RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
> -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Friday, September 17, 2010 7:51 AM > To: Peter Lind; tommy...@gmail.com > Cc: a...@ashleysheridan.co.uk; php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > Hi there - just to clear things up, I didn't mean your answer was irrelevant. It > was an excellent point - I just took the function call encompassing the query > string out of the code I posted to avoid people having to read too much. I > thought showing the function call was irrelevant. Hope that makes sense - I > did not intend to insult people who are taking the time to try to help me! > > Anyhoo - at the risk of going off the deep end in the other directions here > are is everything - the three pages that currently encompass this > application. You can see by the output I posted that appears on > empForm.php that the SSN and Cost Center session vars come up blank, > while the other three session vars and the hidden form fields do not. Thank > you! > > Default.php > - > > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > http://www.w3.org/1999/xhtml";> > > > Employee Illness - Injury Report rel="stylesheet" type="text/css" /> src="functions.js"> onload="javascript:frmValidateMe.txtLastName.focus();"> > > > > For information or questions for this system, > please contact Linda Williams x5984 > > > > > Enter the system by validating, > below. >action="mainRedirect.php"> > > > Your Last Name type="text" maxlength="100" name="txtLastName" id="txtLastName" > /> > > > Your SHH Badge ID > # id="txtBadgeID" /> > > > I need > to value="0" checked/>Report my Injury/Illness name="rdoAction" id="rdoAction" value="1" />Check the Status/Update my > Report > > > onclick="validateValidate();"/> > > > > > > > > -- > mainRedirect.php (as you can see I now have it set up to submit a form, but I > also have commented out the code I used to try to do a redirect.) > > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > http://www.w3.org/1999/xhtml";> > > > Employee Illness - Injury Report Submit rel="stylesheet" type="text/css" /> src="functions.js"> > > > > function hitMSSQL($query,$server,$db,$login,$pass,$senditback){ > $conn = new COM ("ADODB.Connection") or die("Cannot start ADO"); > $connStr = > "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass > .";DATABASE=".$db; > $conn->open($connStr); > if($senditback==1){ > return $conn->execute($query); > }else{ > $conn->execute($query); > }} > > function GetSQLValueString($theValue, $theType, $database, > $theDefinedValue = "", $theNotDefinedValue = "") { > if (PHP_VERSION < 6) { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > } > > if($database==1){ > $theValue = mysql_real_escape_string($theValue); > }else{ > $theValue = str_replace("'","''",$theValue); > } > > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : > $theNotDefinedValue; > break; > } > return $theValue; > } > > $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); > $_SESSION['BadgeID'
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick (SOLVED)
FANTASTIC!!! This did the trick! "By explicitly typecasting the value to a string when you assign it to the session, you'll get the value rather than its wrapper." Thank you all for your help! I will pass the comments on about employing the MS's SQL Server Driver for PHP as well - Thanks again - -Original Message- From: Andrew Ballard [mailto:aball...@gmail.com] Sent: Friday, September 17, 2010 11:15 AM To: Cheryl Sullivan Cc: Peter Lind; tommy...@gmail.com; a...@ashleysheridan.co.uk; php-general@lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On Fri, Sep 17, 2010 at 10:50 AM, Cheryl Sullivan wrote: > Hi there - just to clear things up, I didn't mean your answer was irrelevant. > It was an excellent point - I just took the function call encompassing the > query string out of the code I posted to avoid people having to read too > much. I thought showing the function call was irrelevant. Hope that makes > sense - I did not intend to insult people who are taking the time to try to > help me! > > Anyhoo - at the risk of going off the deep end in the other directions here > are is everything - the three pages that currently encompass this > application. You can see by the output I posted that appears on empForm.php > that the SSN and Cost Center session vars come up blank, while the other > three session vars and the hidden form fields do not. Thank you! > > Default.php > - > > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > http://www.w3.org/1999/xhtml";> > > > Employee Illness - Injury Report > > > > > > > > For information or questions for this system, please > contact Linda Williams x5984 > > > > > Enter the system by validating, below. > > > > Your Last Name type="text" maxlength="100" name="txtLastName" id="txtLastName" /> > > > Your SHH Badge ID > # /> > > > I need > to checked/>Report my Injury/Illness id="rdoAction" value="1" />Check the Status/Update my Report > > > onclick="validateValidate();"/> > > > > > > > > -- > mainRedirect.php (as you can see I now have it set up to submit a form, but I > also have commented out the code I used to try to do a redirect.) > > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > http://www.w3.org/1999/xhtml";> > > > Employee Illness - Injury Report Submit > > > > > > > function hitMSSQL($query,$server,$db,$login,$pass,$senditback){ > $conn = new COM ("ADODB.Connection") or die("Cannot start ADO"); > $connStr = > "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass.";DATABASE=".