How do I a pass 2 variables ?

Will_W

Ok this is my story. I'm building a simple adminstrative database query page so they can query online. Since it's in the admin section there is a Session ID that gets passed and checked on every page. The problem comes when the form submits. It doesn't query the database because of the session id. How can i fix this?

Here is the Database Query Page:

<?php
  /////////////////////////////////////////////////////
  //Check the user session                       //
  ///////////////////////////////////////////////////

  include('../config.php');
  $connection = mysql_connect($dbhost, $dbuser, $dbpass) 
     or die("Connection error!");

  mysql_select_db($dbname, $connection);

  $query1 = "SELECT SesId FROM Temp WHERE SesId = '$SesId'";

  $result = mysql_query($query1) 
    or die("ERROR #1");

  $num_rows = mysql_num_rows($result);

  if($num_rows == 0) 
    {
      print("No Access!");
    }
  else
   {
?>

<?php
  ///////////////////////////////////////////////////
  //Stat Database Query Page                 /
  /////////////////////////////////////////////////


  if(!isset($query) || empty($query))
   {
     $query = "select * from pages";
   }

  $query = stripslashes($query);

  $connection = mysql_connect($dbhost, $dbuser, $dbpass) 
     or die("Connection error!");

  mysql_select_db($dbname, $connection);

  $result = mysql_query($query) 
     or die("ERROR #338");

  $number_cols = mysql_num_fields($result);

  echo "<b>Query: $query</b>";

  //layout table hearder
  echo "<table border = 1>\n";
  echo "<tr align=center>\n";

  for ($i = 0; $i<$number_cols; $i++)
   {
      echo "<th>" . mysql_field_name($result, $i). "</th>\n";
   }

  echo "</tr>\n"; 

  //layout table body
  while ($row = mysql_fetch_row($result))
   {
      echo "<tr align=left>\n";
      for ($i = 0; $i<$number_cols; $i++)
       {
         echo "<td>";
         if (!isset($row[$i])) //test for null value
          {
            echo "NULL";
          }
         else
          {
            echo $row[$i];
          }
         echo "</td>";
       }
    }

   echo "</table>";
?>

<form action="<?echo $PHP_SELF, "?SesId=", $SesId ?>" method="get">
<input type="text" name="query" size="50"><br>
<input type="submit">
</form>

<?php
  //End Of session checker
 }
?>

This is what I was experimenting with:

<form action="<?echo $PHP_SELF, "?SesId=", $SesId ?>" method="get">
<input type="text" name="query" size="50"><br>
<input type="submit">
</form>

could someone tell me how I could pass the SesId and the query to the page?

altexis

This is what I was experimenting with:

<form action="<?echo $PHP_SELF, "?SesId=", $SesId ?>" method="get">
<input type="text" name="query" size="50"><br>
<input type="submit">
</form>

try replacing $SesId with $PHPSESSID

Will_W

I tried replacing it like you said same result. Any other ideas?

altexis

yes... create an emty page with
<? phpinfo(); ?> in it

this will show you a list with all your php server settings

look for the line "session.name"
the name it says over there is the variable holding the session ids

Will_W

Yes I tried replacing it with the name in the info page. Still didn't work. But my user sessions isn't based on session fucntion. Had to be re-created for some reason. It's setup is based on micotime and rand numbers.

Is they're away to grab the session from the address bar and seperate it ? They're has got to be away to do this.

Will_W

I'm just posting a reply to let people know I got it. 🙂 Just took me some time to figure it out. Remember Echo is the best debugging tool. Anyways all i did was pass the value to a hidden form. Here is what the whole code looks like

<?php
  include('../config.php');


  $variablename=$_GET['SesId'];
 // echo("The session id:");
 // echo($variablename);
 // echo("<br>");
  $variablename2=$_Get['session'];

  $variablename2 = $HTTP_GET_VARS["session"];
  //echo("The session that got passed:");
  //echo($variablename2);
  //echo("<Br>");


  ////////////////////////////////////////////////////
  //Check database for session                       /
  //If the user isn't logged in then NO Page for him!/
  ///////////////////////////////////////////////////


  $connection = mysql_connect($dbhost, $dbuser, $dbpass) 
     or die("Connection error!");

  mysql_select_db($dbname, $connection);

  if($variablename == "") 
     { 
       $theId = $variablename2;
     } 
    else 
     { 
       $theId = $variablename;
     }

//echo("The id for the session is:");
//echo( $theId);
//echo("<br>");

  $query2 = "SELECT SesId FROM Temp WHERE SesId = '$theId'";




  $result = mysql_query($query2) 
    or die("ERROR #1");

  $num_rows = mysql_num_rows($result);

  if($num_rows == 0) 
    {
      print("No Access!");
      print($theId);
    }
  else
   {


  if(!isset($query) || empty($query))
     {
       $query = "select Menu_Entry from pages";
     }

 $query = stripslashes($query);

  $connection = mysql_connect($dbhost, $dbuser, $dbpass) 
     or die("Connection error!");

  mysql_select_db($dbname, $connection);
	       //$query = "Show Tables";

  $result = mysql_query($query) 
     or die("ERROR #338");

  $number_cols = mysql_num_fields($result);

  echo "<b>Query: $query</b>";

  //layout table hearder
  echo "<table border = 1>\n";
  echo "<tr align=center>\n";

  for ($i = 0; $i<$number_cols; $i++)
   {
      echo "<th>" . mysql_field_name($result, $i). "</th>\n";
   }

  echo "</tr>\n"; 

  //layout table body
  while ($row = mysql_fetch_row($result))
   {
      echo "<tr align=left>\n";
      for ($i = 0; $i<$number_cols; $i++)
       {
         echo "<td>";
         if (!isset($row[$i])) //test for null value
          {
            echo "NULL";
          }
         else
          {
            echo $row[$i];
          }
         echo "</td>";
       }
    }

   echo "</table>";

  //$PHP_SELF

  echo "<form action='sqlquery.php' method='get'>";
  echo "<input type='text' name='query' size='50'><br>";
  echo "<input type='hidden' name='session' value='";

if($variablename == "") 
 { 
   echo $variablename2;
 } 
else 
 { 
   echo $variablename;
 }
  echo "'>";
  echo "<input type='submit'>";
  echo "</form>";

}
?>

It's probably not the smartest way to go about it but hey it works and that's what it should do 🙂