Help around sessions - newbie question

kcorless · May 19, 2007

I am a beginner on this whole PHP/mySQL thing - i took over an app from someone else and am trying to get it to run on my Mac OS X. it's running, but i'm having trouble understanding how some of the variable passing works.

The app controls a list of valid guests for a resident. The particular screen i am working on, allows you to add/delete/update your guest list.

When I add a new guest for a given resident, it works fine. however when i add a second guest (right after adding the first), it adds the same guest again, rather than the new guest i just entered in the fields. Here is the script (you can ignore all my lame debugging statements - i also had to do a change all on the normal "br" to "linebreak" so it would post properly here:

<? session_start(); ?>

<? 

$userId=$_SESSION["sid"];

include "../include/conf.php";
echo "userID from session : " .$userId. "<linebreak>";
if($ajaxs == TRUE) 
{
echo "it's true <linebreak>";
}
if($ajaxs == FALSE) 
{
echo "it's false <linebreak>";
}

if($ajaxs)

{
include "../include/conf.php";
include $db_connect ;

echo "yyyyyy"; 

}

?>
<? 
// include "../include/db_connect.php"; 
include $db_connect ;
?>

<script language="javascript" type="text/javascript" src="<? echo $siteurl; ?>/js/script.js"></script>

<?

$user_not_found = 0;

$property_not_found =0;

echo "arg1 :" .$_GET["arg1"]. "<linebreak>";

if($_GET["arg1"])

		{

		$street_name=$_GET["arg1"];
		echo "arg1 :" .$_GET["arg1"]. "<linebreak>";
		echo "streetname :" .$street_name. "<linebreak>";

		$house_no=$_GET["arg2"];
		echo "house_no :" .$house_no. "<linebreak>";

		$result=mysql_query("SELECT  id  FROM apartment where street_name='$street_name' and house_no='$house_no'");
		$nrows=mysql_num_rows($result);
		echo "num rows : " .$nrows. "<linebreak>";
//			if (!mysql_num_rows==0)
//			{

//			$data=mysql_fetch_array($result);

//			$id=$data["id"];

//			}
//			else
//			{
//			$id=0;
//			}
		echo "result :" .$result. "<linebreak>";
		echo "data :" .$data. "<linebreak>";

		echo "apt_id :" .$id. "<linebreak>";


	   	$query1="SELECT * FROM resident  WHERE property_id='$id'";
   			echo "sel query : " .$query1. "<linebreak>";
   			$result1=mysql_query($query1) or die(mysql_error($query1));

		$row=mysql_num_rows($result1);

		$query_data1=mysql_fetch_array($result1);

		echo "result1 :" .$result1. "<linebreak>";
		echo "query_data1 :" .$query_data1. "<linebreak>";
		$last_name=$result1["last_name"]; 
		$resident_id=$query_data1["resident_id"];
		echo "last_name :" .$last_name. "<linebreak>";
		echo "res_id :" .$resident_id. "<linebreak>";

		}

		else

		{

		$last_name=$_GET["arg2"];

		echo "dbconnect :" .$db_connect. "<linebreak>";
		echo "last_name :" .$last_name. "<linebreak>";



		$query1="SELECT * FROM resident  WHERE last_name='$last_name'";
		$resulta=mysql_query($query1) or die(mysql_error($query1));
		$result2=mysql_fetch_assoc($resulta);
		$resident_id=$result2['id'];
		$property_id=$result2['property_id'];
		echo "res_id :" .$resident_id. "<linebreak>";
		echo "prop_id :" .$property_id. "<linebreak>";

		}





if($_GET["delete_g"])  // Delete Guest

{

$last_name=$_GET["last_name"];

$g_id=$_GET["g_id"];

$query_delete="delete from guest where id='$g_id' and last_name='$last_name'";

$r_delete=mysql_query($query_delete);

}	



if($_GET["edit_admin_guest"])

{

$last_name=$_GET["last_name"];

$g_id=$_GET["g_id"];

$ng_name=$_GET["arg1"];

$ndesc=$_GET["arg2"];

$ntype=$_GET["arg3"];

$nstart_date=$_GET["arg4"];

$nend_date=$_GET["arg5"];



$start_str=split("-",$nstart_date);

$end_str=split("-",$nend_date);



$nstart_date = $start_str[2]."-".$start_str[0]."-".$start_str[1];

$nend_date = $end_str[2]."-".$end_str[0]."-".$end_str[1];



