RE: Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Cheryl Sullivan [mailto:csulliva@xxxxxxx]
> Sent: Friday, September 17, 2010 7:51 AM
> To: Peter Lind; tommyhp2@xxxxxxxxx
> Cc: ash@xxxxxxxxxxxxxxxxxxxx; php-general@xxxxxxxxxxxxx
> Subject: RE:  Session Vars loaded from MSSQL Query drop, those
> loaded from MYSQL Query stick
> 
> Hi there - just to clear things up, I didn't mean your answer was
irrelevant.  It
> was an excellent point - I just took the function call encompassing the
query
> string out of the code I posted to avoid people having to read too much.
I
> thought showing the function call was irrelevant.  Hope that makes sense -
I
> did not intend to insult people who are taking the time to try to help me!
> 
> Anyhoo - at the risk of going off the deep end in the other directions
here
> are is everything - the three pages that currently encompass this
> application.  You can see by the output I posted that appears on
> empForm.php that the SSN and Cost Center session vars come up blank,
> while the other three session vars and the hidden form fields do not.
Thank
> you!
> 
> Default.php
> -----------------------------
> 
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> <html xmlns="http://www.w3.org/1999/xhtml";>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
> <title>Employee Illness - Injury Report</title> <link href="injury.css"
> rel="stylesheet" type="text/css" /> <script language="javascript"
> src="functions.js"></script> </head> <body
> onload="javascript:frmValidateMe.txtLastName.focus();">
> <div id="mainContainer">
>   <div id="topHeader"></div>
>   <div id="middle">
>     <div class="helpNote">For information or questions for this system,
> please contact Linda Williams x5984</div>
>   </div>
>   <div id="contentContainer">
> 
>       <div id="contentText">
>       <div class="sectionHeading">Enter the system by validating,
> below.</div>
>       <form name="frmValidateMe" method="post"
> action="mainRedirect.php">
>       <table>
>       	<tr>
>         	<td width="150">&nbsp;</td><td>Your Last Name</td><td><input
> type="text" maxlength="100" name="txtLastName" id="txtLastName"
> /></td>
>         </tr>
>         <tr>
>         	<td width="150">&nbsp;</td><td>Your SHH Badge ID
> #</td><td><input type="text" maxlength="10" name="txtBadgeID"
> id="txtBadgeID" /></td>
>         </tr>
>         <tr>
>         	<td width="150">&nbsp;</td><td valign="top">I need
> to</td><td><input type="radio" name="rdoAction" id="rdoAction"
> value="0" checked/>Report my Injury/Illness<br /><input type="radio"
> name="rdoAction" id="rdoAction"  value="1" />Check the Status/Update my
> Report</td>
>         </tr>
>        </table>
>         <center><img src="images/btnSubmitBevel.gif" width="80"
height="26"
> onclick="validateValidate();"/></center>
>       </form>
>       </div>
>   </div>
>  <div id="footer"></div>
> </div>
> </body>
> </html>
> --------------------------------------------------------------
> mainRedirect.php (as you can see I now have it set up to submit a form,
but I
> also have commented out the code I used to try to do a redirect.)
> ----------------
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> <html xmlns="http://www.w3.org/1999/xhtml";>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
> <title>Employee Illness - Injury Report Submit</title> <link
href="injury.css"
> rel="stylesheet" type="text/css" /> <script language="javascript"
> src="functions.js"></script> </head>
> 
> <body>
> <?php session_start(); ?>
> <?php
> function hitMSSQL($query,$server,$db,$login,$pass,$senditback){
> $conn = new COM ("ADODB.Connection") or die("Cannot start ADO");
> $connStr =
> "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass
> .";DATABASE=".$db;
> $conn->open($connStr);
> if($senditback==1){
> 	return $conn->execute($query);
> }else{
> 	$conn->execute($query);
> }}
> 
> function GetSQLValueString($theValue, $theType, $database,
> $theDefinedValue = "", $theNotDefinedValue = "") {
>   if (PHP_VERSION < 6) {
>     $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) :
> $theValue;
>   }
> 
>   if($database==1){
>   $theValue = mysql_real_escape_string($theValue);
>   }else{
>   $theValue = str_replace("'","''",$theValue);
>   }
> 
>   switch ($theType) {
>     case "text":
>       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
>       break;
>     case "long":
>     case "int":
>       $theValue = ($theValue != "") ? intval($theValue) : "NULL";
>       break;
>     case "double":
>       $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
>       break;
>     case "date":
>       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
>       break;
>     case "defined":
>       $theValue = ($theValue != "") ? $theDefinedValue :
> $theNotDefinedValue;
>       break;
>   }
>   return $theValue;
> }
> 
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
> 
> 
> $q = sprintf("select * from emps where emp_last = %s and emp_badge =
> %s", GetSQLValueString($_SESSION['UserLastName'], "text", 1),
> GetSQLValueString($_SESSION['BadgeID'],"int", 1));

This may cause you problems since I see you're using MySQL to escape
(mysql_real_escape_string) the input value(s) and later to be executed in MS
SQL via COM....

