954,561 Members — Technology Publication meets Social Media

1 2 >

Have something to say? Contribute New Article Reply to this Article

0

Dynamically creating $_SESSION variables

Hi there

I'm having a bit of a problem. As the title suggests, I'm creating $_SESSION's such as

$_SESSION[''.$row[0].'']

dynamically which is working perfectly, but the problem is I don't know how to call that same variable on a template page that I click through to.

At the moment I have the following:

$query = "SELECT eid, title, content, image, image2 FROM diary WHERE eid = '".$_SESSION[''.$row[0].'']."'";

Clearly this isn't working because the session variable could be any of the id's pulled from the database on the previous page and therefore the template page shows no content. I need some way of tying the variable from the previous page to the variable on the template page without using symantic URL encoding.

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

Why dont you assign the value to a variable and then use that variable ?
Eg.

<?php  //page1.php
session_start();
$_SESSION['eid']="1234";
// rest of your code... 
?>
<?php //page2.php
session_start();
$eid=$_SESSION['eid'];
$query = "SELECT eid, title, content, image, image2 FROM diary WHERE eid ='$eid'";
// rest of your code
?>

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

0

Why dont you assign the value to a variable and then use that variable ? Eg.

<?php  //page1.php
session_start();
$_SESSION['eid']="1234";
// rest of your code... 
?>
<?php //page2.php
session_start();
$eid=$_SESSION['eid'];
$query = "SELECT eid, title, content, image, image2 FROM diary WHERE eid ='$eid'";
// rest of your code
?>

Beacuse my code goes like this:

<?php  //page1.php
session_start();
// some code
//create query
$query = "SELECT eid, title, SUBSTRING(content, 1, 200), thumb_image FROM diary ORDER BY eid DESC";
// some more code
while($row = mysql_fetch_row($result))
	{
	if (!$_SESSION[$row[0]]) {
		$_SESSION[$row[0]] = $row[0];
	} 				
	//echo output here
	}
// rest of your code... 
?>

This is intended so that if I click on the link to the template page only the info relating to a particular eid will be displayed

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

How are you differentiating between different links ? Say you have 4 links ? Arent you passing some id for different links ?

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

0

How are you differentiating between different links ? Say you have 4 links ? Arent you passing some id for different links ?

No, at the moment it just links to template.php. What I'm trying to do is link through to the template page without having a URL that looks like the following: http://www.sitename.com/template.php?eid=38

All I want people to see is:

http://www.sitename.com/template.php

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

And how will you know which $_SESSION[$row[0]] value has to be passed ?

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

0

And how will you know which $_SESSION[$row[0]] value has to be passed ?

Thats exactly what I'm trying to figure out. Is there no way of doing this without having the info attached to the URL?

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

I dont think so. hmmm.. There is a weird way of doing it (which I wouldn't prefer). I hope you are looping to print the urls. What you can do is, use onclick event, set $_SESSION[$row[0]] value to a hidden variable and submit the form. :S

<html>
<body>
<?php
//connection
//select db
$query="select eid from table";
$result=mysql_query($query);
while($row=mysql_fetch_array($result)){
echo "<form method=\"post\">";
echo "<input type=\"hidden\" name=\"eid\">";

echo "<a href=\"#\" onclick=\"javascript: document.form.eid.value='$_SESSION[$row[0]]'; document.form.action=\"template.php\"; document.form.submit();\">";
}
?>

As I said, this is the 'worst' way of doing it :P . But if you dont want to attach the info to the url, then you can do it this way ! I haven't tested the code(maybe the code wont even work!). Just giving you an idea on how it might work.
Cheers,
Naveen

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

0

Hmmm, not ideal as you've said. Is there any real chance that a semantic URL attack could happen if I put the eid in the URL? Or am I relatively safe?

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

You can have an array of all the eids and put it in a session. Then, everytime a user clicks on a link, check whether the eid is in the array of eids. If its present, then display respective page. Else, send the user to "you know where" ! Also, use mysql_real_escape_string or addslashes.

