RE: [PHP] Validation and session variables
See in-line comments...
-Original Message-
From: Stuart Felenstein [mailto:[EMAIL PROTECTED]
Sent: 28 October 2004 08:54
To: [EMAIL PROTECTED]
Subject: [PHP] Validation and session variables
I guess my resolution was a fluke.
Recap: Adding validation kills my session variables
Now I tested a few things, SID is consistent across
pages, so a new sid and cookie are not being
generated.
Perhaps it's a bug, Im on PHP 4.3.8
Here is the code again, perhaps something will jump
out.
?php
//Start the Session - begin Block
@session_start();
header(Cache-control: private);
[snip]
if ($WAFV_Errors != ) {
PostResult($WAFV_Redirect,$WAFV_Errors,page1);
}
I think we need to know what happens when this function returns the user to
the script upon finding an error. Are all the form field values passed back?
Does it do anything at all with the session? Does it pass the SID?
}
?
?php
if ($_SERVER[REQUEST_METHOD] == POST) {
Header ('Location:
http://www.xx.com/page2.php?'.SID);
}
?
I just set an echo on page2 and page3 of the first
session variable 'listingname'. If I have the
validation code in page1 , it doesn't even make it to
page2
Are you saying that page1 always fails validation even if you enter all the
form fields correctly? If so then something is most likely wrong with the
validation code. Double check all the validation steps.
Graham
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validation and session variables
--- Graham Cossey [EMAIL PROTECTED] wrote: I think we need to know what happens when this function returns the user to the script upon finding an error. Are all the form field values passed back? Doesn't seem that they are. I tripped an error on page1 , had an echo set for the first session variable. The page popped back with my errors, but no session variable. But! maybe that is tied into what I said towards the end of my last thread. All page1 has is: input name=ListingName type=text id=ListingName maxlength=20 / The session variable isn't posted until page2: $_SESSION['f1a'] = $_POST['ListingName']; Does it do anything at all with the session? Does it pass the SID? It's passing the SID yes. SID number remains consistent. I am not checking the /tmp file though. I'll assume at this point it's at 0kb Are you saying that page1 always fails validation even if you enter all the form fields correctly? No not at all. Validaton works fine. Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validation and session variables
--- Graham Cossey [EMAIL PROTECTED] wrote: I think we need to know what happens when this function returns the user to the script upon finding an error. Are all the form field values passed back? Does it do anything at all with the session? Does it pass the SID? I want to append my previous message. Page 1 is not showing a SID. Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
On Thursday 28 October 2004 09:24, Stuart Felenstein wrote: --- Graham Cossey [EMAIL PROTECTED] wrote: I think we need to know what happens when this function returns the user to the script upon finding an error. Are all the form field values passed back? Does it do anything at all with the session? Does it pass the SID? I want to append my previous message. Page 1 is not showing a SID. I think what you really need to do is: go back to square one, rewrite your code putting in the absolute barest minimum that will illustrate your problem. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* It is not best to swap horses while crossing the river. -- Abraham Lincoln */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validation and session variables
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
-Original Message-
From: Stuart Felenstein [mailto:[EMAIL PROTECTED]
Sent: 27 October 2004 00:01
Having some odd behaviour.
First , let me mention this is a multi page form using
session variables. (This might be important)
So I am doing a page by page validation, and have
tried putting the code before session_start or after.
Either way my session variables are getting lost.
Now in order to do my validation on the same page, I
have set form action to nothing action=
And upon sucess of happy validation added this code:
if ($_SERVER[REQUEST_METHOD] == POST) {
$url = success.php;
Header(Location: $url);
}
?
The page progresses correctly but it seems the
variables are gone.
Sound like it makes sense ? Any suggestions or ideas.
The only circumstance under which I can think this might happen is if the
session id is not being propagated by cookie -- either because they're
blocked in the browser, or because you have them switched off in php.ini.
Even if you have session.use_trans_sid enabled, PHP cannot rewrite URLs in
the header() call, so you have to include the session ID manually. You
should do this regardless of whether you expect cookies to be enabled, so
that it will work ok even in the unexpected situation of having cookies
turned off.
Fortunately, the standard PHP constant SID is provided for exactly this
purpose, so your header call above should be:
header(Location: $url?.SID);
Finally, you should note that HTTP requires the Location: URL to be a full
absolute one (i.e. starting http://) -- whilst it's true that all current
mainstream browsers do the expected with a relative URL, it's better
defensive programming to use only absolute URLs (just in case someone
produces a browser that adheres to the standard!).
Cheers!
Mike
-
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning Information Services, JG125, James
Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS,
LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validation and session variables
See inline: --- Ford, Mike [EMAIL PROTECTED] wrote: The only circumstance under which I can think this might happen is if the session id is not being propagated by cookie -- either because they're blocked in the browser, or because you have them switched off in php.ini. They are not switched off in php.ini. I do have them semi blocked in the browser, i.e. set to allow for session Even if you have session.use_trans_sid enabled, It is enabled. PHP cannot rewrite URLs in the header() call, so you have to include the session ID manually. You should do this regardless of whether you expect cookies to be enabled, so that it will work ok even in the unexpected situation of having cookies turned off. Fortunately, the standard PHP constant SID is provided for exactly this purpose, so your header call above should be: header(Location: $url?.SID); This is all I need to include the SID ? Thank you Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
Stuart Felenstein wrote: Yes the session variables are set with $SESSION[''}. The way it works is the variable gets set on the follwing pages: So, example on page 1: I have this user input field: td width=172input name=ListingName type=text id=ListingName maxlength=20 //td On the following page (page 2): $_SESSION['f1a'] = $_POST['ListingName']; And all the pages follow the same method. Inputs on page 2 are $_SESSION[''] = $_POST['']; on page 3. I did try putting the session_start() at the top of the page. Didn't seem to make any difference. You MUST have session_start() at the beginning of every page that uses session, and if you allow session id to be included in urls you MUST have session_start() in every page. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
Yes I do have session_start on every page at the top. Stuart --- Marek Kilimajer [EMAIL PROTECTED] wrote: Stuart Felenstein wrote: Yes the session variables are set with $SESSION[''}. The way it works is the variable gets set on the follwing pages: So, example on page 1: I have this user input field: td width=172input name=ListingName type=text id=ListingName maxlength=20 //td On the following page (page 2): $_SESSION['f1a'] = $_POST['ListingName']; And all the pages follow the same method. Inputs on page 2 are $_SESSION[''] = $_POST['']; on page 3. I did try putting the session_start() at the top of the page. Didn't seem to make any difference. You MUST have session_start() at the beginning of every page that uses session, and if you allow session id to be included in urls you MUST have session_start() in every page. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validation and session variables
To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -Original Message- From: Stuart Felenstein [mailto:[EMAIL PROTECTED] Sent: 27 October 2004 12:18 --- Ford, Mike [EMAIL PROTECTED] wrote: header(Location: $url?.SID); This is all I need to include the SID ? Yup. If PHP thinks cookies are enabled, SID will actually evaluate to a blank string; otherwise it will contain the sessionname=sessionid pair. Oh, and it can't hurt to do a session_write_close() just before the redirect. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validation and session variables
Okay, I altered the code. Same thing, session
variables gone.
I then deleted the session only cookie. Also took
the rule out in the browser , so browser is accepting
all cookies from site.
Still no change.
Not to be redundant but here is the code again:(I
xxx'ed out some fields in the restrict access line so
they are not public)
?php
//Connection statement
require_once('Connections/MYSQLWH.php');
//Aditional Functions
require_once('includes/functions.inc.php');
//load the tNG classes
require_once('tNG/KT_tNG.inc.php');
//Start the Session - begin Block
@session_start();
restrictAccessToPage($MYSQLWH,'x','AccessDenied.php','x','SignUpID','Username','password','level',false,array(x));
?
?php
require_once(WA_ValidationToolkit/WAVT_Scripts_PHP.php);
?
?php
require_once(WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php);
?
?php
if ($_SERVER[REQUEST_METHOD] == POST) {
$WAFV_Redirect = ;
$_SESSION['WAVT_TestMulti2'] = ;
if ($WAFV_Redirect == ) {
$WAFV_Redirect = $_SERVER[SCRIPT_NAME];
}
$WAFV_Errors = ;
$WAFV_Errors .=
WAValidateRQ(((isset($_POST[LurkerEdu]))?$_POST[LurkerEdu]:)
. ,false,1);
$WAFV_Errors .=
WAValidateRQ(((isset($_POST[LurkerAuth]))?$_POST[LurkerAuth]:)
. ,false,2);
$WAFV_Errors .=
WAValidateRQ(((isset($_POST[LurkerExperience]))?$_POST[LurkerExperience]:)
. ,false,3);
$WAFV_Errors .=
WAValidateRQ(((isset($_POST[LurkerLevel]))?$_POST[LurkerLevel]:)
. ,false,4);
if ($WAFV_Errors != ) {
PostResult($WAFV_Redirect,$WAFV_Errors,TestMulti2);
}
}
?
?php
if ($_SERVER[REQUEST_METHOD] == POST) {
$url = TestMulti3.php;
Header(Location: $url?.SID);
}
?
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
--- Stuart Felenstein [EMAIL PROTECTED] wrote:
Having some odd behaviour.
First , let me mention this is a multi page form using
session variables. (This might be important)
So I am doing a page by page validation, and have
tried putting the code before session_start or after.
Either way my session variables are getting lost.
Now in order to do my validation on the same page, I
have set form action to nothing action=
And upon sucess of happy validation added this code:
if ($_SERVER[REQUEST_METHOD] == POST) {
$url = success.php;
Header(Location: $url);
}
?
The page progresses correctly but it seems the
variables are gone.
This is most likely due to your malformed Location header. It requires an
absolute URL, and some browsers (notably several versions of IE, but there
may be others) do not send the proper Cookie header when requesting the
new URL if you use a relative one.
So, the first thing to try is using a proper Location header:
header('Location: http://example.org/success.php');
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
--- Chris Shiflett [EMAIL PROTECTED] wrote:
So, the first thing to try is using a proper
Location header:
header('Location: http://example.org/success.php');
Hope that helps.
Chris
Thank Chris , but met with same behaviour.
2 Questions:
1- Should I drop the $url line ? I tried both ways ,
no change though.
2- Do I still need to call the SID ?
?php
if ($_SERVER[REQUEST_METHOD] == POST) {
$url = nextpage.php;
Header ('Location:
http://www.mysite.com/nextpage.php);
}
?
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
Stuart,
On Oct 27, 2004, at 6:57 AM, Stuart Felenstein wrote:
Not to be redundant but here is the code again:(I
xxx'ed out some fields in the restrict access line so
they are not public)
?php
Put session_start() here!
//Connection statement
require_once('Connections/MYSQLWH.php');
//Aditional Functions
require_once('includes/functions.inc.php');
//load the tNG classes
require_once('tNG/KT_tNG.inc.php');
//Start the Session - begin Block
@session_start();
You should move your session_start() to the VERY top. =D
Just see if that makes any difference. You might also make sure there
is a session_id:
if (session_id())
// do stuff
else
// throw computer out the window
Have fun!
~Philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
On Wednesday 27 October 2004 11:31, Stuart Felenstein wrote: Please do not top post. Yes I do have session_start on every page at the top. As I have pointed out in a previous thread and Mike has pointed out in this thread you MUST use session_write_close() before you do a redirect. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Please come home with me ... I have Tylenol!! */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
Okay, first, sorry, but what is top post? Writing
before the reply or after ?
Second, I'm not entirely sure where the
session_write_close() belongs, because here below,
isn't this a redirect? back to page2 if there are
validation errors:
if ($WAFV_Errors != ) {
PostResult($WAFV_Redirect,$WAFV_Errors,page2);
or is it solely in:
session_write_close()
if ($_SERVER[REQUEST_METHOD] == POST) {
$url = TestMulti3.php;
Header ('Location: http://www.mysite.com/page3.php);
Thank you ,
Stuart
--- Jason Wong [EMAIL PROTECTED] wrote:
On Wednesday 27 October 2004 11:31, Stuart
Felenstein wrote:
Please do not top post.
Yes I do have session_start on every page at the
top.
As I have pointed out in a previous thread and Mike
has pointed out in this
thread you MUST use
session_write_close()
before you do a redirect.
--
Jason Wong - Gremlins Associates -
www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet
Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Please come home with me ... I have Tylenol!!
