Re: Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick

Andrew Ballard <aballard@xxxxxxxxx> · Fri, 17 Sep 2010 11:14:54 -0400

On Fri, Sep 17, 2010 at 10:50 AM, Cheryl Sullivan <csulliva@xxxxxxx> wrote:
> Hi there - just to clear things up, I didn't mean your answer was irrelevant.  It was an excellent point - I just took the function call encompassing the query string out of the code I posted to avoid people having to read too much.  I thought showing the function call was irrelevant.  Hope that makes sense - I did not intend to insult people who are taking the time to try to help me!
>
> Anyhoo - at the risk of going off the deep end in the other directions here are is everything - the three pages that currently encompass this application.  You can see by the output I posted that appears on empForm.php that the SSN and Cost Center session vars come up blank, while the other three session vars and the hidden form fields do not.  Thank you!
>
> Default.php
> -----------------------------
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> <html xmlns="http://www.w3.org/1999/xhtml";>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
> <title>Employee Illness - Injury Report</title>
> <link href="injury.css" rel="stylesheet" type="text/css" />
> <script language="javascript" src="functions.js"></script>
> </head>
> <body onload="javascript:frmValidateMe.txtLastName.focus();">
> <div id="mainContainer">
>  <div id="topHeader"></div>
>  <div id="middle">
>    <div class="helpNote">For information or questions for this system, please contact Linda Williams x5984</div>
>  </div>
>  <div id="contentContainer">
>
>      <div id="contentText">
>      <div class="sectionHeading">Enter the system by validating, below.</div>
>      <form name="frmValidateMe" method="post" action="mainRedirect.php">
>      <table>
>        <tr>
>                <td width="150">&nbsp;</td><td>Your Last Name</td><td><input type="text" maxlength="100" name="txtLastName" id="txtLastName" /></td>
>        </tr>
>        <tr>
>                <td width="150">&nbsp;</td><td>Your SHH Badge ID #</td><td><input type="text" maxlength="10" name="txtBadgeID" id="txtBadgeID" /></td>
>        </tr>
>        <tr>
>                <td width="150">&nbsp;</td><td valign="top">I need to</td><td><input type="radio" name="rdoAction" id="rdoAction" value="0" checked/>Report my Injury/Illness<br /><input type="radio" name="rdoAction" id="rdoAction"  value="1" />Check the Status/Update my Report</td>
>        </tr>
>       </table>
>        <center><img src="images/btnSubmitBevel.gif" width="80" height="26" onclick="validateValidate();"/></center>
>      </form>
>      </div>
>  </div>
>  <div id="footer"></div>
> </div>
> </body>
> </html>
> --------------------------------------------------------------
> mainRedirect.php (as you can see I now have it set up to submit a form, but I also have commented out the code I used to try to do a redirect.)
> ----------------
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> <html xmlns="http://www.w3.org/1999/xhtml";>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
> <title>Employee Illness - Injury Report Submit</title>
> <link href="injury.css" rel="stylesheet" type="text/css" />
> <script language="javascript" src="functions.js"></script>
> </head>
>
> <body>
> <?php session_start(); ?>
> <?php
> function hitMSSQL($query,$server,$db,$login,$pass,$senditback){
> $conn = new COM ("ADODB.Connection") or die("Cannot start ADO");
> $connStr = "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass.";DATABASE=".$db;
> $conn->open($connStr);
> if($senditback==1){
>        return $conn->execute($query);
> }else{
>        $conn->execute($query);
> }}
>
> function GetSQLValueString($theValue, $theType, $database, $theDefinedValue = "", $theNotDefinedValue = "")
> {
>  if (PHP_VERSION < 6) {
>    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
>  }
>
>  if($database==1){
>  $theValue = mysql_real_escape_string($theValue);
>  }else{
>  $theValue = str_replace("'","''",$theValue);
>  }
>
>  switch ($theType) {
>    case "text":
>      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
>      break;
>    case "long":
>    case "int":
>      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
>      break;
>    case "double":
>      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
>      break;
>    case "date":
>      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
>      break;
>    case "defined":
>      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
>      break;
>  }
>  return $theValue;
> }
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
>