$quer_update="UPDATE `guest` SET `g_name` = '$ng_name',`desc` = '$ndesc',`start_date` = '$nstart_date',`end_date` = '$nend_date',`type` = '$ntype' WHERE `id` = '$g_id'";

mysql_query($quer_update);

}	







if($_GET["add_admin_guest"])

{
echo "in add_admin_guest <linebreak>";

$last_name=$_GET["last_name"];

$g_name=$_GET["arg1"];

$desc=$_GET["arg2"];

$type=$_GET["arg3"];

$start_date=$_GET["arg4"];

$end_date=$_GET["arg5"];



$start_str=split("-",$start_date);

$end_str=split("-",$end_date);



$start_string = $start_str[2]."-".$start_str[0]."-".$start_str[1];

$end_string = $end_str[2]."-".$end_str[0]."-".$end_str[1];



mysql_query("INSERT INTO guest VALUES (null,'$g_name','$desc','$username','$last_name','$resident_id','$start_string','$end_string','$type')");

}		





		$check_q="SELECT * FROM resident  WHERE last_name='$last_name'";

		$check_r=mysql_query($check_q) or die(mysql_error($check_q));

		$check_row=mysql_num_rows($check_r);



		if(!$check_row)

		{

		echo "No Guests on Record for Resident" .$last_name. ".";

		}

		else

		{



		?>

		<? $check_d = mysql_fetch_assoc ($check_r);

		$secret_word = $check_d ["secret_word"]; 

		?>



<table width="99%" border="1" align="center" cellpadding="2" cellspacing="0" bordercolor="#E4E4E4" style="border-collapse:collapse;">

<tr>

        <td height="26" colspan="3" class="categoryLink2"><strong>Guests Allowed by <? echo $last_name; ?> </strong></td>



        <td height="26" colspan="3" class="categoryLink2"><strong><? echo $last_name ?>'s Secret Word is : <? echo $secret_word; ?> </strong></td>

      </tr>

  <tr>

    <td width=25 height="25" bgcolor="#F2F2F2" class="categoryLink2"><strong>Name</strong></td>

    <td width="80" bgcolor="#F2F2F2" class="categoryLink2"><strong>Instructions</strong></td>

    <td width="25" bgcolor="#F2F2F2" class="categoryLink2"><strong>Type</strong></td>

    <td width="100" bgcolor="#F2F2F2" class="categoryLink2"><strong>First Date </strong>

    <linebreak><strong>(mm-dd-yyyy)</strong></td>

    <td width="120" bgcolor="#F2F2F2" class="categoryLink2"><strong>Last Date </strong>

    <linebreak><strong>(mm-dd-yyyy)</strong></td>

    <td width="100" bgcolor="#F2F2F2" class="categoryLink2"><strong>Action</strong></td>

  </tr>

   <?

   			$temp_string = "temporary";

		$perm_string = "permanent"; 


$query = "SELECT * FROM guest WHERE last_name = '$last_name' AND ( (type = '$temp_string' and end_date >= curdate() ) OR type = '$perm_string')";

		$result=mysql_query($query) or die(mysql_error($query));

		$rows=mysql_num_rows($result);

		if($rows==0)

		{

		echo "<tr>

              <td height=25 align=center colspan=4><b>No Guests Found for Resident2 " .$last_name. "</b></td>

              </tr>";

		}

		else

		{

		while($query_data=mysql_fetch_array($result))

		{

		$id=$query_data["id"]; 

		$g_name=$query_data["g_name"]; 

		$desc=$query_data["desc"]; 

		$start_date=$query_data["start_date"]; 

		$str_date=split("-",$start_date);

		$start_date=$str_date[1]."-".$str_date[2]."-".$str_date[0];

		$end_date=$query_data["end_date"]; 

		$str_date=split("-",$end_date);

		$end_date=$str_date[1]."-".$str_date[2]."-".$str_date[0];

		$type=$query_data["type"]; 

		?>

  

  <tr>

    <td height="25" class="categoryLink2"><? echo $g_name; ?></td>

    <td class="categoryLink2"><? echo $desc; ?></td>

    <td class="categoryLink2"><? echo $type; ?></td>

    <td class="categoryLink2"><? echo $start_date; ?></td>

    <td class="categoryLink2"><? echo $end_date; ?></td>

    <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

       <tr>

    <td  class="categoryLink2"><strong><img src="<? echo $images; ?>/edit.gif" width="9" height="7" /></strong> <a href="#" onClick="displaypage('<? echo $lib; ?>/admin_update_resident_info_edit.php?last_name=<? echo $last_name; ?>&id=<? echo $id; ?>&ajaxs=1','profileresult');return false;" class="a2">Edit</a></td>

