Jump to content

Recommended Posts

Am i doing something wrong?

 

File 1 is a form that passes all the data back to itself. One of the passed values is "ext" as in extension.

 

then i have a check to see if it was posted.

 

<?php
if(isset($_GET['ext']))
{
	$sql_inject_ext = "AND extension = '$_POST[ext]'";
}
elseif(isset($_POST['ext']))
{
	$sql_inject_ext = "AND extension = '$_POST[ext]'";
}
else
{
	$search_ext = "";
}
?>

 

 

somewhere down the line i have an include file that hodls a bunch of php functions that do the heavy work of pulling database data.

 

include('xtap_functions.php');

 

no on this function page  i run an Oracle query where i use the variable $sql_inject_ext.

 

<?php
$sql_A = "SELECT firstname, lastname, directoryid, managerid, extension FROM pcsmgr.empdir_employees WHERE managerid = '$directoryid' AND branchid = '$branchid' $sql_inject_ext";
?>

 

But when i run the page this is the error i get.

 

Notice: Undefined variable: sql_inject_ext in C:\Inetpub\wwwroot\Newton\xtap_functions.php on line 30

 

Im not familiar with GLOBALS but is that something i should be trying? I dont really know why it doesnt realise that $sql_inject_ext has been defined in it's parent file.

Link to comment
https://forums.phpfreaks.com/topic/179638-solved-what-am-i-missing-here/
Share on other sites

can I see more of your code.

 

If sql_inject_ext is in a function, than it's scope will only be local to that function. In any case its always good to pass variables to functions that you may use in the function, instead of relying on global variables (which may collide with other variables down the line.)

global $sql_inject_ext; didnt do it for me.

 

Here's more code to how this works... from the point of form submission.

 

<?php
global $sql_inject_ext;
if(isset($_GET['ext']))
{
	$sql_inject_ext = "AND extension = '$_POST[ext]'";
}
elseif(isset($_POST['ext']))
{
	$sql_inject_ext = "AND extension = '$_POST[ext]'";
}
else
{
	$search_ext = "";
}
?>

 

 

Then

 

<?php 
include('xtap_functions.php');

DivisionManagers($bID[$key],$row['DIRECTORYID']); ?>

 

the following is within the xtap_function file

 

<?php
function DivisionManagers($branchid, $directoryid) // FIRST LEVEL OF EMPLOYEES BASED ON BRANCH AND BOSS
{

	$sql_A = "SELECT firstname, lastname, directoryid, managerid, extension FROM pcsmgr.empdir_employees WHERE managerid = '$directoryid' AND branchid = '$branchid' $sql_inject_ext";
	$go_A = oci_parse($conn, $sql_A);
	oci_execute($go_A);
	while($row_A = oci_fetch_assoc($go_A))
		{
			?>                
                <tr>
                <td style="border-bottom:1px solid #CCCCCC; color:#336699;">       
                <a href="javascript:void(0);" onclick="UnfoldTree('<?php echo $row_A['EXTENSION']; ?>');"><img src="images/plus.gif" width="9" height="9" border="0" /></a>   
                <?php echo $row_A['FIRSTNAME'] . " " . $row_A['LASTNAME'] . " ( " . $row_A['EXTENSION'] . " )"; ?>
                </td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffd19a" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffd19a" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffd19a" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffdddd" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffdddd" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffdddd" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ddddff" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ddddff" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ddddff" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#c7decd" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#c7decd" align="center">0</td>
                <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#c7decd" align="center">0</td>
                </tr>
                <?php
		}		
}
?>

 

 

I realise that simply captureing $_POST of ext and passing it to the function would work. But since i've stumbled upon this issue, i'd like to learn how to solve it.

yeah, this very example is a reason why its bad to rely on scripts to have variables in certain scopes being in others. You have two options. One route would be do declare sql_inect_ext as global in the DivisionManagers function (which a lot of people would suggest you don't. Im not going to get into it, or voice my opinion one way or the other)

function DivisionManagers($branchid, $directoryid) // FIRST LEVEL OF EMPLOYEES BASED ON BRANCH AND BOSS
   {
         global $sql_inject_ext;

 

or you could simply pass $sql_inject_ext in. I personally reccomend this way

function DivisionManagers($branchid, $directoryid, $sql_inject_ext) // FIRST LEVEL OF EMPLOYEES BASED ON BRANCH AND BOSS
   {
         

 

DivisionManagers($bID[$key],$row['DIRECTORYID'], $sql_inject_ext); ?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.