Jump to content

Recommended Posts

I am having trouble with the coding to return the user to the previous page after submitting a form.  I understand that it is usually better to create a direct link to the previous page, however there are four entrances to this page and I would like the user to return to their previous page upon submitting.  I have listed the code below and I think my problem lies in line 112 or there about.  Thank you so much.

 

<?php session_start(); ?>
<?php require_once('../Connections/Connect.php'); ?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "1,2";
$MM_donotCheckaccess = "false";


// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 


  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}


$MM_restrictGoTo = "AnitasAnimalArk/AnimalArk.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }


  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);


  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}


$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}


if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO postshift (UserID, ShiftDay, ShiftDate, ShiftMonth, ShiftYear, ShiftStartHour, ShiftStartMin, ShiftStartTime, ShiftEndHour, ShiftEndMin, ShiftEndTime, ChildcareCentre, Address, City, Telephone, EmployeeFirstName, EmployeeLastName, `Position`, EmailEmployee, EmailCentre, Comments) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['UserID'], "int"),
                       GetSQLValueString($_POST['ShiftDay'], "text"),
                       GetSQLValueString($_POST['ShiftDate'], "text"),
                       GetSQLValueString($_POST['ShiftMonth'], "text"),
                       GetSQLValueString($_POST['ShiftYear'], "int"),
                       GetSQLValueString($_POST['ShiftStartHour'], "int"),
                       GetSQLValueString($_POST['ShiftStartMin'], "int"),
                       GetSQLValueString($_POST['ShiftStartTime'], "text"),
                       GetSQLValueString($_POST['ShiftEndHour'], "int"),
                       GetSQLValueString($_POST['ShiftEndMin'], "int"),
                       GetSQLValueString($_POST['ShiftEndTime'], "text"),
                       GetSQLValueString($_POST['ChildcareName'], "text"),
                       GetSQLValueString($_POST['ChildcareAddress'], "text"),
                       GetSQLValueString($_POST['ChildcareCity'], "text"),
                       GetSQLValueString($_POST['ChildcareTelephone'], "int"),
                       GetSQLValueString($_POST['EmployeeFirstName'], "text"),
                       GetSQLValueString($_POST['EmployeeLastName'], "text"),
                       GetSQLValueString($_POST['Position2'], "text"),
                       GetSQLValueString($_POST['EmployeeUserEmail'], "text"),
                       GetSQLValueString($_POST['ChildcareEmail'], "text"),
                       GetSQLValueString($_POST['Comments'], "text"));


  mysql_select_db($database_Connect, $Connect);
  $Result1 = mysql_query($insertSQL, $Connect) or die(mysql_error());


  $insertGoTo = "HTTP_REFERER";
   if (isset($_SERVER["HTTP_REFERER"])) {
        header("Location: " . $_SERVER["HTTP_REFERER"]);
  }
  header(sprintf("Location: %s", $insertGoTo));
}


mysql_select_db($database_Connect, $Connect);
$query_PostShift = "SELECT * FROM postshift";
$PostShift = mysql_query($query_PostShift, $Connect) or die(mysql_error());
$row_PostShift = mysql_fetch_assoc($PostShift);
$totalRows_PostShift = mysql_num_rows($PostShift);
$query_PostShift = "SELECT * FROM postshift";
$PostShift = mysql_query($query_PostShift, $Connect) or die(mysql_error());
$row_PostShift = mysql_fetch_assoc($PostShift);
$totalRows_PostShift = mysql_num_rows($PostShift);
$query_PostShift = "SELECT * FROM postshift";
$PostShift = mysql_query($query_PostShift, $Connect) or die(mysql_error());
$row_PostShift = mysql_fetch_assoc($PostShift);
$totalRows_PostShift = mysql_num_rows($PostShift);
$query_PostShift = "SELECT * FROM postshift";
$PostShift = mysql_query($query_PostShift, $Connect) or die(mysql_error());
$row_PostShift = mysql_fetch_assoc($PostShift);
$totalRows_PostShift = mysql_num_rows($PostShift);


$colname_Users = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_Users = $_SESSION['MM_Username'];
}
mysql_select_db($database_Connect, $Connect);
$query_Users = sprintf("SELECT * FROM users WHERE UserName = %s", GetSQLValueString($colname_Users, "text"));
$Users = mysql_query($query_Users, $Connect) or die(mysql_error());
$row_Users = mysql_fetch_assoc($Users);
$totalRows_Users = mysql_num_rows($Users);


$colname_Childcare = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_Childcare = $_SESSION['MM_Username'];
}
mysql_select_db($database_Connect, $Connect);
$query_Childcare = sprintf("SELECT * FROM users INNER JOIN childcareinfo  ON users.ChildcareID = childcareinfo.ChildcareID WHERE users.UserName = %s", GetSQLValueString($colname_Childcare, "text"));
$Childcare = mysql_query($query_Childcare, $Connect) or die(mysql_error());
$row_Childcare = mysql_fetch_assoc($Childcare);
$totalRows_Childcare = mysql_num_rows($Childcare);
?> 
Edited by Ch0cu3r
added code tags

 

I am having trouble with the coding to return the user to the previous page after submitting a form.

That location is the form itself.

You are using POST in your form and checking for POST values as well, if you wanted to pass additional parameters and values into the url need to use GET

 

  • $editFormAction = $_SERVER['PHP_SELF'];//bad idea to use this
  • if (isset($_SERVER['QUERY_STRING'])) {
  •   $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); //you won't get a query string with form values because using POST for the form, need to use GET if want to pass these into the url
  • }

 

see all this?

  1. $insertGoTo = "HTTP_REFERER"; //should be $_SERVER['HTTP_REFERER']
  2.    if (isset($_SERVER["HTTP_REFERER"])) { //it's always going to be set, what it returns is another story
  3.         header("Location: " . $_SERVER["HTTP_REFERER"]);
  4. exit; //always use exit after a header redirect
  5.   }
  6.   //header(sprintf("Location: %s", $insertGoTo)); //don't need this, would do the same as the above check, concatenation is done with a decimal point not a comma
  7. }

Since you already check post variables from the form all you need to do is redirect from their referer location (in your case this would be the original form)

 

This is a simple example how to handle a header redirect to it's previous location.

 

I added a check to see if came from your domain, if not would redirect them to the main page

if ($_SERVER['SERVER_NAME'] == @parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST )) {
        $insertGoTo = $_SERVER["HTTP_REFERER"];
  }else{
        $insertGoTo = "http://" . $_SERVER['SERVER_NAME'];
}

header("Location: " . $insertGoTo);
exit;

If you wanted to continue doing the rest of your code after this move this header redirect lower

 

Edit: I wanted to add this code would work fine because of the check for POST values, be sure not to cause an infinite loop with redirects when using header()

Edited by QuickOldCar
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.