Session Vars loaded from MSSQL Query drop, those loadedfrom MYSQL Query stick
in [General]
|
Prev: Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
Next: Valid Xml not validate with xsd
From: Andrew Ballard on 17 Sep 2010 10:34 On Fri, Sep 17, 2010 at 8:13 AM, Cheryl Sullivan <csulliva(a)shh.org> wrote: > Hi Andrew - I didn't mean to ignore your reply... > > Here is your earlier post - > > " The fact that you can echo the $_SESSION information on the same page and they contain the correct values suggest to me that the issue of MySQL/MSSQL is a red herring. I would look into things like the value for register_globals to make sure you don't have a global variable stepping on some of your session variables." > > Register_globals is off in our php.ini file. > > Again, I am fairly new to PHP. I guess I don't understand how a global variable can "step on" a session variable if the only thing I'm assigning anywhere in my application to said session variable is a value from a database query. Â When PHP changes pages, it might be arbitrarily assigning some value to a session variable, even though I'm not telling it to? > > Can you please explain this to me? Â Thanks - > It's been a while since I've dealt with either, but I believe the most common way would involve register_globals (and session auto_start?). The session would automatically register global variables named $SSN or $CostCenter in your page that would be tied to $_SESSION['SSN'] and $_SESSION['CostCenter'], even before a line of code was executed. If you then change the value of $SSN - even if you intentionally initialize it to an empty value at the beginning of a script -- PHP would alter the value of SSN in the session itself. I don't know exactly what is happening in your case. All I am suggesting is that if you are getting the correct values from the database and you can see that they have been correctly assigned to the $_SESSION array when you echo them later in the script, the issue is somewhere other than with the database and you need to dig somewhere else for the solution. Andrew
From: Andrew Ballard on 17 Sep 2010 11:14
On Fri, Sep 17, 2010 at 10:50 AM, Cheryl Sullivan <csulliva(a)shh.org> wrote: > Hi there - just to clear things up, I didn't mean your answer was irrelevant. Â It was an excellent point - I just took the function call encompassing the query string out of the code I posted to avoid people having to read too much. Â I thought showing the function call was irrelevant. Â Hope that makes sense - I did not intend to insult people who are taking the time to try to help me! > > Anyhoo - at the risk of going off the deep end in the other directions here are is everything - the three pages that currently encompass this application. Â You can see by the output I posted that appears on empForm.php that the SSN and Cost Center session vars come up blank, while the other three session vars and the hidden form fields do not. Â Thank you! > > Default.php > ----------------------------- > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > <html xmlns="http://www.w3.org/1999/xhtml"> > <head> > <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> > <title>Employee Illness - Injury Report</title> > <link href="injury.css" rel="stylesheet" type="text/css" /> > <script language="javascript" src="functions.js"></script> > </head> > <body onload="javascript:frmValidateMe.txtLastName.focus();"> > <div id="mainContainer"> > Â <div id="topHeader"></div> > Â <div id="middle"> > Â Â <div class="helpNote">For information or questions for this system, please contact Linda Williams x5984</div> > Â </div> > Â <div id="contentContainer"> > > Â Â Â <div id="contentText"> > Â Â Â <div class="sectionHeading">Enter the system by validating, below.</div> > Â Â Â <form name="frmValidateMe" method="post" action="mainRedirect.php"> > Â Â Â <table> > Â Â Â Â <tr> > Â Â Â Â Â Â Â Â <td width="150"> </td><td>Your Last Name</td><td><input type="text" maxlength="100" name="txtLastName" id="txtLastName" /></td> > Â Â Â Â </tr> > Â Â Â Â <tr> > Â Â Â Â Â Â Â Â <td width="150"> </td><td>Your SHH Badge ID #</td><td><input type="text" maxlength="10" name="txtBadgeID" id="txtBadgeID" /></td> > Â Â Â Â </tr> > Â Â Â Â <tr> > Â Â Â Â Â Â Â Â <td width="150"> </td><td valign="top">I need to</td><td><input type="radio" name="rdoAction" id="rdoAction" value="0" checked/>Report my Injury/Illness<br /><input type="radio" name="rdoAction" id="rdoAction" Â value="1" />Check the Status/Update my Report</td> > Â Â Â Â </tr> > Â Â Â </table> > Â Â Â Â <center><img src="images/btnSubmitBevel.gif" width="80" height="26" onclick="validateValidate();"/></center> > Â Â Â </form> > Â Â Â </div> > Â </div> > Â <div id="footer"></div> > </div> > </body> > </html> > -------------------------------------------------------------- > mainRedirect.php (as you can see I now have it set up to submit a form, but I also have commented out the code I used to try to do a redirect.) > ---------------- > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > <html xmlns="http://www.w3.org/1999/xhtml"> > <head> > <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> > <title>Employee Illness - Injury Report Submit</title> > <link href="injury.css" rel="stylesheet" type="text/css" /> > <script language="javascript" src="functions.js"></script> > </head> > > <body> > <?php session_start(); ?> > <?php > function hitMSSQL($query,$server,$db,$login,$pass,$senditback){ > $conn = new COM ("ADODB.Connection") or die("Cannot start ADO"); > $connStr = "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass.";DATABASE=".