focus();"> <div id="mainContainer"> <div id="topHeader"></div> <div id="middle"> <div class="helpNote">For information or questions for this system, please contact Linda Williams x5984</div> </div> <div id="contentContainer"> <div id="contentText"> <div class="sectionHeading">Enter the system by validating, below.</div> <form name="frmValidateMe" method="post" action="mainRedirect.php"> <table> <tr> <td width="150"> </td><td>Your Last Name</td><td><input type="text" maxlength="100" name="txtLastName" id="txtLastName" /></td> </tr> <tr> <td width="150"> </td><td>Your SHH Badge ID #</td><td><input type="text" maxlength="10" name="txtBadgeID" id="txtBadgeID" /></td> </tr> <tr> <td width="150"> </td><td valign="top">I need to</td><td><input type="radio" name="rdoAction" id="rdoAction" value="0" checked/>Report my Injury/Illness<br /><input type="radio" name="rdoAction" id="rdoAction" value="1" />Check the Status/Update my Report</td> </tr> </table> <center><img src="images/btnSubmitBevel.gif" width="80" height="26" onclick="validateValidate();"/></center> </form> </div> </div> <div id="footer"></div> </div> </body> </html> -------------------------------------------------------------- mainRedirect.php (as you can see I now have it set up to submit a form, but I also have commented out the code I used to try to do a redirect.) ---------------- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Employee Illness - Injury Report Submit</title> <link href="injury.css" rel="stylesheet" type="text/css" /> <script language="javascript" src="functions.js"></script> </head> <body> <?php session_start(); ?> <?php function hitMSSQL($query,$server,$db,$login,$pass,$senditback){ $conn = new COM ("ADODB.Connection") or die("Cannot start ADO"); $connStr = "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass.";DATABASE=".$db; $conn->open($connStr); if($senditback==1){ return $conn->execute($query); }else{ $conn->execute($query); }} function GetSQLValueString($theValue, $theType, $database, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } if($database==1){ $theValue = mysql_real_escape_string($theValue); }else{ $theValue = str_replace("'","''",$theValue); } switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']); $q = sprintf("select * from emps where emp_last = %s and emp_badge = %s", GetSQLValueString($_SESSION['UserLastName'], "text", 1), GetSQLValueString($_SESSION['BadgeID'],"int", 1)); $q1 = "select * from emps where emp_last = '".$_SESSION['UserLastName']."' and emp_badge = '".$_SESSION['BadgeID']."'"; $rs_emp_info = hitMSSQL($q1,"intra_sql","employees","emps","e!mps",1); $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); //get form info for this employee $cnx = mysql_connect("localhost","appsuser","abc123"); $db = mysql_select_db("wrii_report"); $q1 = sprintf("select * from tblmainempreport where empUUID = '553920090528131'"); //print $q1 ."<br>"; $result = mysql_query($q1); $recArray = mysql_fetch_array($result); $_SESSION['empFName'] = $recArray['EmpFName']; ?> <form name="frmGoToEmpForm" ID="frmGoToEmpForm" method="post" action="empForm.php"> <input type="hidden" id="hdnSSN" name="hdnSSN" value="<?php print $rs_emp_info->fields("emp_ssn");?>" /> <input type="hidden" id="hdnCostCenter" name="hdnCostCenter" value="<?php print $rs_emp_info->fields("emp_costcenter");?>" /> </form> <script language="javascript">frmGoToEmpForm.submit();</script> <?php //header("Location: http://webapps/injury/empForm.php"); //exit(); ?> <div id="mainContainer"> <div id="topHeader"></div> <div id="middle"> <div class="helpNote">For information or questions for this system, please contact Linda Williams x5984 </div> <div id="contentContainer"> <div id="contentText"><center><?php print $rtnMsg?><br /> <span class="nonRequiredText"><a href="http://shhsnet/">Return to SHH Intranet</a></span></center> </div> </div> <div id="footer"></div> </div> </div> </body> </html> ----------------------------------------------------------------------------empForm.php - code ----------- <?php session_start(); ?> <?php //get avail ee info from ee database print "session_SSN = ".$_SESSION['SSN']."<br>"; print "session_CostCenter = ".$_SESSION['CostCenter']."<br>"; print "hidden_SSN = ".$_POST['hdnSSN']."<br>"; print "hidden_CostCenter = ".$_POST['hdnCostCenter']."<br>"; print "session_empFName = ".$_SESSION['empFName']."<br>"; print "session_userLastName = ".$_SESSION['UserLastName']."<br>"; print "session_BadgeID = ".$_SESSION['BadgeID']."<br>"; ?> ---------------------------------------------------------------- Output from empForm.php ----------------------- session_SSN = session_CostCenter = hidden_SSN = xxxxxxxx60 (it is displaying my actual SSN) hidden_CostCenter = 1604 session_empFName = CHERYL session_userLastName = sullivan session_BadgeID = 401337 -----Original Message----- From: Peter Lind [mailto:peter.e.lind(a)gmail.com] Sent: Thursday, September 16, 2010 4:20 PM To: Cheryl Sullivan Cc: ash(a)ashleysheridan.co.uk; php-general(a)lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On 16 September 2010 20:03, Cheryl Sullivan <csulliva(a)shh.org> wrote: > We are actually running the query through a function that removes single > ticks, etc to avoid this, but I didn't think that was relevant to the > question so I didn't include it. Thanks, though! You're the one with the problem you don't understand, which means you don't get to make decisions as what is or is not relevant. Rather: you have no idea what seems relevant to us trying to pinpoint the error. That said, if - like Andrew points out - you see the values directly after storing them, then the problem is not database related. What exactly happens between the two pages and on the second page? Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype> Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: libmcrypt usage Next: Session Vars loaded from MSSQL Query drop, those loadedfrom MYSQL Query stick |