Jump to content

[SOLVED] Issue with a assigning a value to a Session.


Solarpitch

Recommended Posts

Hey,

 

I have a page that will get the value of an id passed to it. I then just want to assign this id to a session which is fine. The page needs to submit to itself and I need to call the session to place the value of it in a function, but when the page submits... the session is empty.

 

<?php

session_start();

$product_id = $_GET['product_id'];
$_SESSION['product_id'] = $product_id;

//Test value is assigned at this point. This works fine!
echo $_SESSION['product_id'];

//See if the form is being submitted...

if ($process != "execute")
{
//not being submitted...
}
else
{

$product_id = $_SESSION['product_id'];



$linked_id = $_POST['checked'];	
link_products($product_id, $linked_id); //$product_id is empty

}



?>

Actually... I think it could be something to do with ob_start(); as I know the rest of my code is perfect, its all tested. But I think if you use ob_start(); you have to also use ob_end_flush(); ... am I right?

I think what he means is that: $product_id = $_GET['product_id']; doesn't appear to be sanatized.

 

http://www.askbee.net/articles/php/SQL_Injection/sql_injection.html

 

Might help, as if you use the $product_id to do a lookup or any interaction with MySQL you're wide open to SQL-injection attacks without sanitizing the input.

Thanks guys,

 

I've got it too work by checking to see if the value was set first..

 

<?php

ob_start();
session_start();


$product_id = $_GET['product_id'];

if(isset($product_id))

{$_SESSION['product_id'] = $product_id;}

        ......

        ob_end_flush();

?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.