Ben,
First of all, I thank you for your time and help.
My ai with using unset($var) in update_order.php is to set the SESSION
variable for an item to ' ' (empty) so that it would not show up on the
order summary (because my writeResultRow() function will only write a row if
that variable is greater than 0).
I just can't figure out what I'm missing here. Before I received your
response, I made a few changes to my code, which helped streamline the
calculating parts (grabbing values from SESSION instead of POST, and now
when I update order_summary, the values will remain because it pulls them
from the SESSION).
I want to edit the values in the SESSION, so that when update_order.php
redirects to order_process.php, the values are changed, and if applicable,
an item is removed from the html table (if the quantity is less than 1).
Here is some more complete code:
[code = order_process.php]
<?php
session_start();
// POST ALL $_POST VALUES, CREATE AS VARIABLES IN SESSION
foreach($_POST as $k=>$v) {
$_SESSION[$k]=$v;
}
$thisPage="AFY"; //NAVIGATION PURPOSES
include("afyshows.php"); //CONTAINS ARRAYS FOR SHOW ENTITIES; POPULATES
ORDER FORM
?>
. . .
</p><form name="update" action="update_order.php" method="post" >
<!-- HIDDEN FORM VALUES FOR SESSION PURPOSES -->
<input type="hidden" name="School" id="School" value="<?php
$_SESSION['School']; ?>" />
<input type="hidden" name="Grade" id="Grade" value="<?php
$_SESSION['Grade']; ?>" />
<input type="hidden" name="Address" id="Address" value="<?php
$_SESSION['Address']; ?>" />
<input type="hidden" name="City" id="City" value="<?php $_SESSION['City'];
?>" />
<input type="hidden" name="State" id="State" value="<?php
$_SESSION['State']; ?>" />
<input type="hidden" name="Zip" id="Zip" size="9" value="<?php
$_SESSION['Zip']; ?>" />
<input type="hidden" name="Contact" id="Contact" value="<?php
$_SESSION['Contact']; ?>" />
<input type="hidden" name="Phone" id="Phone" value="<?php
$_SESSION['Phone']; ?>" />
<input type="hidden" name="Fax" id="Fax" value="<?php $_SESSION['Fax']; ?>"
/>
<input type="hidden" name="Email" id="Email" value="<?php
$_SESSION['Email']; ?>" />
. . .
<?php
function findTotalCost($b, $c) {
$total = $b * $c;
return $total;
}
function writeResultRow($a, $b, $c, $d, $e, $f) {
if($a != '') {
echo "\n<tr>\n\t";
echo "<td'>".$b."</td><td>".$c."</td><td>".$d."</td>";
echo "<td>".$e."</td><td> </td><td><input type='text' value='".$a."'
name='".$a."' id='".$a."' size='2' /></td><td>=</td><td>\$".$f."</td>";
echo "</tr>";
}
}
//SETS $Total_show_01 to PRICE * QUANTITY
//FORMATS TOTAL
//IF A QUANTITY IS ENTERED, WRITES THE ROW WITH CURRENT VARIABLES
$Total_show_01 = findTotalCost($shows['show_01']['price'],
$_SESSION['show_01_qty']);
$Total_show_01_fmtd = number_format($Total_show_01, 2, '.', '');
writeResultRow($_SESSION['show_01_qty'], $shows['show_01']['title'],
$shows['show_01']['date'], $shows['show_01']['time'],
$shows['show_01']['price'],$Total_show_01_fmtd);
//ABOVE LINES REPEATED FOR ALL 38 ENTITIES (show_01 to show_38)
?>
. . .
<input name="updates" id="updates" type="submit" value="Update"/>
[/code]
Now, here is the update_order.php code in entirety:
[code]
<?php
session_start();
foreach ($_SESSION as $var => $val) {
if ($val == "0") {
unset($_SESSION[$var]);
} elseif ($val == '') {
unset($_SESSION[$var]);
} else {
$val = $_SESSION[$var];
}
}
header("Location: order_process.php");
//NOTICE I FIXED THE LOCATION OF THE header() FUNCTION
//BUT IT STILL DOES NOT UPDATE
?>
[/code]
If you're still with me, I thank you. I removed all the styling elements
from the html to make it easier for you (and me) to see what it says. I have
invested many hours into this, and have generated many many lines of code,
but I hope what I gave you is sufficient, while not being overwhelming at
this hour.
Thank you very much for your help thus far, anything else would be greatly
appreciated.
On Thu, Aug 13, 2009 at 5:56 PM, Ben Dunlap <bdunlap@xxxxxxxxxxxxxxxxxx>wrote:
>
>
>> I have the following code for order_update.php:
>>
>> [code]
>>
>> session_start();
>> extract($_POST);
>> foreach ($_POST as $var => $val) {
>> if ($val > 0) {
>> $_SESSION[$var] = $val;
>> } else {
>> unset($var);
>>
>> }
>> header("Location: order_process.php");
>> }
>>
>> [/code]
>>
>> This is not working, however, and it just loads order_process.php with no
>> values for the varaibles, as if I just refreshed the page with no
>> sessions.
>
>
> Maybe you left it out but I didn't see any place where you used $_SESSION
> in order_process.php. Also, your redirect in order_update.php appears to be
> inside your foreach loop, which would definitely mess things right up -- but
> maybe that was just a typo in your email?
>
> Otherwise the logic in order_update.php looks OK, but there are a few side
> notes that jumped out:
>
> 1. I'm not seeing why you used "extract($_POST)" in order_update.php. Right
> after the extract() call, you iterate through $_POST with a foreach loop, so
> what's the purpose of calling extract()? Is there more code that you left
> out?
>
> 2. Calling "extract($_POST)" is dangerous. The PHP manual warns against it,
> although without giving much of an explanation:
>
> http://us2.php.net/manual/en/function.extract.php
>
> Apart from making it difficult to filter the input you're expecting to see,
> "extract($_POST)" also allows a malicious end-user to define any variable of
> his choosing and to overwrite any variables that you may have defined in the
> script before the extract() call.
>
> I like to use filter_input() to read the values of POST variables.
>
> By much the same token, you'll want to escape $a, etc., in your
> writeResultRow() function, with something like htmlentities().
>
> 3. Why the "unset($var)" in order_update.php? $var already gets reset each
> time foreach iterates. So, calling unset() on it at the end of the loop
> doesn't really do much. I'm wondering what you were aiming at there.
>
> Thanks,
>
> Ben
>
>