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
--- Jason Wong [EMAIL PROTECTED] wrote: As I have pointed out in a previous thread and Mike has pointed out in this thread you MUST use session_write_close() before you do a redirect. Are you certain? If this is true, it is a bug in PHP, and we should fix it. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
--- Stuart Felenstein [EMAIL PROTECTED] wrote: Thank Chris , but met with same behaviour. Well, it was certainly a problem, so at least it's one less thing to worry about. :-) 2 Questions: 1- Should I drop the $url line ? I tried both ways , no change though. It doesn't matter. Your method was fine, but $url needs to be an absolute one (http://example.org/path/to/script.php). 2- Do I still need to call the SID ? This was a separate suggestion given by someone else, the idea being that perhaps the browser is not sending the cookie. This is a good suggestion, because most of these lost session problems are a result of the browser not identifying itself (by sending the session identifier by some means). The causes of this problem range, but this is the first thing to check. On each page, it might be good to add some debugging information near the top (where session_start() is): ?php session_start(); echo 'pre' . htmlentities(print_r($_COOKIE, true)) . '/pre'; echo 'pre' . htmlentities(print_r($_GET, true)) . '/pre'; echo session_id(); ... What you may notice is a lack of a session identifier in the $_COOKIE superglobal or $_GET superglobal and/or the session identifier (from the session_id() call) changing for every page. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
--- Stuart Felenstein [EMAIL PROTECTED] wrote: Okay, first, sorry, but what is top post? Writing before the reply or after? Top posting is writing your reply above what you are replying to. It's really not worth discussing the advantages of bottom posting, but I will say that trimming your posts makes people not mind so much. :-) For example, you were really only replying to two things Jason said. This: Please do not top post. and this: As I have pointed out in a previous thread and Mike has pointed out in this thread you MUST use session_write_close() before you do a redirect. Everything else in the email just gets in the way and makes it harder to follow. That's all. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
On Wednesday 27 October 2004 14:36, Chris Shiflett wrote: --- Jason Wong [EMAIL PROTECTED] wrote: As I have pointed out in a previous thread and Mike has pointed out in this thread you MUST use session_write_close() before you do a redirect. Are you certain? If this is true, it is a bug in PHP, and we should fix it. OK I just did a quick test using PHP 4.3.8 and you do NOT have to close session before redirect. But IIRC this was an issue with older versions of PHP so this probably got fixed somewhere along the line. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Udall's Fourth Law: Any change or reform you make is going to have consequences you don't like. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
On Wed, 27 Oct 2004 07:51:48 -0700 (PDT), Chris Shiflett [EMAIL PROTECTED] wrote: It's really not worth discussing the advantages of bottom posting, but I will say that trimming your posts makes people not mind so much. :-) I love discussing the advantages of documented standards, and 'known best practices' of doing things Chris.. whatever do you mean 'not worth discussing' ? :) Bottom posting gives context.. first you read the question, then you read the answer. It's very helpful to those of us who read top to bottom and left to right. But yeah, trimming posts goes a long way towards consideration. Nothing's worse than scrolling two or three pages to read a one line response. And most of all.. if you participate in a list serv like php-general, please use a 'threaded' mail client. The list serv messages contain a unique message id and thread capable mail clients will thread them for you based on that message id. This somewhat prevents multiple (correct) answers to the same questions over and over throughout the day. And don't forget to turn threading 'on' in your mail client. Like in Pine for example, you _have_ to turn it on before it begins to work. -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
--- Chris Shiflett [EMAIL PROTECTED] wrote:
On each page, it might be good to add some debugging
information near the
top (where session_start() is):
?php
session_start();
echo 'pre' . htmlentities(print_r($_COOKIE, true))
. '/pre';
echo 'pre' . htmlentities(print_r($_GET, true)) .
'/pre';
echo session_id();
...
I added this in , on top, right under session_start()
as shown and get this error:
Warning: Cannot modify header information - headers
already sent by (output started at
/home/lurkkcom/public_html/page1.php:6) in
/home/lurkkcom/public_html/page1.php on line 54
So it's clashing with the redirect:
Header ('Location:
http://www.mysite.com/page2.php?'.SID);
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
--- Chris Shiflett [EMAIL PROTECTED] wrote:
This is most likely due to your malformed Location
header. It requires an
absolute URL, and some browsers (notably several
versions of IE, but there
may be others) do not send the proper Cookie header
when requesting the
new URL if you use a relative one.
So, the first thing to try is using a proper
Location header:
header('Location: http://example.org/success.php');
I'm ready for the fork in the eye now ! ;)
Moved session_start() to way on top.
Placed the following in the redirect area:
?php
if ($_SERVER[REQUEST_METHOD] == POST) {
Header ('Location:
http://www.mysite.com/page2.php?'.SID);
}
?
