I'm in desperate need of help

levelwave

I've got a website that was developed on Windows running PHP 5 that works perfect but does not work correctly on the main server running PHP4 and some type of *nix. This was supposed to go live Friday but didn't because the shopping cart keeps losing it's contents and I've spent the last 3 days going over every bit of code and I still can't find the problem. If anyone could take the time to inspect 3 relatively short script with me I'd be EXTREMELY delighted and will, when the site goes live give you an 'at-cost' discount if you ever want to make a purchase. (It's a Vitamin/Sports Nutrtion Website)

If anyone can help me drop me a line or hit me up on AIM: levelwave

Here's the two of the scrips - primarily cart.php is kinda where I've narrowed it down

http://www.tonysvitaminsdirect.com/checkout.zip

I'm about to pull my hair out...

~john

planetsim

Um? why dont you just post the code. What is it loosing Session Data, MySQL contents what exactly?

levelwave

Whao... I changed all $_SESSION['varname'] to $HTTP_SESSION_VARS['varname'] and now it works. WTF!!!!

And idea why?

<?php

session_start();

require('phpscripts/functions.php');
require('phpscripts/dbconnect.php');



@$new = $_GET['new'];
@$item_id = $new;
@$HTTP_SESSION_VARS[ 'item_id' ] = $item_id;

check_valid_user();

require('main_top.php');

$query = "SELECT item_id, description, msrp FROM item WHERE item_id = '$item_id'";

$result = mysql_query( $query ) or die("mysql_query failed ".mysql_error());
$row = mysql_fetch_array( $result );

$query_description = "select image, extension from item_description where item_id = '$item_id'";
$result = mysql_query($query_description);
$row = mysql_fetch_array($result);		 
$image_ext = stripslashes($row['extension']);
$image_path = $item_id.$image_ext;


//if new item selected
if($new)
{

if( !isset($HTTP_SESSION_VARS[ 'cart' ]) )
{
    $HTTP_SESSION_VARS['cart'] = array();
      $HTTP_SESSION_VARS['img'] = array();
	    $HTTP_SESSION_VARS['item_price'] = array();

	  $HTTP_SESSION_VARS['items'] = 0;
	  $HTTP_SESSION_VARS['total_price'] = 0.00;

}

if( isset($HTTP_SESSION_VARS['cart'][$item_id]) )
     $HTTP_SESSION_VARS['cart'][$item_id]++;


else
	  $HTTP_SESSION_VARS['cart'][$item_id] = 1;


   $HTTP_SESSION_VARS['img'][$item_id] = $image_path;
   $HTTP_SESSION_VARS[ 'imageExist' ][$item_id] = $image_ext;


}

greetUser();

echo '<h2>Your shopping cart</h2><br><br>';

?>

<table width=100% cellpadding=5 cellspacing=0 border=0>
<tr>
  <td bgcolor=#F5F5F5><b>Item</b></td>
	<td bgcolor=#F5F5F5 align="left"><b>Brand</b></td>
	<td bgcolor=#F5F5F5 align="left"><b>Description</b></td>
	<td bgcolor=#F5F5F5 align="center"><b>Quantity</b></td>
	<td bgcolor=#F5F5F5 align="right"><b>Price</b></td>
</tr>

<?php



foreach($HTTP_SESSION_VARS['cart'] as $key => $value)
{
    $price = getPrice_db($key);
	$HTTP_SESSION_VARS['item_price'][$item_id] = $price; 
	$description = getProductDescription_db($key);
	$brand = getProductBrand_db($key);

echo "<tr>";

 echo "<td align=left><img src=product_images/".$HTTP_SESSION_VARS['img'][$key]." alt=".$HTTP_SESSION_VARS['img'][$key]." height=50 border=0></td>";


echo "<td align=left class=textnav><a href=.. class=textnav>$brand</a></td>";
echo "<td align=left class=textnav><a href=.. class=textnav>$description</a></td>";
echo "<td align=center class=textnav><a href=.. class=textnav>$value</a></td>";
$price = $price * $value;
echo "<td align=right class=textnav><a href=.. class=textnav>$$price</a></td>";
echo "</tr>";
}

$HTTP_SESSION_VARS['items']++;
$total = calculateTotalPrice( $HTTP_SESSION_VARS['cart'] );
$HTTP_SESSION_VARS['total_price'] = $total;


echo "<tr>";
echo "<td colspan=5> <hr> </td>";
echo "</tr><tr>";
echo "<td colspan=5 align=right bgcolor=#C5C5C5><b>Total: </b><font color=red>$$total</td>";
echo "</tr>";

?>
<tr>
  <td> <br> </td>
</tr>
<tr>
  <td><a href="index.php"><img src="images/cart/continue-shopping.gif" border="0"></a></td>
	<td> &nbsp </td>
  <td align="right"><a href="checkout.php"><img src="images/cart/go-to-checkout.gif" border="0"></a></td>
</tr>

</table>

<?php

require('main_bottom.php');

?>
 ---------------------

<?php
    // The shopping cart needs sessions, so start one
  session_start();

  //include our function set
  require('phpscripts/functions.php');
  require('phpscripts/dbconnect.php');



require('main_top.php');
  if($HTTP_SESSION_VARS['cart'] && array_count_values($HTTP_SESSION_VARS['cart']))
  {

display_checkout_form();

  }
  else
    echo '<p>There are no items in your cart</p>';

require('main_bottom.php');

?>

planetsim

Ok what version of PHP 4 is installed?

$_SESSION if i remember correctly was 4.2 or 4.3 (*checks manual) ok it says 4.1 😕

I assume your using < PHP 4.1

Also dont use so many @'s not only are they ugly but if there is going to be an error it will go straight past it and pretend nothing ever happened with that you may get some weird results because of it.

levelwave

PHP 4.3... and the @'s are used for a reason...

BigBadKev

Hi levewave,

I have to agree with planetsim were he says "Also dont use so many @'s not only are they ugly but if there is going to be an error it will go straight past it and pretend nothing ever happened with that you may get some weird results because of it."

I had a error that persisted for 10 months due to this and i didnt even know it existed, so be it a small error.

I find I rarely use the @ due to this danger.

BBK

planetsim

taking a quick look your @'s are really not needed to be honest in my apps i use about 2/3 in total mainly when using the database functions to instead of send a nice MySQL error to a hacker send my own out and retrieve the actual error in a log or sent out by Email.

@$new = $_GET['new'];
@$item_id = $new;
@$HTTP_SESSION_VARS[ 'item_id' ] = $item_id;

If you require @'s for all of these you are not running any error checking lets make it simple


if (isset($_GET['new'])) {
  $new = $_GET['new']; //as its defined there is no need to have an @
  $item_id = $new; //well this is sort of obvious now since $new exists however i feel this is a wasted variable
  $HTTP_SESSION_VARS['item_id'] = $item_id; //again no need you can and should run a check as to which way you are doing this
} else {
  //its not set in the query string send an error or something
}

If you wish to use $HTTP_SESSION_VARS througout

if (isset($_SESSION)) { //check if this actually exists
  $HTTP_SESSION_VARS=$_SESSION; //this is unclean not tested however should work.
}

As your only setting the value to $HTTP_SESSION_VARS you dont need the @ and when you wish to check you should use the function isset like i did in examples