$_get value from URL

Hi,

Please check for whitespace between = and config value.

Just wondering... If you require the config on every page, is'nt it easier to use a SESSION variable?

If you have to pass it through a form, then you would be possibly having a hidden element. change it to text and see of it is taking the config value correctly, on the pages where you have the problem coming up.

Thanks for the reply's,

No, there is no space at all in the URL. I know that the page is seeing the correct variable because for the time being I am using this in the form body to get around the issue.

if ($_GET['config']=='6') {?>
    <input type="hidden" name="config" value="6">
                     
 <?PHP } ?>

this of course posts the correct URL if I am on config=6 in the URL. the bad thing of doing it like this is there is 8 other config values from other stores.

Basically this is a script for sales reporting and instead of making a page for each store I am trying to condense them into one page.

I have not used sessions for this value as on the left menu there are links for each store and the owner could choose any store so would I not have to destroy and save the session each time?

As for sessions, If the user clicks a link on the left to a different store, Process the link as page.php?config=<store_id> . If there is a config parameter in the URL then change the $_SESSION value as in the following code.

$config=$_GET['config'];
if (isset($config) && $config!=""){
   $_SESSION['store']=$config;
}

Put the above code into all your pages, or store it another file and include it in all your pages. This code tells that system that if the user chooses another store to change the session store parameter. When you are doing a transaction for a store all you then need to do is to get the value from the session. This way you do not have to bother about adding the <input name="config" /> into every form.

If you actually need to then consider using PHP to do this as in

<?php 
$config=$_GET['config'];
if (isset($config) && $config!=""){
    echo "<input type='hidden' name='config' value='$config' />";
} 
?>

The problem with the above code is that if $_GET['config'] is a blank then the <input name="config"> will not come up on the page and the system will not know as to which store the process the order from.

Thanks sudeepdj I went with your second solution. It is actually okay for config to return an empty value as that returns the default store sales table.

My second question is is there any easier way to select the configuration file i need to associate with the config? right now im doing it this way

if ($_GET['config']=='6') {
require( DIR_WS_STORE6_INCLUDES . 'database_tables.php');
 } elseif  ($_GET['config']=='13'){
  require(DIR_WS_STORE13_INCLUDES . 'database_tables.php');
} else {
  require(DIR_WS_INCLUDES . 'database_tables.php');
}

Instead of doing the if-then thingy you can use the eval() function to create the statement.

$config=strip_tags($_GET['config']);
if (isset($config) && $config!=""){
	$a="require(DIR_WS_STORE".$config."_INCLUDES . 'database_tables.php');";
	eval($a);	
} else {
	require(DIR_WS_INCLUDES . 'database_tables.php');
}

And yes, it is always better to put the $_GET into a variable and validate it (strip_tags for instance) before using it in the code. This avoids security loopholes.