$db; > $conn->open($connStr); > if($senditback==1){ > return $conn->execute($query); > }else{ > $conn->execute($query); > }} > > function GetSQLValueString($theValue, $theType, $database, $theDefinedValue = > "", $theNotDefinedValue = "") > { > if (PHP_VERSION < 6) { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; > } > > if($database==1){ > $theValue = mysql_real_escape_string($theValue); > }else{ > $theValue = str_replace("'","''",$theValue); > } > > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > > $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); > $_SESSION['BadgeID'] = trim($_POST[
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Fri, Sep 17, 2010 at 10:50 AM, Cheryl Sullivan wrote: > Hi there - just to clear things up, I didn't mean your answer was irrelevant. > It was an excellent point - I just took the function call encompassing the > query string out of the code I posted to avoid people having to read too > much. I thought showing the function call was irrelevant. Hope that makes > sense - I did not intend to insult people who are taking the time to try to > help me! > > Anyhoo - at the risk of going off the deep end in the other directions here > are is everything - the three pages that currently encompass this > application. You can see by the output I posted that appears on empForm.php > that the SSN and Cost Center session vars come up blank, while the other > three session vars and the hidden form fields do not. Thank you! > > Default.php > - > > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > http://www.w3.org/1999/xhtml";> > > > Employee Illness - Injury Report > > > > > > > > For information or questions for this system, please > contact Linda Williams x5984 > > > > > Enter the system by validating, below. > > > > Your Last Name type="text" maxlength="100" name="txtLastName" id="txtLastName" /> > > > Your SHH Badge ID > # /> > > > I need > to checked/>Report my Injury/Illness id="rdoAction" value="1" />Check the Status/Update my Report > > > onclick="validateValidate();"/> > > > > > > > > -- > mainRedirect.php (as you can see I now have it set up to submit a form, but I > also have commented out the code I used to try to do a redirect.) > > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > http://www.w3.org/1999/xhtml";> > > > Employee Illness - Injury Report Submit > > > > > > > function hitMSSQL($query,$server,$db,$login,$pass,$senditback){ > $conn = new COM ("ADODB.Connection") or die("Cannot start ADO"); > $connStr = > "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass.";DATABASE=".$db; > $conn->open($connStr); > if($senditback==1){ > return $conn->execute($query); > }else{ > $conn->execute($query); > }} > > function GetSQLValueString($theValue, $theType, $database, $theDefinedValue = > "", $theNotDefinedValue = "") > { > if (PHP_VERSION < 6) { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; > } > > if($database==1){ > $theValue = mysql_real_escape_string($theValue); > }else{ > $theValue = str_replace("'","''",$theValue); > } > > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > > $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); > $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']); > > > $q = sprintf("select * from emps where emp_last = %s and emp_badge = %s", > GetSQLValueString($_SESSION['UserLastName'], "text", 1), > GetSQLValueString($_SESSION['BadgeID'],"int", 1)); > $q1 = "select * from emps where emp_last = '".$_SESSION['UserLastName']."' > and emp_badge = '".$_SESSION['BadgeID']."'"; > > $rs_emp_info = hitMSSQL($q1,"intra_sql","employees","emps","e!mps",1); > $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); > > $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); > > > //get form info for this employee > $cnx = > mysql_connect("localhost","appsuser","abc123"); > $db = mysql_select_db("wrii_report"); > $q1 = sprintf("select * from tblmainempreport > where empUUID = '553920090528131'"); > //print $q1 .""; > $result = mysql_query($q1); > $recArray = mysql_fetch_array($result); > $_SESSION['empFName'] = $recArray['EmpFName']; > ?> > action="empForm.php"> > " /> > value="fields("emp_costcenter");?>" /> > > frmGoToEmpForm.submit(); > //header("Location: > http://webapps/injury/empForm.php";); > //exit(); > > > > > > ?>
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
