www.webdeveloper.com
Results 1 to 5 of 5

Thread: [RESOLVED] Accessing Session Variables

  1. #1
    Join Date
    Oct 2005
    Location
    Knoxville Tennessee
    Posts
    79

    resolved [RESOLVED] Accessing Session Variables

    I am passing a variety of session variables successfully, but my problem is that when outputting session variables, they always have ' ' around them. Example from the welcome page after registering through a form

    Registration Date 5/12/2008
    Thank you 'Bill' 'Bunsonburner', you are now registered.
    We welcome you to Work At Home. An email is being sent to 'press@lunarcafe.com' with comfirmation of regisration
    Your user name is 'mortimer' and your password is 'corrina333'

    (this is all bogus info) The date above is a session variable with no ' ' around it. The rest of the variables have the ' '. how do I get rid of the ' '?

    The code from the form page is simple enough
    Code:
    <?php
    session_start();
    $_SESSION['user']= $_POST['user'];
    $_SESSION['first_name'] = $_POST['first_name'];	
    $_SESSION['last_name'] = $_POST['last_name'];
    $_SESSION['email'] = $_POST['email'];
    $_SESSION['company'] = $_POST['company'];
    $_SESSION['pass'] = $_POST['pass'];
    $_SESSION['date'] = $_POST['date'];
    $_SESSION['logon_date'] = $_POST['logon_date'];
    
    ?>
    The form data is not shown, its just a normal html form. This is header information
    There is a form handling page inbetween that runs the form data through reg expressions, verifies the data and does the magic quotes thing then inserts the data into a batabase.


    The code from the welcome page (example above output) is probably over kill but still quite simple


    Code:
    $com = $_SESSION['company'];
    $first = $_SESSION['first_name'];  
    $last = $_SESSION['last_name'];
    $mal = $_SESSION['email'];
    $use = $_SESSION['user'];
    $pas = $_SESSION['pass'];
    $date = $_SESSION['date'];
    $ldate = $_SESSION['logon_date'];
    
    print "<div id=\"header\">";
    print "<h1>Welcome $com";
    print "</h1></div>";
    
    print "<div id=\"content\">";
    print "Registration Date $ldate <br />";
    print "Thank you $first $last, you are now registered.<br />";
    print "We welcome you to Work At Home.  An email is being sent to $mal with comfirmation of regisration<br />";
    print "Your user name is $use and your password is $pas <br />";
    Everything works, its just the annoying punctuation that shows up. Any ideas? Thanks for reading
    Last edited by mrwilson; 05-12-2008 at 12:52 PM.

  2. #2
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    You might just need to use print_r every now and then to determine when the quotes are being added. For example, use
    PHP Code:
    print "<pre>\n";
    print_r($_POST);
    print 
    "</pre>\n"
    right after you print the BODY tag to verify the condition of the POST data. Then, maybe immediately before displaying the data, use
    PHP Code:
    print "<pre>\n";
    print_r($_SESSION);
    print 
    "</pre>\n"
    to verify that the data is being tainted before it is interpolated. Assuming the first print_r shows good data and the second shows bad data, throw a few more print_r statements around (using $_SESSION) before/after some statements that modify/use $_SESSION.

    Maybe someone else sees something obvious that we're both missing. But, it's probably best to narrow the problem down to a block or line of code that's tainting the data. In this case, repeatedly calling print_r on that data is probably the quickest way to track the problem down.

  3. #3
    Join Date
    Oct 2005
    Location
    Knoxville Tennessee
    Posts
    79
    Thanks Jon, I will give that a shot right now

  4. #4
    Join Date
    Oct 2005
    Location
    Knoxville Tennessee
    Posts
    79
    Doscovered the problem! First, thank you very much for your suggestions. I am leavign the Print_r in 'just in case'

    the problem was a function

    Code:
    function check_input($value)
        {
            // Stripslashes
            if (get_magic_quotes_gpc())
            {
                $value = stripslashes($value);
            }
            // Quote if not a number
            if (!is_numeric($value))
            {
                $value = "`" . mysql_real_escape_string($value) . "`";
            }
            return $value;
        }
    if you notice the last line on each side of the real escape string, there is a " ' ". I removed the ' and bingo, all my problems went away.

    Thanks again, much appreciated

  5. #5
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    Cool, I'm happy you found it [so quickly].

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles