How is this possible? Textarea is ending entire session.

[slyte33]

Hello, I am having a pretty unusual problem.

 

I have coded fully working forums that have been working for months, but here recently I have re-coded the way my sessions work.

 

Now, when i load the forums, click a category, then click reply, it automatically ends my session.

I removed 1 segment of code at a time to find out what is causing it, and unfortunately, it's a textarea.

 

Here is that part of the code:

 

echo "<table><tr><td class=light>";

echo "<form action=forums.php?$gid&id=$_GET[id]&topicid=$_GET[topicid] method=post>";
echo "<table><tr>";

echo "<td class=light>";
echo "Message:<br><br><br>";
echo "</td>";
echo "<td class=light>";
echo "<textarea name=replymsg id=reply rows=5 cols=52></textarea>";

 

When removing that last line, it works fine with no problem, else it completely ends the session.

 

How is this happening? All help would be much appreciated.

 

Thanks, Slyte!

[jl5501]

firstly your html attributes should ideally be quoted, like

echo "<table><tr><td class=light>";
echo "<form action=\"forums.php?$gid&id=$_GET[id]&topicid=$_GET[topicid]\" method=\"post\">";
echo "<table><tr>";
echo "<td class=\"light\">";
echo "Message:<br><br><br>";
echo "</td>";
echo "<td class=\"light\">";
echo "<textarea name=\"replymsg\" id=\"reply\" rows=\"5\" cols=\"52\"></textarea>";

 

Secondly, you have shown us nothing to do with your session variables, or what it is that makes you think that your session is 'ending'.

 

Could you supply more details of what you see.

[slyte33]

I've figured it out, it doesn't have to do with the page my sessions are stored and blah blah, i simply removed the include file at the top of the forums page, and replaced that include with 2 main includes i need, and it worked, so it has to do with something somewhere in here:

 

<?
$_GET['logout'] = 1;
include("lib.php");
$player = check_user($secret_key, $db);
include("refresh.php");
?>
<div id=overDiv style="position:absolute; visibility:hidden; z-index:1000;"></div>

<table width="450" border="0" align="center" cellpadding="0" cellspacing="1" class="submit">
  <tr>
    <td colspan="2"><strong class="style21"><u><center><?

$url = $_SERVER['REQUEST_URI'];
echo "<a href=$url>$title</a>"; 
$time = time();
$update = $db->execute("update players set page='$title', last_active=$time where id=$player->id");
?> </u></strong></td>

</tr>
  <tr>
    <td colspan="2"> </td>
  </tr>
</table>
<center>

 

Question:

 

'firstly your html attributes should ideally be quoted, like'

 

do you have to do that, whats the difference?

[greatstar00]

that is wat w3c.org recommend

go check wat is w3c.org if u dont know

use this to validate your html code

http://validator.w3.org/

 

 

if u dont make this habbit, and someday, u have a style inside the tag, and u forgot to quote it, it wont run as u expected

[Wolphie]

Also bear in mind that array keys should be surrounded in quotes and not implicitly included within a string.

 

E.g.

 

You've used:

echo "<form action=forums.php?$gid&id=$_GET[id]&topicid=$_GET[topicid] method=post>"

 

When in fact it should be:

echo "<form action=\"forums.php?$gid&id=". $_GET['id'] ."&topicid=". $_GET['topicid'] ."\" method=post>"

[slyte33]

---

Thank you for the feedback,

 

So It would be a good idea to go through every page i've created and quote all html attributes and change all $_GET

---

to ".$_GET['page']."

 

One thing, though, Im just curious, how does it make a difference? Could it sometimes not process correctly because of this?

[aeroswat]

---

Thank you for the feedback,

 

So It would be a good idea to go through every page i've created and quote all html attributes and change all $_GET

 

One thing, though, Im just curious, how does it make a difference? Could it sometimes not process correctly because of this?

---

to ".$_GET['page']."

 

When you don't follow correct programming practices the future could look grim for your site. Let's say they come out with another very popular internet browser that does not recognize what you are doing because it sticks strictly to compliant code. Then all of the users that are using this browser will not have full functionality while visiting your site.

[slyte33]

---

Thank you for the feedback,

 

So It would be a good idea to go through every page i've created and quote all html attributes and change all $_GET

 

One thing, though, Im just curious, how does it make a difference? Could it sometimes not process correctly because of this?

 

When you don't follow correct programming practices the future could look grim for your site. Let's say they come out with another very popular internet browser that does not recognize what you are doing because it sticks strictly to compliant code. Then all of the users that are using this browser will not have full functionality while visiting your site.

---

to ".$_GET['page']."

 

 

Ahh, I understand now. Looks like I'll be making a lot of new changes then.

 

[teamatomic]

What is $gid? should it maybe be ?gid=$gid or something similar?

<form action=\"forums.php?$gid&id=$_GET[id]&topicid=$_GET[topicid]\" method=\"post\">";

 

 

HTH

Teamatomic