I'm realy sorry for u, but the reason for no answers is ur concept. may be some rules will help u and I recommend u to think to spend the time to rewrite the whole code. Im shure u will solve the problem then: first dont use the global arrays directly. pick the values u need and put them in reasonable types of variables. build the business logic on these variables and if u feel like put the results in well readable new ones then populate the presentation in the required htmls this will give u an more structured code, easier to debug and more fun for the group to help u I still dont understand why u use the $_SESSION variable. user often leave forms open for hours and then submit them. u can not expect a user to end a job in the livecycle of the session. thats what hidden form fields are made for. the $_session is for member like things and applications with security issues where u can expect the user to finish things in a certain time or u restart the whole. "Allen McCabe" <allenmccabe@xxxxxxxxx> wrote in message news:657acef20908132257x630719e1g4ecddcdff94923a5@xxxxxxxxxxxxxxxxx > Ben, > > First of all, I thank you for your time and help. > > My ai with using unset($var) in update_order.php is to set the SESSION > variable for an item to ' ' (empty) so that it would not show up on the > order summary (because my writeResultRow() function will only write a row if > that variable is greater than 0). > > I just can't figure out what I'm missing here. Before I received your > response, I made a few changes to my code, which helped streamline the > calculating parts (grabbing values from SESSION instead of POST, and now > when I update order_summary, the values will remain because it pulls them > from the SESSION). > > I want to edit the values in the SESSION, so that when update_order.php > redirects to order_process.php, the values are changed, and if applicable, > an item is removed from the html table (if the quantity is less than 1). > > Here is some more complete code: > > [code = order_process.php] > > <?php > session_start(); > // POST ALL $_POST VALUES, CREATE AS VARIABLES IN SESSION > foreach($_POST as $k=>$v) { > $_SESSION[$k]=$v; > } > > $thisPage="AFY"; //NAVIGATION PURPOSES > include("afyshows.php"); //CONTAINS ARRAYS FOR SHOW ENTITIES; POPULATES > ORDER FORM > ?> > > . . . > > </p><form name="update" action="update_order.php" method="post" > > <!-- HIDDEN FORM VALUES FOR SESSION PURPOSES --> > <input type="hidden" name="School" id="School" value="<?php > $_SESSION['School']; ?>" /> > <input type="hidden" name="Grade" id="Grade" value="<?php > $_SESSION['Grade']; ?>" /> > <input type="hidden" name="Address" id="Address" value="<?php > $_SESSION['Address']; ?>" /> > <input type="hidden" name="City" id="City" value="<?php $_SESSION['City']; > ?>" /> > <input type="hidden" name="State" id="State" value="<?php > $_SESSION['State']; ?>" /> > <input type="hidden" name="Zip" id="Zip" size="9" value="<?php > $_SESSION['Zip']; ?>" /> > <input type="hidden" name="Contact" id="Contact" value="<?php > $_SESSION['Contact']; ?>" /> > <input type="hidden" name="Phone" id="Phone" value="<?php > $_SESSION['Phone']; ?>" /> > <input type="hidden" name="Fax" id="Fax" value="<?php $_SESSION['Fax']; ?>" > /> > <input type="hidden" name="Email" id="Email" value="<?php > $_SESSION['Email']; ?>" /> > . . . > > <?php > > function findTotalCost($b, $c) { > $total = $b * $c; > return $total; > } > > function writeResultRow($a, $b, $c, $d, $e, $f) { > if($a != '') { > echo "\n<tr>\n\t"; > echo "<td'>".$b."</td><td>".$c."</td><td>".$d."</td>"; > echo "<td>".$e."</td><td> </td><td><input type='text' value='".$a."' > name='".$a."' id='".$a."' size='2' /></td><td>=</td><td>\$".$f."</td>"; > echo "</tr>"; > } > } > > //SETS $Total_show_01 to PRICE * QUANTITY > //FORMATS TOTAL > //IF A QUANTITY IS ENTERED, WRITES THE ROW WITH CURRENT VARIABLES > $Total_show_01 = findTotalCost($shows['show_01']['price'], > $_SESSION['show_01_qty']); > $Total_show_01_fmtd = number_format($Total_show_01, 2, '.', ''); > writeResultRow($_SESSION['show_01_qty'], $shows['show_01']['title'], > $shows['show_01']['date'], $shows['show_01']['time'], > $shows['show_01']['price'],$Total_show_01_fmtd); > > //ABOVE LINES REPEATED FOR ALL 38 ENTITIES (show_01 to show_38) > > ?> > . . . > > <input name="updates" id="updates" type="submit" value="Update"/> > > [/code] > > Now, here is the update_order.php code in entirety: > > [code] > > <?php > session_start(); > foreach ($_SESSION as $var => $val) { > if ($val == "0") { > unset($_SESSION[$var]); > } elseif ($val == '') { > unset($_SESSION[$var]); > } else { > $val = $_SESSION[$var]; > > } > } > header("Location: order_process.php"); > > //NOTICE I FIXED THE LOCATION OF THE header() FUNCTION > //BUT IT STILL DOES NOT UPDATE > > ?> > > [/code] > > If you're still with me, I thank you. I removed all the styling elements > from the html to make it easier for you (and me) to see what it says. I have > invested many hours into this, and have generated many many lines of code, > but I hope what I gave you is sufficient, while not being overwhelming at > this hour. > > Thank you very much for your help thus far, anything else would be greatly > appreciated. > > > On Thu, Aug 13, 2009 at 5:56 PM, Ben Dunlap <bdunlap@xxxxxxxxxxxxxxxxxx>wrote: > > > > > > >> I have the following code for order_update.php: > >> > >> [code] > >> > >> session_start(); > >> extract($_POST); > >> foreach ($_POST as $var => $val) { > >> if ($val > 0) { > >> $_SESSION[$var] = $val; > >> } else { > >> unset($var); > >> > >> } > >> header("Location: order_process.php"); > >> } > >> > >> [/code] > >> > >> This is not working, however, and it just loads order_process.php with no > >> values for the varaibles, as if I just refreshed the page with no > >> sessions. > > > > > > Maybe you left it out but I didn't see any place where you used $_SESSION > > in order_process.php. Also, your redirect in order_update.php appears to be > > inside your foreach loop, which would definitely mess things right up -- but > > maybe that was just a typo in your email? > > > > Otherwise the logic in order_update.php looks OK, but there are a few side > > notes that jumped out: > > > > 1. I'm not seeing why you used "extract($_POST)" in order_update.php. Right > > after the extract() call, you iterate through $_POST with a foreach loop, so > > what's the purpose of calling extract()? Is there more code that you left > > out? > > > > 2. Calling "extract($_POST)" is dangerous. The PHP manual warns against it, > > although without giving much of an explanation: > > > > http://us2.php.net/manual/en/function.extract.php > > > > Apart from making it difficult to filter the input you're expecting to see, > > "extract($_POST)" also allows a malicious end-user to define any variable of > > his choosing and to overwrite any variables that you may have defined in the > > script before the extract() call. > > > > I like to use filter_input() to read the values of POST variables. > > > > By much the same token, you'll want to escape $a, etc., in your > > writeResultRow() function, with something like htmlentities(). > > > > 3. Why the "unset($var)" in order_update.php? $var already gets reset each > > time foreach iterates. So, calling unset() on it at the end of the loop > > doesn't really do much. I'm wondering what you were aiming at there. > > > > Thanks, > > > > Ben > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
