iPixel Posted October 30, 2009 Share Posted October 30, 2009 Am i doing something wrong? File 1 is a form that passes all the data back to itself. One of the passed values is "ext" as in extension. then i have a check to see if it was posted. <?php if(isset($_GET['ext'])) { $sql_inject_ext = "AND extension = '$_POST[ext]'"; } elseif(isset($_POST['ext'])) { $sql_inject_ext = "AND extension = '$_POST[ext]'"; } else { $search_ext = ""; } ?> somewhere down the line i have an include file that hodls a bunch of php functions that do the heavy work of pulling database data. include('xtap_functions.php'); no on this function page i run an Oracle query where i use the variable $sql_inject_ext. <?php $sql_A = "SELECT firstname, lastname, directoryid, managerid, extension FROM pcsmgr.empdir_employees WHERE managerid = '$directoryid' AND branchid = '$branchid' $sql_inject_ext"; ?> But when i run the page this is the error i get. Notice: Undefined variable: sql_inject_ext in C:\Inetpub\wwwroot\Newton\xtap_functions.php on line 30 Im not familiar with GLOBALS but is that something i should be trying? I dont really know why it doesnt realise that $sql_inject_ext has been defined in it's parent file. Quote Link to comment https://forums.phpfreaks.com/topic/179638-solved-what-am-i-missing-here/ Share on other sites More sharing options...
Bricktop Posted October 30, 2009 Share Posted October 30, 2009 Hi iPixel, You will need to declare the $sql_inject_ext variable as Global, for example: global $sql_inject_ext; Hope this helps. Quote Link to comment https://forums.phpfreaks.com/topic/179638-solved-what-am-i-missing-here/#findComment-947877 Share on other sites More sharing options...
mikesta707 Posted October 30, 2009 Share Posted October 30, 2009 can I see more of your code. If sql_inject_ext is in a function, than it's scope will only be local to that function. In any case its always good to pass variables to functions that you may use in the function, instead of relying on global variables (which may collide with other variables down the line.) Quote Link to comment https://forums.phpfreaks.com/topic/179638-solved-what-am-i-missing-here/#findComment-947880 Share on other sites More sharing options...
iPixel Posted October 30, 2009 Author Share Posted October 30, 2009 global $sql_inject_ext; didnt do it for me. Here's more code to how this works... from the point of form submission. <?php global $sql_inject_ext; if(isset($_GET['ext'])) { $sql_inject_ext = "AND extension = '$_POST[ext]'"; } elseif(isset($_POST['ext'])) { $sql_inject_ext = "AND extension = '$_POST[ext]'"; } else { $search_ext = ""; } ?> Then <?php include('xtap_functions.php'); DivisionManagers($bID[$key],$row['DIRECTORYID']); ?> the following is within the xtap_function file <?php function DivisionManagers($branchid, $directoryid) // FIRST LEVEL OF EMPLOYEES BASED ON BRANCH AND BOSS { $sql_A = "SELECT firstname, lastname, directoryid, managerid, extension FROM pcsmgr.empdir_employees WHERE managerid = '$directoryid' AND branchid = '$branchid' $sql_inject_ext"; $go_A = oci_parse($conn, $sql_A); oci_execute($go_A); while($row_A = oci_fetch_assoc($go_A)) { ?> <tr> <td style="border-bottom:1px solid #CCCCCC; color:#336699;"> <a href="javascript:void(0);" onclick="UnfoldTree('<?php echo $row_A['EXTENSION']; ?>');"><img src="images/plus.gif" width="9" height="9" border="0" /></a> <?php echo $row_A['FIRSTNAME'] . " " . $row_A['LASTNAME'] . " ( " . $row_A['EXTENSION'] . " )"; ?> </td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffd19a" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffd19a" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffd19a" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffdddd" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffdddd" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ffdddd" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ddddff" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ddddff" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#ddddff" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#c7decd" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#c7decd" align="center">0</td> <td style="border-bottom:1px solid #CCCCCC;" bgcolor="#c7decd" align="center">0</td> </tr> <?php } } ?> I realise that simply captureing $_POST of ext and passing it to the function would work. But since i've stumbled upon this issue, i'd like to learn how to solve it. Quote Link to comment https://forums.phpfreaks.com/topic/179638-solved-what-am-i-missing-here/#findComment-947883 Share on other sites More sharing options...
mikesta707 Posted October 30, 2009 Share Posted October 30, 2009 yeah, this very example is a reason why its bad to rely on scripts to have variables in certain scopes being in others. You have two options. One route would be do declare sql_inect_ext as global in the DivisionManagers function (which a lot of people would suggest you don't. Im not going to get into it, or voice my opinion one way or the other) function DivisionManagers($branchid, $directoryid) // FIRST LEVEL OF EMPLOYEES BASED ON BRANCH AND BOSS { global $sql_inject_ext; or you could simply pass $sql_inject_ext in. I personally reccomend this way function DivisionManagers($branchid, $directoryid, $sql_inject_ext) // FIRST LEVEL OF EMPLOYEES BASED ON BRANCH AND BOSS { DivisionManagers($bID[$key],$row['DIRECTORYID'], $sql_inject_ext); ?> Quote Link to comment https://forums.phpfreaks.com/topic/179638-solved-what-am-i-missing-here/#findComment-947887 Share on other sites More sharing options...
iPixel Posted October 30, 2009 Author Share Posted October 30, 2009 I took the 2nd option. TY! Quote Link to comment https://forums.phpfreaks.com/topic/179638-solved-what-am-i-missing-here/#findComment-947891 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.