$db; > $conn->open($connStr); > if($senditback==1){ > Â Â Â Â return $conn->execute($query); > }else{ > Â Â Â Â $conn->execute($query); > }} > > function GetSQLValueString($theValue, $theType, $database, $theDefinedValue = "", $theNotDefinedValue = "") > { > Â if (PHP_VERSION < 6) { > Â Â $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; > Â } > > Â if($database==1){ > Â $theValue = mysql_real_escape_string($theValue); > Â }else{ > Â $theValue = str_replace("'","''",$theValue); > Â } > > Â switch ($theType) { > Â Â case "text": > Â Â Â $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > Â Â Â break; > Â Â case "long": > Â Â case "int": > Â Â Â $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > Â Â Â break; > Â Â case "double": > Â Â Â $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; > Â Â Â break; > Â Â case "date": > Â Â Â $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > Â Â Â break; > Â Â case "defined": > Â Â Â $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > Â Â Â break; > Â } > Â return $theValue; > } > > $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); > $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']); > > > $q = sprintf("select * from emps where emp_last = %s and emp_badge = %s", > GetSQLValueString($_SESSION['UserLastName'], "text", 1), > GetSQLValueString($_SESSION['BadgeID'],"int", 1)); > $q1 = "select * from emps where emp_last = '".$_SESSION['UserLastName']."' and emp_badge = '".$_SESSION['BadgeID']."'"; > > $rs_emp_info = hitMSSQL($q1,"intra_sql","employees","emps","e!mps",1); > $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); > > $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); > > > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â //get form info for this employee > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â $cnx = mysql_connect("localhost","appsuser","abc123"); > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â $db = mysql_select_db("wrii_report"); > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â $q1 = sprintf("select * from tblmainempreport where empUUID = '553920090528131'"); > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â //print $q1 ."<br>"; > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â $result = mysql_query($q1); > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â $recArray = mysql_fetch_array($result); > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â $_SESSION['empFName'] = $recArray['EmpFName']; > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â ?> > Â Â Â Â Â Â Â Â <form name="frmGoToEmpForm" ID="frmGoToEmpForm" method="post" action="empForm.php"> > Â Â Â Â Â Â Â Â <input type="hidden" id="hdnSSN" name="hdnSSN" value="<?php print $rs_emp_info->fields("emp_ssn");?>" /> > Â Â Â Â Â Â Â Â <input type="hidden" id="hdnCostCenter" name="hdnCostCenter" value="<?php print $rs_emp_info->fields("emp_costcenter");?>" /> > Â Â Â Â Â Â Â Â </form> > Â Â Â Â Â Â Â Â <script language="javascript">frmGoToEmpForm.submit();</script> > Â Â Â Â Â Â <?php > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â //header("Location: http://webapps/injury/empForm.php"); > Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â //exit(); > > > > > > ?> > <div id="mainContainer"> > Â <div id="topHeader"></div> > Â Â Â Â <div id="middle"> > Â Â Â Â <div class="helpNote">For information or questions for this system, please contact Linda Williams x5984 > Â Â Â Â </div> > Â Â Â Â <div id="contentContainer"> > Â Â Â Â Â Â Â Â <div id="contentText"><center><?php print $rtnMsg?><br /> > Â Â Â Â Â Â <span class="nonRequiredText"><a href="http://shhsnet/">Return to SHH Intranet</a></span></center> > Â Â Â Â Â Â </div> > Â Â Â Â </div> > Â Â Â Â <div id="footer"></div> > Â Â Â Â </div> > > </div> > </body> > </html> > ----------------------------------------------------------------------------empForm.php - code > ----------- > > <?php session_start(); ?> > <?php > > //get avail ee info from ee database > print "session_SSN = ".$_SESSION['SSN']."<br>"; > print "session_CostCenter = ".$_SESSION['CostCenter']."<br>"; > print "hidden_SSN = ".$_POST['hdnSSN']."<br>"; > print "hidden_CostCenter = ".$_POST['hdnCostCenter']."<br>"; > print "session_empFName = ".$_SESSION['empFName']."<br>"; > print "session_userLastName = ".$_SESSION['UserLastName']."<br>"; > print "session_BadgeID = ".$_SESSION['BadgeID']."<br>"; > > ?> > ---------------------------------------------------------------- > Output from empForm.php > ----------------------- > session_SSN = > session_CostCenter = > hidden_SSN = xxxxxxxx60 (it is displaying my actual SSN) > hidden_CostCenter = 1604 > session_empFName = CHERYL > session_userLastName = sullivan > session_BadgeID = 401337 > I'm not sure if this is it or not, but what happens if you change these two lines: $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); to this: $_SESSION['SSN'] = (string) $rs_emp_info->fields("emp_ssn"); $_SESSION['CostCenter'] = (string) $rs_emp_info->fields("emp_costcenter"); My theory is that since you are using COM to query SQL Server, it is returning COM variants, and the actual value of $rs_emp_info->fields("emp_ssn") is not a scalar value - it's a COM variant of something like an ADODB.Field. The default property of that datatype is the object's value, so when you use print to write its value in the form, it is probably implicitly converting the object to its default property which is a string. However, when you assign it to $_SESSION['SSN'], it may be that it is assigned as a COM variant that cannot be correctly serialized in the session. By explicitly typecasting the value to a string when you assign it to the session, you'll get the value rather than its wrapper. For what it's worth, it is probably also worthwhile to plan at some point soon on changing from COM to a native PHP library to get data from SQL Server. Since you are already running on Windows, Microsoft's SQL Server Driver for PHP should be a great replacement for you. It returns values as the correct native PHP type rather than wrapped inside those COM variants. Andrew |