> $q1 = "select * from emps where emp_last =
> '".$_SESSION['UserLastName']."' and emp_badge =
> '".$_SESSION['BadgeID']."'";
> 
> $rs_emp_info = hitMSSQL($q1,"intra_sql","employees","emps","e!mps",1);
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
> 
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
> 
> 
> 				//get form info for this employee
> 				$cnx =
> mysql_connect("localhost","appsuser","abc123");
> 				$db = mysql_select_db("wrii_report");
> 				$q1 = sprintf("select * from
> tblmainempreport where empUUID = '553920090528131'");
> 				//print $q1 ."<br>";
> 				$result = mysql_query($q1);
> 				$recArray = mysql_fetch_array($result);
> 				$_SESSION['empFName'] =
> $recArray['EmpFName'];
> 				?>
>             	<form name="frmGoToEmpForm" ID="frmGoToEmpForm"
> method="post" action="empForm.php">
>                 <input type="hidden" id="hdnSSN" name="hdnSSN"
value="<?php
> print $rs_emp_info->fields("emp_ssn");?>" />
>                  <input type="hidden" id="hdnCostCenter"
name="hdnCostCenter"
> value="<?php print $rs_emp_info->fields("emp_costcenter");?>" />
>                 </form>
>                 <script
language="javascript">frmGoToEmpForm.submit();</script>
>             <?php
> 				//header("Location:
> http://webapps/injury/empForm.php";);
> 				//exit();
> 
> ?>

You'd have a problem here if you try to uncomment and execute the header()
above.  Can't set and send header once output have been sent to the client.
http://us2.php.net/manual/en/function.header.php

> <div id="mainContainer">
>   <div id="topHeader"></div>
>   	<div id="middle">
>     	<div class="helpNote">For information or questions for this system,
> please contact Linda Williams x5984
>         </div>
>         <div id="contentContainer">
>         	<div id="contentText"><center><?php print $rtnMsg?><br />
>             <span class="nonRequiredText"><a href="http://shhsnet/";>Return
to
> SHH Intranet</a></span></center>
>             </div>
>          </div>
>     	<div id="footer"></div>
>    	</div>
> 
> </div>
> </body>
> </html>

At the end of the this page 'mainRedirect.php', can you add this to ensure
that what you're supposed to have?

<?php var_dump($_SESSION); ?>

Can you make sure that in phpinfo() where "Loaded Configuration File" is
using the proper php.ini?  Also, can you show all the settings without the
comments under [session] in php.ini?

Regards,
Tommy


>
----------------------------------------------------------------------------
empForm.php
> - code
> -----------
> 
> <?php session_start(); ?>
> <?php
> 
> //get avail ee info from ee database
> print "session_SSN = ".$_SESSION['SSN']."<br>"; print "session_CostCenter
=
> ".$_SESSION['CostCenter']."<br>"; print "hidden_SSN =
> ".$_POST['hdnSSN']."<br>"; print "hidden_CostCenter =
> ".$_POST['hdnCostCenter']."<br>"; print "session_empFName =
> ".$_SESSION['empFName']."<br>"; print "session_userLastName =
> ".$_SESSION['UserLastName']."<br>";
> print "session_BadgeID = ".$_SESSION['BadgeID']."<br>";
> 
> ?>
> ----------------------------------------------------------------
> Output from empForm.php
> -----------------------
> session_SSN =
> session_CostCenter =
> hidden_SSN = xxxxxxxx60 (it is displaying my actual SSN)
> hidden_CostCenter = 1604 session_empFName = CHERYL
> session_userLastName = sullivan session_BadgeID = 401337
> 
> -----Original Message-----
> From: Peter Lind [mailto:peter.e.lind@xxxxxxxxx]
> Sent: Thursday, September 16, 2010 4:20 PM
> To: Cheryl Sullivan
> Cc: ash@xxxxxxxxxxxxxxxxxxxx; php-general@xxxxxxxxxxxxx
> Subject: Re:  Session Vars loaded from MSSQL Query drop, those
> loaded from MYSQL Query stick
> 
> On 16 September 2010 20:03, Cheryl Sullivan <csulliva@xxxxxxx> wrote:
> > We are actually running the query through a function that removes
> > single ticks, etc to avoid this, but I didn't think that was relevant
> > to the question so I didn't include it.  Thanks, though!
> 
> You're the one with the problem you don't understand, which means you
> don't get to make decisions as what is or is not relevant. Rather: you
have no
> idea what seems relevant to us trying to pinpoint the error.
> 
> That said, if - like Andrew points out - you see the values directly after
> storing them, then the problem is not database related. What exactly
> happens between the two pages and on the second page?
> 
> Regards
> Peter
> 
> --
> <hype>
> WWW: http://plphp.dk / http://plind.dk
> LinkedIn: http://www.linkedin.com/in/plind
> BeWelcome/Couchsurfing: Fake51
> Twitter: http://twitter.com/kafe15
> </hype>
> 
> Notice: This communication, including attachments, may contain
> information that is confidential and protected. It constitutes non-public
> information intended to be conveyed only to the designated recipient(s).
If
> you believe that you have received this communication in error, please
> notify the sender immediately by return e-mail and promptly delete this e-
> mail, including attachments without reading or saving them in any manner.
> The unauthorized use, dissemination, distribution, or reproduction of this
> e-mail, including attachments, is prohibited and may be unlawful. Thank
> you.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux