Hello Everyone,
I'm have a strange new development in my project. I'm using session vars to hold various user info starting from login. The session vars get carried around to be used wherever. A day or two ago I noticed some anomalous behavior in that certain bits of session data weren't showing up when expected. For instance $_SESSION['user_id'] wouldn't get written into an SQL UPDATE query as the page was loaded/parsed. Result--everything was fine, until you tried to submit the update and then the primary key would be empty!
It wasn't particularly problematic because I generally have the same value in multiple variables on a page--so I just grab it from another variable.
This is particularly strange because I have a div which users foreach($_SESSION as $x => $y){ echo "$x: $y";} included at the very end of each script. So, I can see all my session variables and their values on every page--sure enough, all those missing values are present and accounted for at the end of the script--just not where they really matter!
I can still get around these problems, but I have to use chains of values. That is, I can use this value from this object, which was retrieved using that value from that object--which was retrieved using ... which finally was retrieved using the original login credentials. I don't like that! Too much opportunity for problems/errors/vulnerabilities.
Here's the script that I was working on just a while ago when I decided "Dang-it, I don't wanna pull that value from the recordset--I SHOULD BE ABLE TO USE THE SESSION USER ID--IT'S RIGHT FREAKIN THERE!!!!!!" :queasy:
Sorry, it's a bit messy. I use Dreamweaver 8 and I haven't cleaned up the code yet since I'm still working on it. I tried to space out the lines that I added notes on.
//////////////////////////////////////////////////////////////////////////////////////////////
<?php mysql_query("SET NAMES 'utf8'", $textConnection); ?>
<?php //This is my block because if I change Dw8 code blocks, Dw often doesn't recognize them anymore.
$SESSION['testVar'] = 'Initialized';
if(!isset($SESSION)){session_start();}//Start session if need be.
if(isset($SESSION) && isset($GET['language'])){$SESSION['language'] = $GET['language']; } //If a language has just been selected, it will be in the URL--set it to the current language session variable.
else {
if(!isset($SESSION['language']) && $SESSION['language'] == ''){$SESSION['language']='English';}
}//Otherwise set the language to English.
$SESSION['currentURL'] = $_SERVER['REQUEST_URI']; //Keep track of the current URL for what ever purposes I may have later.
include('scripts/userDataScripts.php');
//End my block
?>
<?php
...
...
$editFormAction = $SERVER['PHP_SELF'];
if (isset($SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($POST["MM_update"])) && ($POST["MM_update"] == "newBlogForm")) {
$updateSQL = sprintf("UPDATE P_User_Blogs SET user_id=%s, user=%s, title=%s, entry=%s, date=%s, mood=%s WHERE blog_id=%s",
GetSQLValueString($POST['user_id'], "int"),
GetSQLValueString($POST['user'], "text"),
GetSQLValueString($POST['title'], "text"),
GetSQLValueString($POST['entry'], "text"),
GetSQLValueString($POST['date'], "date"),
GetSQLValueString($POST['mood'], "text"),
GetSQLValueString($_POST['blog_id'], "int"));
mysql_select_db($databasexxx, $xxx);
$Result1 = mysql_query($updateSQL, $xxx) or die(mysql_error());
<!-- This session(user_id) DOES NOT work and is the one that sent me here because the redirect page would then display a template with no data in it because there was no primary key sent to it. -->
$updateGoTo = "userBlogs.php?user_id=" . $SESSION['user_id'] . "";
if (isset($SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
<!-- This session(user_id) DOES NOT work -->
$colname_userProfile = "-1";
if (isset($SESSION['user_id'])) {
$colname_userProfile = $SESSION['user_id'];
}
mysql_select_db($databasexxx, $xxx);
$query_userProfile = sprintf("SELECT * FROM P_User_Profiles WHERE PostId = %s", GetSQLValueString($colname_userProfile, "int"));
$userProfile = mysql_query($query_userProfile, $xxx) or die(mysql_error());
$row_userProfile = mysql_fetch_assoc($userProfile);
$totalRows_userProfile = mysql_num_rows($userProfile);
<!-- This session(language) works -->
$colname_templateTxt = "-1";
if (isset($SESSION['language'])) {
$colname_templateTxt = $SESSION['language'];
}
mysql_select_db($databasexxx, $xxx);
$query_templateTxt = sprintf("SELECT * FROM phTemplate2 WHERE language = %s", GetSQLValueString($colname_templateTxt, "text"));
$templateTxt = mysql_query($query_templateTxt, $xxx) or die(mysql_error());
$row_templateTxt = mysql_fetch_assoc($templateTxt);
$totalRows_templateTxt = mysql_num_rows($templateTxt);
<!-- This session(language) works -->
$colname_navBarTxt = "-1";
if (isset($SESSION['language'])) {
$colname_navBarTxt = $SESSION['language'];
}
mysql_select_db($databasexxx, $xxx);
$query_navBarTxt = sprintf("SELECT * FROM navigation WHERE language = %s", GetSQLValueString($colname_navBarTxt, "text"));
$navBarTxt = mysql_query($query_navBarTxt, $xxx) or die(mysql_error());
$row_navBarTxt = mysql_fetch_assoc($navBarTxt);
$totalRows_navBarTxt = mysql_num_rows($navBarTxt);
$colname_editBlog = "-1";
if (isset($GET['blog_id'])) {
$colname_editBlog = $GET['blog_id'];
}
mysql_select_db($databasexxx, $xxx);
$query_editBlog = sprintf("SELECT blog_id, user_id, title, entry, date, mood FROM P_User_Blogs WHERE blog_id = %s", GetSQLValueString($colname_editBlog, "int"));
$editBlog = mysql_query($query_editBlog, $xxx) or die(mysql_error());
$row_editBlog = mysql_fetch_assoc($editBlog);
$totalRows_editBlog = mysql_num_rows($editBlog);
...
...
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Blogs, <?php echo $_SESSION['username']; ?>'s New Blog</title>
<link href="styles/phStyle2.css" rel="stylesheet" type="text/css" />
<!--<script type="text/javascript" src="scripts/scrolling.js" />-->
</head>
<?php require('scripts/writeCustomStyles.php'); ?>
<body >
<div id="main">
<div id="text">
<form action="<?php echo $editFormAction; ?>" id="newBlogForm" name="newBlogForm" method="POST">
<p>
<label>Title:
<!-- THIS user_id gets echo in place -->
<input name="user_id" type="hidden" id="user_id" value="<?php echo $_SESSION['user_id']; ?>" />
...
...
<label>
<div align="right"><strong>Update Blog...</strong>
<input name="Submit" type="image" id="Submit" value="" src="../images/site_parts/button-lime.png"
alt="Add this blog." />
</div>
<input type="hidden" name="MM_update" value="newBlogForm">
</label>
</form>
</div>
</div>
<div id="footer">
<h4><?php echo $row_templateTxt['Visitor']; ?> #<?php echo $FX_count ?></h4>
<div>
<?php include_once('phFooters/skyFooter1/skyFooter1.htm');?>
</div>
</div>
<?php include('flagBar.php'); ?>
</div>
<!-- This file contains the div that loops over the $_SESSION vars and echos them out. -->
<!-- include testingDiv file to write out various information -->
<?php include('testingDiv.php'); ?>
</body>
</html>
<?php
mysql_free_result($userProfile);
mysql_free_result($templateTxt);
mysql_free_result($navBarTxt);
mysql_free_result($editBlog);
?>
///////////////////////////////////////////////////////////////