For information or questions for this system, please contact Linda Williams x5984 http://shhsnet/";>Return to SHH Intranet empForm.php - code --- "; print "session_CostCenter = ".$_SESSION['CostCenter'].""; print "hidden_SSN = ".$_POST['hdnSSN'].""; print "hidden_CostCenter = ".$_POST['hdnCostCenter'].""; print "session_empFName = ".$_SESSION['empFName'].""; print "session_userLastName = ".$_SESSION['UserLastName'].""; print "session_BadgeID = ".$_SESSION['BadgeID'].""; ?> Output from empForm.php --- session_SSN = session_CostCenter = hidden_SSN = 60 (it is displaying my actual SSN) hidden_CostCenter = 1604 session_empFName = CHERYL session_userLastName = sullivan session_BadgeID = 401337 -Original Message- From: Peter Lind [mailto:peter.e.l...@gmail.com] Sent: Thursday, September 16, 2010 4:20 PM To: Cheryl Sullivan Cc: a...@ashleysheridan.co.uk; php-general@lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On 16 September 2010 20:03, Cheryl Sullivan wrote: > We are actually running the query through a function that removes single > ticks, etc to avoid this, but I didn't think that was relevant to the > question so I didn't include it. Thanks, though! You're the one with the problem you don't understand, which means you don't get to make decisions as what is or is not relevant. Rather: you have no idea what seems relevant to us trying to pinpoint the error. That said, if - like Andrew points out - you see the values directly after storing them, then the problem is not database related. What exactly happens between the two pages and on the second page? Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Fri, Sep 17, 2010 at 8:13 AM, Cheryl Sullivan wrote: > Hi Andrew - I didn't mean to ignore your reply... > > Here is your earlier post - > > " The fact that you can echo the $_SESSION information on the same page and > they contain the correct values suggest to me that the issue of MySQL/MSSQL > is a red herring. I would look into things like the value for > register_globals to make sure you don't have a global variable stepping on > some of your session variables." > > Register_globals is off in our php.ini file. > > Again, I am fairly new to PHP. I guess I don't understand how a global > variable can "step on" a session variable if the only thing I'm assigning > anywhere in my application to said session variable is a value from a > database query. When PHP changes pages, it might be arbitrarily assigning > some value to a session variable, even though I'm not telling it to? > > Can you please explain this to me? Thanks - > It's been a while since I've dealt with either, but I believe the most common way would involve register_globals (and session auto_start?). The session would automatically register global variables named $SSN or $CostCenter in your page that would be tied to $_SESSION['SSN'] and $_SESSION['CostCenter'], even before a line of code was executed. If you then change the value of $SSN - even if you intentionally initialize it to an empty value at the beginning of a script -- PHP would alter the value of SSN in the session itself. I don't know exactly what is happening in your case. All I am suggesting is that if you are getting the correct values from the database and you can see that they have been correctly assigned to the $_SESSION array when you echo them later in the script, the issue is somewhere other than with the database and you need to dig somewhere else for the solution. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
Hi Andrew - I didn't mean to ignore your reply... Here is your earlier post - " The fact that you can echo the $_SESSION information on the same page and they contain the correct values suggest to me that the issue of MySQL/MSSQL is a red herring. I would look into things like the value for register_globals to make sure you don't have a global variable stepping on some of your session variables." Register_globals is off in our php.ini file. Again, I am fairly new to PHP. I guess I don't understand how a global variable can "step on" a session variable if the only thing I'm assigning anywhere in my application to said session variable is a value from a database query. When PHP changes pages, it might be arbitrarily assigning some value to a session variable, even though I'm not telling it to? Can you please explain this to me? Thanks - -Original Message- From: Andrew Ballard [mailto:aball...@gmail.com] Sent: Thursday, September 16, 2010 2:21 PM To: Cheryl Sullivan Cc: Tommy Pham; php-general@lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On Thu, Sep 16, 2010 at 10:26 AM, Cheryl Sullivan wrote: [snip] > When I echo all five $_SESSION vars from here, they are all populated. > Then I can either redirect or form post to the next page. In either > case, the $_SESSION vars populated from SQL Server ( the SSN and Cost > Center vars) are blank when I echo them on the destination page. On Thu, Sep 16, 2010 at 2:12 PM, Cheryl Sullivan wrote: > Tommy - I ran phpinfo() but I don't see anything in it referencing > MSSQL or SQLSRV. I have included all the references to "sql" I see > below, but the only references I see to databases are to mySQL and > SQLLite. Unfortunately I don't have any control over how service-packed > the database server is. Is there something in SP 4 for SQL Server 2000 > that is supposed to fix the issue I'm having, I may be able to plead my > case for getting the latest SP. Is this the case, do you know? > [snip] Again, I ask - based on what you said earlier - are you sure this is even a database issue? You said that when you echo the values in your $_SESSION array AFTER reading them from the database they are there, and you only lose them on the next request after either a redirect or a manual form POST. If the values are getting into $_SESSION correctly within this page, your issue is not related to the database at all. Am I misunderstanding you? Andrew Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