Following Jason's last post, based on my server using
4.3.8 I did not include the session_write_close()
This is defintely a tough one!
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validation and session variables
--- Chris Shiflett [EMAIL PROTECTED] wrote:
On each page, it might be good to add some debugging
information near the
top (where session_start() is):
?php
session_start();
echo 'pre' . htmlentities(print_r($_COOKIE, true))
. '/pre';
echo 'pre' . htmlentities(print_r($_GET, true)) .
'/pre';
echo session_id();
...
I added this in , on top, right under session_start()
as shown and get this error:
Warning: Cannot modify header information - headers
already sent by (output started at
/home/lurkkcom/public_html/page1.php:6) in
/home/lurkkcom/public_html/page1.php on line 54
So it's clashing with the redirect:
Header ('Location:
http://www.mysite.com/page2.php?'.SID);
If your script outputs anything and then tries to redirect it WILL throw
that error. I believe if you want to do echos AND redirects you'll have to
use output buffering (see the manual: http://uk.php.net/outcontrol) and only
output the buffer if you do not redirect.
HTH
Graham
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
Without seeing the code:
Try putting session_start() at the VERY beginning. Also try having the
action go to the page itself ($PHP_SELF or putting in the path). Is the
session variables being set using $SESSION['']?
Respectfully,
Ligaya Turmelle
Stuart Felenstein wrote:
Having some odd behaviour.
First , let me mention this is a multi page form using
session variables. (This might be important)
So I am doing a page by page validation, and have
tried putting the code before session_start or after.
Either way my session variables are getting lost.
Now in order to do my validation on the same page, I
have set form action to nothing action=
And upon sucess of happy validation added this code:
if ($_SERVER[REQUEST_METHOD] == POST) {
$url = success.php;
Header(Location: $url);
}
?
The page progresses correctly but it seems the
variables are gone.
Sound like it makes sense ? Any suggestions or ideas.
Thank you,
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation and session variables
Yes the session variables are set with $SESSION[''}.
The way it works is the variable gets set on the
follwing pages:
So, example on page 1:
I have this user input field:
td width=172input name=ListingName type=text
id=ListingName maxlength=20 //td
On the following page (page 2):
$_SESSION['f1a'] = $_POST['ListingName'];
And all the pages follow the same method. Inputs on
page 2 are $_SESSION[''] = $_POST['']; on page 3.
I did try putting the session_start() at the top of
the page. Didn't seem to make any difference.
Just to show the validation code (and it's from a
class):
?php
require_once(WA_ValidationToolkit/WAVT_Scripts_PHP.php);
?
?php
require_once(WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php);
?
?php
if ($_SERVER[REQUEST_METHOD] == POST) {
$WAFV_Redirect = ;
$_SESSION['WAVT_Page1'] = ;
if ($WAFV_Redirect == ) {
$WAFV_Redirect = $_SERVER[SCRIPT_NAME];
}
$WAFV_Errors = ;
$WAFV_Errors .=
WAValidateAN(((isset($_POST[ListingName]))?$_POST[ListingName]:)
. ,true,true,true,true,,true,1);
if ($WAFV_Errors != ) {
PostResult($WAFV_Redirect,$WAFV_Errors,Page1);
}
}
?
if ($_SERVER[REQUEST_METHOD] == POST) {
$url = Page2.php;
Header(Location: $url);
}
?
So, for every page I add validation too, I can see at
the end from the printout, that the variables are
gone, missing .
Stuart
--- Ligaya Turmelle [EMAIL PROTECTED] wrote:
Without seeing the code:
Try putting session_start() at the VERY beginning.
Also try having the
action go to the page itself ($PHP_SELF or putting
in the path). Is the
session variables being set using $SESSION['']?
Respectfully,
Ligaya Turmelle
Stuart Felenstein wrote:
Having some odd behaviour.
First , let me mention this is a multi page form
using
session variables. (This might be important)
So I am doing a page by page validation, and have
tried putting the code before session_start or
after.
Either way my session variables are getting lost.
Now in order to do my validation on the same page,
I
have set form action to nothing action=
And upon sucess of happy validation added this
code:
if ($_SERVER[REQUEST_METHOD] == POST) {
$url = success.php;
Header(Location: $url);
}
?
The page progresses correctly but it seems the
variables are gone.
Sound like it makes sense ? Any suggestions or
ideas.
Thank you,
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