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

0

You can have an array of all the eids and put it in a session. Then, everytime a user clicks on a link, check whether the eid is in the array of eids. If its present, then display respective page. Else, send the user to "you know where" ! Also, use mysql_real_escape_string or addslashes.

So what I'd need to do is dynamically create a form around each row of info that is displayed, linking it to template.php, and then have code on template.php that searches for the row with the relevant eid and displays it?

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

No. you dont need a form if you are passing the eid in the url. While displaying the links, just concat eid at the end of the links and in template.php, check if that eid is in the session array of eids. If eid is in the array, fetch relevant details for that eid from the table and display it !

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

0

No. you dont need a form if you are passing the eid in the url. While displaying the links, just concat eid at the end of the links and in template.php, check if that eid is in the session array of eids. If eid is in the array, fetch relevant details for that eid from the table and display it !

I'm not quite following you. I'm feeling really blonde today :P Could you be so kind as to give a rough example of what you mean.

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

Okay !

<?php //page1.php
//connection
//select db
session_start();
$valid_eid=array();
$query="select eid,description from table";
$result=mysql_query($query);
while($row=mysql_fetch_array($result)){
	$eid=$row['eid'];
	$description=$row['description'];
	$valid_eid[]=$eid;
	echo "<a href=\"template.php?eid=$eid\">".$description."</a>"; //will display all the links
}
$_SESSION['eid_array']=$valid_eid;
?>
<?php //template.php
session_start();
//connection
//select db
$eid=mysql_real_escape_string($_REQUEST['eid']);
$valid_eid=$_SESSION['eid_array'];
if(in_array($eid,$valid_eid)){
	$query="select * from table where eid='$eid'";
	//fetch details and print
} else {
	echo "Eid is not valid !";
	exit; //or redirect the user to an error page. 
}
?>

Hope that helps !

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

0

Okay !

<?php //page1.php
//connection
//select db
session_start();
$valid_eid=array();
$query="select eid,description from table";
$result=mysql_query($query);
while($row=mysql_fetch_array($result)){
	$eid=$row['eid'];
	$description=$row['description'];
	$valid_eid[]=$eid;
	echo "<a href=\"template.php?eid=$eid\">".$description."</a>"; //will display all the links
}
$_SESSION['eid_array']=$valid_eid;
?>
<?php //template.php
session_start();
//connection
//select db
$eid=mysql_real_escape_string($_REQUEST['eid']);
$valid_eid=$_SESSION['eid_array'];
if(in_array($eid,$valid_eid)){
	$query="select * from table where eid='$eid'";
	//fetch details and print
} else {
	echo "Eid is not valid !";
	exit; //or redirect the user to an error page. 
}
?>

Hope that helps !

I see the eid is part of the URL. Would it display like that? If it does then I already have a way of doing that simply using $_GET.

page1's link:

<a href=www.example.com/template.php?eid=$eid />

page2 code:

//create query
$query = "SELECT eid, title, content, image, image2 FROM diary WHERE eid = '".$_GET['eid']."'";

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

Yep. You can do it that way. But the user can change eid to whatever value he wants ! My code will check if the eid is valid or not.

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

0

Yep. You can do it that way. But the user can change eid to whatever value he wants ! My code will check if the eid is valid or not.

Ok, so even if someone adds a valid eid into the URL it will give an error?

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

It wont. Because, it will check if the eid is valid. I am adding all the valid eids to an array remember :P. It will display the error message if eid is not in the array. So, this way, the user can't alter with eids !

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

0

It wont. Because, it will check if the eid is valid. I am adding all the valid eids to an array remember :P. It will display the error message if eid is not in the array. So, this way, the user can't alter with eids !

Thought as much :P Well thanks for all your help nav33n. Keep well.

Posting Whiz

353 posts since Oct 2007

Reputation Points: 31

Solved Threads: 2

0

You are welcome !

Purple hazed!

Moderator

4,465 posts since Nov 2007

Reputation Points: 524

Solved Threads: 356

This article has been dead for over three months

You

1 2 >

© 2012 DaniWeb® LLC

Home | About Us | Contact Us | Terms of Service | Advertising Opportunities