> -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 11:12 AM > To: Tommy Pham; php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > Tommy - I ran phpinfo() but I don't see anything in it referencing MSSQL or > SQLSRV. I have included all the references to "sql" I see below, but the only > references I see to databases are to mySQL and SQLLite. Unfortunately I > don't have any control over how service-packed the database server is. Is > there something in SP 4 for SQL Server 2000 that is supposed to fix the issue > I'm having, I may be able to plead my case for getting the latest SP. Is this > the case, do you know? > Here's the long lists of fixes in SP4 for SQL2000: http://support.microsoft.com/kb/888799/ http://support.microsoft.com/kb/00/ As for if it's related to your current problem, we need to find out what are the possible causes for your problem. If you're not using mssql or sqlsrv extension, how are you able to access SQL Server, via ODBC? If you're not using ODBC either, then there is something seriously wrong with your app... or where you think you're getting the data that is supposed to be from MS SQL Server. Look at your class hitMSSQL. What does the internal of the class uses to connect, execute the query, and fetch the results? Are there any error catching/logging within the class? Or are all the statements begin with @? Regards, Tommy > mysql > MySQL Support enabled > Active Persistent Links 0 > Active Links 0 > Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ > Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 > size 2000 free_items 2000 references 2 > > Directive Local Value Master Value > mysql.allow_local_infile On On > mysql.allow_persistent On On > mysql.cache_size 2000 2000 > mysql.connect_timeout 60 60 > mysql.default_host no value no value > mysql.default_password no value no value mysql.default_port no value no > value mysql.default_socket no value no value mysql.default_user no value > no value mysql.max_links Unlimited Unlimited mysql.max_persistent > Unlimited Unlimited mysql.trace_mode Off Off > > > mysqli > MysqlI Support enabled > Client API library version mysqlnd 5.0.5-dev - 081106 - $Revision: > 1.3.2.27 $ > Active Persistent Links 0 > Inactive Persistent Links 0 > Active Links 0 > Persistent cache enabled > put_hits 0 > put_misses 0 > get_hits 0 > get_misses 0 > size 2000 > free_items 2000 > references 2 > > Directive Local Value Master Value > mysqli.allow_local_infile On On > mysqli.allow_persistent On On > mysqli.cache_size 2000 2000 > mysqli.default_host no value no value > mysqli.default_port 3306 3306 > mysqli.default_pw no value no value > mysqli.default_socket no value no value mysqli.default_user no value no > value mysqli.max_links Unlimited Unlimited mysqli.max_persistent > Unlimited Unlimited mysqli.reconnect Off Off > > > mysqlnd > mysqlnd enabled > Version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Command buffer > size 2048 Read buffer size 32768 Collecting statistics Yes Collecting > memory statistics Yes > > PDO > PDO support enabled > PDO drivers mysql, sqlite > > > pdo_mysql > PDO Driver for MySQL enabled > Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ > Persistent cache enabled > put_hits 0 > put_misses 0 > get_hits 0 > get_misses 0 > size 2000 > free_items 2000 > references 2 > > Directive Local Value Master Value > pdo_mysql.cache_size 2000 2000 > > > pdo_sqlite > PDO Driver for SQLite 3.x enabled > SQLite Library 3.6.15 > > -Original Message- > From: Tommy Pham [mailto:tommy...@gmail.com] > Sent: Thursday, September 16, 2010 11:39 AM > To: php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > > -Original Message- > > From: Cheryl Sullivan [mailto:csull...@shh.org] > > Sent: Thursday, September 16, 2010 8:33 AM > > To: Tommy Pham; php-general@lists.php.net > > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > > loaded from MYSQL Query stick > > > > SQL Server 8.00.818 - SP3 (Enterprise Edition) > > > > 8? I think that's SQL 2000. If that's the case, you're 1 service pack > behind. The latest service pack for SQL 2000 is 4. > > > Unfortunately I am fairly new to PHP and my boss just went home sick > for > >
