Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
in [General]
|
Prev: libmcrypt usage
Next: Session Vars loaded from MSSQL Query drop, those loadedfrom MYSQL Query stick
From: "Tommy Pham" on 17 Sep 2010 12:21 > -----Original Message----- > From: Cheryl Sullivan [mailto:csulliva(a)SHH.ORG] > Sent: Friday, September 17, 2010 7:51 AM > To: Peter Lind; tommyhp2(a)gmail.com > Cc: ash(a)ashleysheridan.co.uk; php-general(a)lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > Hi there - just to clear things up, I didn't mean your answer was irrelevant. It > was an excellent point - I just took the function call encompassing the query > string out of the code I posted to avoid people having to read too much. I > thought showing the function call was irrelevant. Hope that makes sense - I > did not intend to insult people who are taking the time to try to help me! > > Anyhoo - at the risk of going off the deep end in the other directions here > are is everything - the three pages that currently encompass this > application. You can see by the output I posted that appears on > empForm.php that the SSN and Cost Center session vars come up blank, > while the other three session vars and the hidden form fields do not. Thank > you! > > Default.php > ----------------------------- > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > <html xmlns="http://www.w3.org/1999/xhtml"> > <head> > <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> > <title>Employee Illness - Injury Report</title> <link href="injury.css" > rel="stylesheet" type="text/css" /> <script language="javascript" > src="functions.js"></script> </head> <body > onload="javascript:frmValidateMe.txtLastName.focus();"> > <div id="mainContainer"> > <div id="topHeader"></div> > <div id="middle"> > <div class="helpNote">For information or questions for this system, > please contact Linda Williams x5984</div> > </div> > <div id="contentContainer"> > > <div id="contentText"> > <div class="sectionHeading">Enter the system by validating, > below.</div> > <form name="frmValidateMe" method="post" > action="mainRedirect.php"> > <table> > <tr> > <td width="150"> </td><td>Your Last Name</td><td><input > type="text" maxlength="100" name="txtLastName" id="txtLastName" > /></td> > </tr> > <tr> > <td width="150"> </td><td>Your SHH Badge ID > #</td><td><input type="text" maxlength="10" name="txtBadgeID" > id="txtBadgeID" /></td> > </tr> > <tr> > <td width="150"> </td><td valign="top">I need > to</td><td><input type="radio" name="rdoAction" id="rdoAction" > value="0" checked/>Report my Injury/Illness<br /><input type="radio" > name="rdoAction" id="rdoAction" value="1" />Check the Status/Update my > Report</td> > </tr> > </table> > <center><img src="images/btnSubmitBevel.gif" width="80" height="26" > onclick="validateValidate();"/></center> > </form> > </div> > </div> > <div id="footer"></div> > </div> > </body> > </html> > -------------------------------------------------------------- > mainRedirect.php (as you can see I now have it set up to submit a form, but I > also have commented out the code I used to try to do a redirect.) > ---------------- > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > <html xmlns="http://www.w3.org/1999/xhtml"> > <head> > <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> > <title>Employee Illness - Injury Report Submit</title> <link href="injury.css" > rel="stylesheet" type="text/css" /> <script language="javascript" > src="functions.js"></script> </head> > > <body> > <?php session_start(); ?> > <?php > function hitMSSQL($query,$server,$db,$login,$pass,$senditback){ > $conn = new COM ("ADODB.Connection") or die("Cannot start ADO"); > $connStr = > "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass > .";DATABASE=".$db; > $conn->open($connStr); > if($senditback==1){ > return $conn->execute($query); > }else{ > $conn->execute($query); > }} > > function GetSQLValueString($theValue, $theType, $database, > $theDefinedValue = "", $theNotDefinedValue = "") { > if (PHP_VERSION < 6) { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > } > > if($database==1){ > $theValue = mysql_real_escape_string($theValue); > }else{ > $theValue = str_replace("'","''",$theValue); > } > > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : > $theNotDefinedValue; > break; > } > return $theValue; > } > > $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); > $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']); > > > $q = sprintf("select * from emps where emp_last = %s and emp_badge = > %s", GetSQLValueString($_SESSION['UserLastName'], "text", 1), > GetSQLValueString($_SESSION['BadgeID'],"int", 1)); This may cause you problems since I see you're using MySQL to escape (mysql_real_escape_string) the input value(s) and later to be executed in MS SQL via COM.... > $q1 = "select * from emps where emp_last = > '".$_SESSION['UserLastName']."' and emp_badge = > '".