> $q = sprintf("select * from emps where emp_last = %s and emp_badge = %s",
> GetSQLValueString($_SESSION['UserLastName'], "text", 1),
> GetSQLValueString($_SESSION['BadgeID'],"int", 1));
> $q1 = "select * from emps where emp_last = '".$_SESSION['UserLastName']."' and emp_badge = '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info = hitMSSQL($q1,"intra_sql","employees","emps","e!mps",1);
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>
>
>                                //get form info for this employee
>                                $cnx = mysql_connect("localhost","appsuser","abc123");
>                                $db = mysql_select_db("wrii_report");
>                                $q1 = sprintf("select * from tblmainempreport where empUUID = '553920090528131'");
>                                //print $q1 ."<br>";
>                                $result = mysql_query($q1);
>                                $recArray = mysql_fetch_array($result);
>                                $_SESSION['empFName'] = $recArray['EmpFName'];
>                                ?>
>                <form name="frmGoToEmpForm" ID="frmGoToEmpForm" method="post" action="empForm.php">
>                <input type="hidden" id="hdnSSN" name="hdnSSN" value="<?php print $rs_emp_info->fields("emp_ssn");?>" />
>                 <input type="hidden" id="hdnCostCenter" name="hdnCostCenter" value="<?php print $rs_emp_info->fields("emp_costcenter");?>" />
>                </form>
>                <script language="javascript">frmGoToEmpForm.submit();</script>
>            <?php
>                                //header("Location: http://webapps/injury/empForm.php";);
>                                //exit();
>
>
>
>
>
> ?>
> <div id="mainContainer">
>  <div id="topHeader"></div>
>        <div id="middle">
>        <div class="helpNote">For information or questions for this system, please contact Linda Williams x5984
>        </div>
>        <div id="contentContainer">
>                <div id="contentText"><center><?php print $rtnMsg?><br />
>            <span class="nonRequiredText"><a href="http://shhsnet/";>Return to SHH Intranet</a></span></center>
>            </div>
>         </div>
>        <div id="footer"></div>
>        </div>
>
> </div>
> </body>
> </html>
> ----------------------------------------------------------------------------empForm.php - code
> -----------
>
> <?php session_start(); ?>
> <?php
>
> //get avail ee info from ee database
> print "session_SSN = ".$_SESSION['SSN']."<br>";
> print "session_CostCenter = ".$_SESSION['CostCenter']."<br>";
> print "hidden_SSN = ".$_POST['hdnSSN']."<br>";
> print "hidden_CostCenter = ".$_POST['hdnCostCenter']."<br>";
> print "session_empFName = ".$_SESSION['empFName']."<br>";
> print "session_userLastName = ".$_SESSION['UserLastName']."<br>";
> print "session_BadgeID = ".$_SESSION['BadgeID']."<br>";
>
> ?>
> ----------------------------------------------------------------
> Output from empForm.php
> -----------------------
> session_SSN =
> session_CostCenter =
> hidden_SSN = xxxxxxxx60 (it is displaying my actual SSN)
> hidden_CostCenter = 1604
> session_empFName = CHERYL
> session_userLastName = sullivan
> session_BadgeID = 401337
>

I'm not sure if this is it or not, but what happens if you change
these two lines:

$_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");

$_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");

to this:

$_SESSION['SSN'] = (string) $rs_emp_info->fields("emp_ssn");

$_SESSION['CostCenter'] = (string) $rs_emp_info->fields("emp_costcenter");

My theory is that since you are using COM to query SQL Server, it is
returning COM variants, and the actual value of
$rs_emp_info->fields("emp_ssn") is not a scalar value - it's a COM
variant of something like an ADODB.Field. The default property of that
datatype is the object's value, so when you use print to write its
value in the form, it is probably implicitly converting the object to
its default property which is a string. However, when you assign it to
$_SESSION['SSN'], it may be that it is assigned as a COM variant that
cannot be correctly serialized in the session. By explicitly
typecasting the value to a string when you assign it to the session,
you'll get the value rather than its wrapper.

For what it's worth, it is probably also worthwhile to plan at some
point soon on changing from COM to a native PHP library to get data
from SQL Server. Since you are already running on Windows, Microsoft's
SQL Server Driver for PHP should be a great replacement for you. It
returns values as the correct native PHP type rather than wrapped
inside those COM variants.

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php