I am passing a variety of session variables successfully, but my problem is that when outputting session variables, they always have ' ' around them. Example from the welcome page after registering through a form
Registration Date 5/12/2008
Thank you 'Bill' 'Bunsonburner', you are now registered.
We welcome you to Work At Home. An email is being sent to 'email@example.com' with comfirmation of regisration
Your user name is 'mortimer' and your password is 'corrina333'
(this is all bogus info) The date above is a session variable with no ' ' around it. The rest of the variables have the ' '. how do I get rid of the ' '?
The form data is not shown, its just a normal html form. This is header information
There is a form handling page inbetween that runs the form data through reg expressions, verifies the data and does the magic quotes thing then inserts the data into a batabase.
The code from the welcome page (example above output) is probably over kill but still quite simple
$com = $_SESSION['company'];
$first = $_SESSION['first_name'];
$last = $_SESSION['last_name'];
$mal = $_SESSION['email'];
$use = $_SESSION['user'];
$pas = $_SESSION['pass'];
$date = $_SESSION['date'];
$ldate = $_SESSION['logon_date'];
print "<div id=\"header\">";
print "<h1>Welcome $com";
print "<div id=\"content\">";
print "Registration Date $ldate <br />";
print "Thank you $first $last, you are now registered.<br />";
print "We welcome you to Work At Home. An email is being sent to $mal with comfirmation of regisration<br />";
print "Your user name is $use and your password is $pas <br />";
Everything works, its just the annoying punctuation that shows up. Any ideas? Thanks for reading
to verify that the data is being tainted before it is interpolated. Assuming the first print_r shows good data and the second shows bad data, throw a few more print_r statements around (using $_SESSION) before/after some statements that modify/use $_SESSION.
Maybe someone else sees something obvious that we're both missing. But, it's probably best to narrow the problem down to a block or line of code that's tainting the data. In this case, repeatedly calling print_r on that data is probably the quickest way to track the problem down.
Doscovered the problem! First, thank you very much for your suggestions. I am leavign the Print_r in 'just in case'
the problem was a function
$value = stripslashes($value);
// Quote if not a number
$value = "`" . mysql_real_escape_string($value) . "`";
if you notice the last line on each side of the real escape string, there is a " ' ". I removed the ' and bingo, all my problems went away.