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On 16 September 2010 20:03, Cheryl Sullivan wrote: > We are actually running the query through a function that removes single > ticks, etc to avoid this, but I didn't think that was relevant to the > question so I didn't include it. Thanks, though! You're the one with the problem you don't understand, which means you don't get to make decisions as what is or is not relevant. Rather: you have no idea what seems relevant to us trying to pinpoint the error. That said, if - like Andrew points out - you see the values directly after storing them, then the problem is not database related. What exactly happens between the two pages and on the second page? Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Thu, Sep 16, 2010 at 10:26 AM, Cheryl Sullivan wrote: [snip] > When I echo all five $_SESSION vars from here, they are all populated. > Then I can either redirect or form post to the next page. In either > case, the $_SESSION vars populated from SQL Server ( the SSN and Cost > Center vars) are blank when I echo them on the destination page. On Thu, Sep 16, 2010 at 2:12 PM, Cheryl Sullivan wrote: > Tommy - I ran phpinfo() but I don't see anything in it referencing > MSSQL or SQLSRV. I have included all the references to "sql" I see > below, but the only references I see to databases are to mySQL and > SQLLite. Unfortunately I don't have any control over how service-packed > the database server is. Is there something in SP 4 for SQL Server 2000 > that is supposed to fix the issue I'm having, I may be able to plead my > case for getting the latest SP. Is this the case, do you know? > [snip] Again, I ask - based on what you said earlier - are you sure this is even a database issue? You said that when you echo the values in your $_SESSION array AFTER reading them from the database they are there, and you only lose them on the next request after either a redirect or a manual form POST. If the values are getting into $_SESSION correctly within this page, your issue is not related to the database at all. Am I misunderstanding you? Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
Tommy - I ran phpinfo() but I don't see anything in it referencing MSSQL or SQLSRV. I have included all the references to "sql" I see below, but the only references I see to databases are to mySQL and SQLLite. Unfortunately I don't have any control over how service-packed the database server is. Is there something in SP 4 for SQL Server 2000 that is supposed to fix the issue I'm having, I may be able to plead my case for getting the latest SP. Is this the case, do you know? mysql MySQL Support enabled Active Persistent Links 0 Active Links 0 Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 size 2000 free_items 2000 references 2 Directive Local Value Master Value mysql.allow_local_infile On On mysql.allow_persistent On On mysql.cache_size 2000 2000 mysql.connect_timeout 60 60 mysql.default_host no value no value mysql.default_password no value no value mysql.default_port no value no value mysql.default_socket no value no value mysql.default_user no value no value mysql.max_links Unlimited Unlimited mysql.max_persistent Unlimited Unlimited mysql.trace_mode Off Off mysqli MysqlI Support enabled Client API library version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Active Persistent Links 0 Inactive Persistent Links 0 Active Links 0 Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 size 2000 free_items 2000 references 2 Directive Local Value Master Value mysqli.allow_local_infile On On mysqli.allow_persistent On On mysqli.cache_size 2000 2000 mysqli.default_host no value no value mysqli.default_port 3306 3306 mysqli.default_pw no value no value mysqli.default_socket no value no value mysqli.default_user no value no value mysqli.max_links Unlimited Unlimited mysqli.max_persistent Unlimited Unlimited mysqli.reconnect Off Off mysqlnd mysqlnd enabled Version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Command buffer size 2048 Read buffer size 32768 Collecting statistics Yes Collecting memory statistics Yes PDO PDO support enabled PDO drivers mysql, sqlite pdo_mysql PDO Driver for MySQL enabled Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 size 2000 free_items 2000 references 2 Directive Local Value Master Value pdo_mysql.cache_size 2000 2000 pdo_sqlite PDO Driver for SQLite 3.x enabled SQLite Library 3.6.15 -Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Thursday, September 16, 2010 11:39 AM To: php-general@lists.php.net Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick > -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 8:33 AM > To: Tommy Pham; php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > SQL Server 8.00.818 - SP3 (Enterprise Edition) > 8? I think that's SQL 2000. If that's the case, you're 1 service pack behind. The latest service pack for SQL 2000 is 4. > Unfortunately I am fairly new to PHP and my boss just went home sick for > the day, so I don't know how to answer the question about the extension. > Can you tell me where I can find that? > phpinfo(); will give all the information pertaining to your PHP environment. Regards, Tommy > -Original Message- > From: Tommy Pham [mailto:tommy...@gmail.com] > Sent: Thursday, September 16, 2010 11:00 AM > To: php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > > -Original Message- > > From: Cheryl Sullivan [mailto:csull...@shh.org] > > Sent: Thursday, September 16, 2010 7:12 AM > > To: php-general@lists.php.net > > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded > > from MYSQL Query stick > > > > Hi there - I'm new to this news group. Any help with this is > appreciated - > > > > When I populate session vars from a MYSQL query, they are still there > when > > I change pages. If I populate them from an MSSQL query, they drop. > > > > It doesn't matter if I get to the next page using a header redirect or > a form > > submit. I have two session vars I'm loading from a MYSQL query and > they > > remain, the two loaded from MSSQL disappear. > > > > What SQL Server version? What PHP extension are you using? MSSQL? > sqlsrv? > > Regards, > Tommy > > > I have confirmed that a
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
We are actually running the query through a function that removes single ticks, etc to avoid this, but I didn't think that was relevant to the question so I didn't include it. Thanks, though! -Original Message- From: Peter Lind [mailto:peter.e.l...@gmail.com] Sent: Thursday, September 16, 2010 12:03 PM To: Cheryl Sullivan Cc: a...@ashleysheridan.co.uk; php-general@lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On 16 September 2010 16:26, Cheryl Sullivan wrote: > Absolutely - > > > > This is from the first page > > > > > $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); > > $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']); > > > > //access MS SQL Server database > > $q1 = "select * from emps where emp_last = > '".$_SESSION['UserLastName']."' and emp_badge = > '".$_SESSION['BadgeID']."'"; > > $rs_emp_info = hitMSSQL($q1,"_sql","database","table","password",1); > > $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); > > $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); > You're sticking values from $_POST into an SQL query without sanitizing them first. That spells out SQL INJECTION VULNERABILITY. Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On 16 September 2010 16:26, Cheryl Sullivan wrote: > Absolutely - > > > > This is from the first page > > > > > $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); > > $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']); > > > > //access MS SQL Server database > > $q1 = "select * from emps where emp_last = > '".$_SESSION['UserLastName']."' and emp_badge = > '".$_SESSION['BadgeID']."'"; > > $rs_emp_info = hitMSSQL($q1,"_sql","database","table","password",1); > > $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); > > $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); > You're sticking values from $_POST into an SQL query without sanitizing them first. That spells out SQL INJECTION VULNERABILITY. Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
> -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 8:33 AM > To: Tommy Pham; php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > SQL Server 8.00.818 - SP3 (Enterprise Edition) > 8? I think that's SQL 2000. If that's the case, you're 1 service pack behind. The latest service pack for SQL 2000 is 4. > Unfortunately I am fairly new to PHP and my boss just went home sick for > the day, so I don't know how to answer the question about the extension. > Can you tell me where I can find that? > phpinfo(); will give all the information pertaining to your PHP environment. Regards, Tommy > -Original Message- > From: Tommy Pham [mailto:tommy...@gmail.com] > Sent: Thursday, September 16, 2010 11:00 AM > To: php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > > -Original Message- > > From: Cheryl Sullivan [mailto:csull...@shh.org] > > Sent: Thursday, September 16, 2010 7:12 AM > > To: php-general@lists.php.net > > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded > > from MYSQL Query stick > > > > Hi there - I'm new to this news group. Any help with this is > appreciated - > > > > When I populate session vars from a MYSQL query, they are still there > when > > I change pages. If I populate them from an MSSQL query, they drop. > > > > It doesn't matter if I get to the next page using a header redirect or > a form > > submit. I have two session vars I'm loading from a MYSQL query and > they > > remain, the two loaded from MSSQL disappear. > > > > What SQL Server version? What PHP extension are you using? MSSQL? > sqlsrv? > > Regards, > Tommy > > > I have confirmed that all four session vars are loading ok initially > and I can > > echo them out to the page, but when the application moves to the next > > page via redirect or form submit, the two vars loaded from MSSQL are > > empty. > > > > Any ideas? > > > > > > Cheryl L. Sullivan > > Interface Analyst / Web Developer > > > > Sacred Heart Hospital (www.shh.org) > > 421 Chew Street * Allentown, PA 18102 > > Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the > environment > > before printing this e-mail > > > > > > > > Notice: This communication, including attachments, may contain > > information that is confidential and protected. It constitutes > non-public > > information intended to be conveyed only to the designated > recipient(s). If > > you believe that you have received this communication in error, please > > notify the sender immediately by return e-mail and promptly delete > this e- > > mail, including attachments without reading or saving them in any > manner. > > The unauthorized use, dissemination, distribution, or reproduction of > this > > e-mail, including attachments, is prohibited and may be unlawful. > Thank > > you. > > > -- > PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: > http://www.php.net/unsub.php > > > Notice: This communication, including attachments, may contain > information that is confidential and protected. It constitutes non-public > information intended to be conveyed only to the designated recipient(s). If > you believe that you have received this communication in error, please > notify the sender immediately by return e-mail and promptly delete this e- > mail, including attachments without reading or saving them in any manner. > The unauthorized use, dissemination, distribution, or reproduction of this > e-mail, including attachments, is prohibited and may be unlawful. Thank > you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
SQL Server 8.00.818 - SP3 (Enterprise Edition) Unfortunately I am fairly new to PHP and my boss just went home sick for the day, so I don't know how to answer the question about the extension. Can you tell me where I can find that? -Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Thursday, September 16, 2010 11:00 AM To: php-general@lists.php.net Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick > -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 7:12 AM > To: php-general@lists.php.net > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded > from MYSQL Query stick > > Hi there - I'm new to this news group. Any help with this is appreciated - > > When I populate session vars from a MYSQL query, they are still there when > I change pages. If I populate them from an MSSQL query, they drop. > > It doesn't matter if I get to the next page using a header redirect or a form > submit. I have two session vars I'm loading from a MYSQL query and they > remain, the two loaded from MSSQL disappear. > What SQL Server version? What PHP extension are you using? MSSQL? sqlsrv? Regards, Tommy > I have confirmed that all four session vars are loading ok initially and I can > echo them out to the page, but when the application moves to the next > page via redirect or form submit, the two vars loaded from MSSQL are > empty. > > Any ideas? > > > Cheryl L. Sullivan > Interface Analyst / Web Developer > > Sacred Heart Hospital (www.shh.org) > 421 Chew Street * Allentown, PA 18102 > Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the environment > before printing this e-mail > > > > Notice: This communication, including attachments, may contain > information that is confidential and protected. It constitutes non-public > information intended to be conveyed only to the designated recipient(s). If > you believe that you have received this communication in error, please > notify the sender immediately by return e-mail and promptly delete this e- > mail, including attachments without reading or saving them in any manner. > The unauthorized use, dissemination, distribution, or reproduction of this > e-mail, including attachments, is prohibited and may be unlawful. Thank > you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Thu, Sep 16, 2010 at 10:26 AM, Cheryl Sullivan wrote: > Absolutely - > > This is from the first page > > > $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); > > $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']); > > //access MS SQL Server database > > $q1 = "select * from emps where emp_last = > '".$_SESSION['UserLastName']."' and emp_badge = > '".$_SESSION['BadgeID']."'"; > > $rs_emp_info = hitMSSQL($q1,"_sql","database","table","password",1); > > $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); > > $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); > > //access mySQL database > > $cnx = mysql_connect("localhost","userID","password"); > > $db = mysql_select_db("database_name"); > > $q1 = "select * from tblmainempreport where empUUID = > 'sdfsfs920090528131'"; > > $result = mysql_query($q1); > > $recArray = mysql_fetch_array($result); > > $_SESSION['empFName'] = $recArray['EmpFName']; > > ?> > > > > When I echo all five $_SESSION vars from here, they are all populated. > Then I can either redirect or form post to the next page. In either > case, the $_SESSION vars populated from SQL Server ( the SSN and Cost > Center vars) are blank when I echo them on the destination page. The fact that you can echo the $_SESSION information on the same page and they contain the correct values suggest to me that the issue of MySQL/MSSQL is a red herring. I would look into things like the value for register_globals to make sure you don't have a global variable stepping on some of your session variables. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
> -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 7:12 AM > To: php-general@lists.php.net > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded > from MYSQL Query stick > > Hi there – I’m new to this news group. Any help with this is appreciated – > > When I populate session vars from a MYSQL query, they are still there when > I change pages. If I populate them from an MSSQL query, they drop. > > It doesn't matter if I get to the next page using a header redirect or a form > submit. I have two session vars I'm loading from a MYSQL query and they > remain, the two loaded from MSSQL disappear. > What SQL Server version? What PHP extension are you using? MSSQL? sqlsrv? Regards, Tommy > I have confirmed that all four session vars are loading ok initially and I can > echo them out to the page, but when the application moves to the next > page via redirect or form submit, the two vars loaded from MSSQL are > empty. > > Any ideas? > > > Cheryl L. Sullivan > Interface Analyst / Web Developer > > Sacred Heart Hospital (www.shh.org) > 421 Chew Street • Allentown, PA 18102 > Office: 610-776-4784 • Cell: 484-544-2416 P Please consider the environment > before printing this e-mail > > > > Notice: This communication, including attachments, may contain > information that is confidential and protected. It constitutes non-public > information intended to be conveyed only to the designated recipient(s). If > you believe that you have received this communication in error, please > notify the sender immediately by return e-mail and promptly delete this e- > mail, including attachments without reading or saving them in any manner. > The unauthorized use, dissemination, distribution, or reproduction of this > e-mail, including attachments, is prohibited and may be unlawful. Thank > you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
Absolutely - This is from the first page fields("emp_ssn"); $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); //access mySQL database $cnx = mysql_connect("localhost","userID","password"); $db = mysql_select_db("database_name"); $q1 = "select * from tblmainempreport where empUUID = 'sdfsfs920090528131'"; $result = mysql_query($q1); $recArray = mysql_fetch_array($result); $_SESSION['empFName'] = $recArray['EmpFName']; ?> When I echo all five $_SESSION vars from here, they are all populated. Then I can either redirect or form post to the next page. In either case, the $_SESSION vars populated from SQL Server ( the SSN and Cost Center vars) are blank when I echo them on the destination page. From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Thursday, September 16, 2010 10:14 AM To: Cheryl Sullivan Cc: php-general@lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On Thu, 2010-09-16 at 10:11 -0400, Cheryl Sullivan wrote: Hi there - I'm new to this news group. Any help with this is appreciated - When I populate session vars from a MYSQL query, they are still there when I change pages. If I populate them from an MSSQL query, they drop. It doesn't matter if I get to the next page using a header redirect or a form submit. I have two session vars I'm loading from a MYSQL query and they remain, the two loaded from MSSQL disappear. I have confirmed that all four session vars are loading ok initially and I can echo them out to the page, but when the application moves to the next page via redirect or form submit, the two vars loaded from MSSQL are empty. Any ideas? Cheryl L. Sullivan Interface Analyst / Web Developer Sacred Heart Hospital (www.shh.org) 421 Chew Street * Allentown, PA 18102 Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the environment before printing this e-mail Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you. There should be no difference. Can we see some examples of the MySQL and the MSSQL code to see what you're doing differently? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Thu, 2010-09-16 at 10:11 -0400, Cheryl Sullivan wrote: > Hi there – I’m new to this news group. Any help with this is appreciated – > > When I populate session vars from a MYSQL query, they are still there when I > change pages. If I populate them from an MSSQL query, they drop. > > It doesn't matter if I get to the next page using a header redirect or a form > submit. I have two session vars I'm loading from a MYSQL query and they > remain, the two loaded from MSSQL disappear. > > I have confirmed that all four session vars are loading ok initially and I > can echo them out to the page, but when the application moves to the next > page via redirect or form submit, the two vars loaded from MSSQL are empty. > > Any ideas? > > > Cheryl L. Sullivan > Interface Analyst / Web Developer > > Sacred Heart Hospital (www.shh.org) > 421 Chew Street • Allentown, PA 18102 > Office: 610-776-4784 • Cell: 484-544-2416 > Please consider the environment before printing this e-mail > > > > Notice: This communication, including attachments, may contain information > that is confidential and protected. It constitutes non-public information > intended to be conveyed only to the designated recipient(s). If you believe > that you have received this communication in error, please notify the sender > immediately by return e-mail and promptly delete this e-mail, including > attachments without reading or saving them in any manner. The unauthorized > use, dissemination, distribution, or reproduction of this e-mail, including > attachments, is prohibited and may be unlawful. Thank you. > > There should be no difference. Can we see some examples of the MySQL and the MSSQL code to see what you're doing differently? Thanks, Ash http://www.ashleysheridan.co.uk