$_SESSION['BadgeID']."'"; > > $rs_emp_info = hitMSSQL($q1,"intra_sql","employees","emps","e!mps",1); > $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); > > $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); > > > //get form info for this employee > $cnx = > mysql_connect("localhost","appsuser","abc123"); > $db = mysql_select_db("wrii_report"); > $q1 = sprintf("select * from > tblmainempreport where empUUID = '553920090528131'"); > //print $q1 ."<br>"; > $result = mysql_query($q1); > $recArray = mysql_fetch_array($result); > $_SESSION['empFName'] = > $recArray['EmpFName']; > ?> > <form name="frmGoToEmpForm" ID="frmGoToEmpForm" > method="post" action="empForm.php"> > <input type="hidden" id="hdnSSN" name="hdnSSN" value="<?php > print $rs_emp_info->fields("emp_ssn");?>" /> > <input type="hidden" id="hdnCostCenter" name="hdnCostCenter" > value="<?php print $rs_emp_info->fields("emp_costcenter");?>" /> > </form> > <script language="javascript">frmGoToEmpForm.submit();</script> > <?php > //header("Location: > http://webapps/injury/empForm.php"); > //exit(); > > ?> You'd have a problem here if you try to uncomment and execute the header() above. Can't set and send header once output have been sent to the client. http://us2.php.net/manual/en/function.header.php > <div id="mainContainer"> > <div id="topHeader"></div> > <div id="middle"> > <div class="helpNote">For information or questions for this system, > please contact Linda Williams x5984 > </div> > <div id="contentContainer"> > <div id="contentText"><center><?php print $rtnMsg?><br /> > <span class="nonRequiredText"><a href="http://shhsnet/">Return to > SHH Intranet</a></span></center> > </div> > </div> > <div id="footer"></div> > </div> > > </div> > </body> > </html> At the end of the this page 'mainRedirect.php', can you add this to ensure that what you're supposed to have? <?php var_dump($_SESSION); ?> Can you make sure that in phpinfo() where "Loaded Configuration File" is using the proper php.ini? Also, can you show all the settings without the comments under [session] in php.ini? Regards, Tommy > ---------------------------------------------------------------------------- empForm.php > - code > ----------- > > <?php session_start(); ?> > <?php > > //get avail ee info from ee database > print "session_SSN = ".$_SESSION['SSN']."<br>"; print "session_CostCenter = > ".$_SESSION['CostCenter']."<br>"; print "hidden_SSN = > ".$_POST['hdnSSN']."<br>"; print "hidden_CostCenter = > ".$_POST['hdnCostCenter']."<br>"; print "session_empFName = > ".$_SESSION['empFName']."<br>"; print "session_userLastName = > ".$_SESSION['UserLastName']."<br>"; > print "session_BadgeID = ".$_SESSION['BadgeID']."<br>"; > > ?> > ---------------------------------------------------------------- > Output from empForm.php > ----------------------- > session_SSN = > session_CostCenter = > hidden_SSN = xxxxxxxx60 (it is displaying my actual SSN) > hidden_CostCenter = 1604 session_empFName = CHERYL > session_userLastName = sullivan session_BadgeID = 401337 > > -----Original Message----- > From: Peter Lind [mailto:peter.e.lind(a)gmail.com] > Sent: Thursday, September 16, 2010 4:20 PM > To: Cheryl Sullivan > Cc: ash(a)ashleysheridan.co.uk; php-general(a)lists.php.net > Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > On 16 September 2010 20:03, Cheryl Sullivan <csulliva(a)shh.org> wrote: > > We are actually running the query through a function that removes > > single ticks, etc to avoid this, but I didn't think that was relevant > > to the question so I didn't include it. Thanks, though! > > You're the one with the problem you don't understand, which means you > don't get to make decisions as what is or is not relevant. Rather: you have no > idea what seems relevant to us trying to pinpoint the error. > > That said, if - like Andrew points out - you see the values directly after > storing them, then the problem is not database related. What exactly > happens between the two pages and on the second page? > > Regards > Peter > > -- > <hype> > WWW: http://plphp.dk / http://plind.dk > LinkedIn: http://www.linkedin.com/in/plind > BeWelcome/Couchsurfing: Fake51 > Twitter: http://twitter.com/kafe15 > </hype> > > Notice: This communication, including attachments, may contain > information that is confidential and protected. It constitutes non-public > information intended to be conveyed only to the designated recipient(s). If > you believe that you have received this communication in error, please > notify the sender immediately by return e-mail and promptly delete this e- > mail, including attachments without reading or saving them in any manner. > The unauthorized use, dissemination, distribution, or reproduction of this > e-mail, including attachments, is prohibited and may be unlawful. Thank > you.
First
|
Prev
|
Pages: 1 2 3 Prev: libmcrypt usage Next: Session Vars loaded from MSSQL Query drop, those loadedfrom MYSQL Query stick |