[RESOLVED] Accessing Session Variables
I am passing a variety of session variables successfully, but my problem is that when outputting session variables, they always have ' ' around them. Example from the welcome page after registering through a form
Registration Date 5/12/2008
Thank you 'Bill' 'Bunsonburner', you are now registered.
We welcome you to Work At Home. An email is being sent to 'email@example.com' with comfirmation of regisration
Your user name is 'mortimer' and your password is 'corrina333'
(this is all bogus info) The date above is a session variable with no ' ' around it. The rest of the variables have the ' '. how do I get rid of the ' '?
The code from the form page is simple enough
The form data is not shown, its just a normal html form. This is header information
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
$_SESSION['company'] = $_POST['company'];
$_SESSION['pass'] = $_POST['pass'];
$_SESSION['date'] = $_POST['date'];
$_SESSION['logon_date'] = $_POST['logon_date'];
There is a form handling page inbetween that runs the form data through reg expressions, verifies the data and does the magic quotes thing then inserts the data into a batabase.
The code from the welcome page (example above output) is probably over kill but still quite simple
Everything works, its just the annoying punctuation that shows up. Any ideas? Thanks for reading
$com = $_SESSION['company'];
$first = $_SESSION['first_name'];
$last = $_SESSION['last_name'];
$mal = $_SESSION['email'];
$use = $_SESSION['user'];
$pas = $_SESSION['pass'];
$date = $_SESSION['date'];
$ldate = $_SESSION['logon_date'];
print "<div id=\"header\">";
print "<h1>Welcome $com";
print "<div id=\"content\">";
print "Registration Date $ldate <br />";
print "Thank you $first $last, you are now registered.<br />";
print "We welcome you to Work At Home. An email is being sent to $mal with comfirmation of regisration<br />";
print "Your user name is $use and your password is $pas <br />";
Last edited by mrwilson; 05-12-2008 at 11:52 AM.
You might just need to use print_r every now and then to determine when the quotes are being added. For example, use
right after you print the BODY tag to verify the condition of the POST data. Then, maybe immediately before displaying the data, use
to verify that the data is being tainted before it is interpolated. Assuming the first print_r shows good data and the second shows bad data, throw a few more print_r statements around (using $_SESSION) before/after some statements that modify/use $_SESSION.
Maybe someone else sees something obvious that we're both missing. But, it's probably best to narrow the problem down to a block or line of code that's tainting the data. In this case, repeatedly calling print_r on that data is probably the quickest way to track the problem down.
Thanks Jon, I will give that a shot right now
Doscovered the problem! First, thank you very much for your suggestions. I am leavign the Print_r in 'just in case'
the problem was a function
if you notice the last line on each side of the real escape string, there is a " ' ". I removed the ' and bingo, all my problems went away.
$value = stripslashes($value);
// Quote if not a number
$value = "`" . mysql_real_escape_string($value) . "`";
Thanks again, much appreciated
Cool, I'm happy you found it [so quickly].
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)