0

I have a simple value that is in a URL that must be kept for browsing a back end i have developed. So any form that is submitted must carry what ever the config= is.

The URL value is ?status=17&config=6 This works fine on every page by the use of

$_GET['config']

the problem is on some pages it just prints ?status=17&config=+ when the form is submitted. of course this will not work for what i need and i am out of ideas.

3
Contributors
6
Replies
7
Views
6 Years
Discussion Span
Last Post by sudeepjd
0

Just wondering... If you require the config on every page, is'nt it easier to use a SESSION variable?

If you have to pass it through a form, then you would be possibly having a hidden element. change it to text and see of it is taking the config value correctly, on the pages where you have the problem coming up.

0

Thanks for the reply's,

No, there is no space at all in the URL. I know that the page is seeing the correct variable because for the time being I am using this in the form body to get around the issue.

if ($_GET['config']=='6') {?>
    <input type="hidden" name="config" value="6">
                     
 <?PHP } ?>

this of course posts the correct URL if I am on config=6 in the URL. the bad thing of doing it like this is there is 8 other config values from other stores.

Basically this is a script for sales reporting and instead of making a page for each store I am trying to condense them into one page.


I have not used sessions for this value as on the left menu there are links for each store and the owner could choose any store so would I not have to destroy and save the session each time?

Edited by lifeisboost: n/a

0

As for sessions, If the user clicks a link on the left to a different store, Process the link as page.php?config=<store_id> . If there is a config parameter in the URL then change the $_SESSION value as in the following code.

$config=$_GET['config'];
if (isset($config) && $config!=""){
   $_SESSION['store']=$config;
}

Put the above code into all your pages, or store it another file and include it in all your pages. This code tells that system that if the user chooses another store to change the session store parameter. When you are doing a transaction for a store all you then need to do is to get the value from the session. This way you do not have to bother about adding the <input name="config" /> into every form.

If you actually need to then consider using PHP to do this as in

<?php 
$config=$_GET['config'];
if (isset($config) && $config!=""){
    echo "<input type='hidden' name='config' value='$config' />";
} 
?>

The problem with the above code is that if $_GET['config'] is a blank then the <input name="config"> will not come up on the page and the system will not know as to which store the process the order from.

0

Thanks sudeepdj I went with your second solution. It is actually okay for config to return an empty value as that returns the default store sales table.

My second question is is there any easier way to select the configuration file i need to associate with the config? right now im doing it this way

if ($_GET['config']=='6') {
require( DIR_WS_STORE6_INCLUDES . 'database_tables.php');
 } elseif  ($_GET['config']=='13'){
  require(DIR_WS_STORE13_INCLUDES . 'database_tables.php');
} else {
  require(DIR_WS_INCLUDES . 'database_tables.php');
}

Edited by lifeisboost: n/a

0

Instead of doing the if-then thingy you can use the eval() function to create the statement.

$config=strip_tags($_GET['config']);
if (isset($config) && $config!=""){
	$a="require(DIR_WS_STORE".$config."_INCLUDES . 'database_tables.php');";
	eval($a);	
} else {
	require(DIR_WS_INCLUDES . 'database_tables.php');
}

And yes, it is always better to put the $_GET into a variable and validate it (strip_tags for instance) before using it in the code. This avoids security loopholes.

Edited by sudeepjd: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.