                  <td  class="categoryLink2"> <strong><img src="<? echo $images; ?>/del.gif" width="9" height="7" /></strong>

<!-- <a class="a2" href="#" onclick=" return confirm('Are you sure you want to delete this guest?');displaypage('<? echo $lib; ?>/admin_update_resident_info.php?delete_g=1&username=<? echo $username; ?>&ajaxs=1&g_id=<? echo $id; ?>','profileresult');return false;">DELETE</a> -->

<a class="a2" href="#" onclick="displaypage_delete('<? echo $lib; ?>/admin_update_resident_info.php?delete_g=1&last_name=<? echo $last_name; ?>&ajaxs=1&g_id=<? echo $id; ?>','profileresult');return false;">DELETE</a>



 </td>

        </tr>





    </table></td>

  </tr>

  

  <?

	}

	}

	?>	

</table>

<linebreak>

<table width="99%" border="1" align="center" cellpadding="2" cellspacing="0" bordercolor="#E4E4E4" style="border-collapse:collapse;">

  <tr>

    <td height="25" bgcolor="#F2F2F2" class="categoryLink2"><strong>Add New Guest </strong><strong></strong></td>

  </tr>

  <tr>

    <td height="25"><table width="93%" border="0" align="center" cellpadding="2" cellspacing="2">

      <tr>

        <td width="21%"  class="categoryLink2"><strong>Name of Guest</strong></td>

        <td width="79%"><input type="text" id="g_name" name="g_name">        </td>

      </tr>

      <tr>

        <td valign="top"  class="categoryLink2"><strong>Instructions</strong></td>

        <td><textarea id="desc" name="desc" cols="30" rows="6"></textarea></td>

      </tr>

   <tr>

        <td valign="top"  class="categoryLink2"><strong>Type</strong></td>

        <td><input type="hidden" name="types" id="types" value="permanent" />

		<input type="radio"  name="thank you" value="permanent" onclick="types.value=this.value;typeresult.innerHTML='';" checked="checked" > Permanent

		<input type="radio"  name="thank you" value="temporary"  onclick="types.value=this.value;displaypage('<? echo $lib; ?>/show_type.php?last_name=<? echo $last_name; ?>&ajaxs=1','typeresult');"> Temporary</td>

      </tr>

  <tr>

        <td colspan="2" valign="top"  class="categoryLink2">

	<input type="hidden" name="start_date" id="start_date">

	<input type="hidden" name="end_date" id="end_date" >

	<div id="typeresult">

	</div>

	</td>

        </tr>

  

      <tr>

        <td valign="top"  class="categoryLink2"> </td>

        <td><input type="submit" name="Submit3" value="Add" onclick="displaypage6('<? echo $lib; ?>/admin_update_resident_info.php?last_name=<? echo $last_name; ?>&add_admin_guest=1&ajaxs=1',g_name.value,desc.value,types.value,start_date.value,end_date.value,'profileresult');return false;"></td>

      </tr>

    </table></td>

  </tr>

</table>		

<?

}
echo "gname : " .$gname. "<linebreak>";

?>

EDITED BY WILDTEEN88: Please use the code tags (

) when posting code. This helps to separate code from text (what you are saying).

MadTechie · May 19, 2007

What makes you say the problem is in that section of code ?

can't you just destory the sessions after use ?

kcorless · May 19, 2007

I think it's in this section of code because it seems to me that when i click the add button, it calls the same php module. I don't destroy the session because I don't really understand the difference between the session, and the variables that get posted when i am clicking the add button.

MadTechie · May 19, 2007

sessions stay alive until you destory them or until the server clears them,

kcorless · May 19, 2007

Yes, I understand that. My question is that i have form fields that don't seem to being picked up the second time through. A quick walkthrough of the process flow of script:

1) ask for name

2) click show

3) display resident's name and his list of guests

4) at bottom of list, you can fill a few fields and click "add" to put a new guest in

5) this appears to work, adding the guest, and redisplaying the list with the additional guest

6) now, with an opportunity to add a new guest, i do so

7) when i click add, the new form fields are not picked up, i get another guest record with the previously added guest

these variables are not being stored in session variables.

i think this is the relevant line of code:

        <td><input type="submit" name="Submit3" value="Add" onclick="displaypage6('<? echo $lib; ?>/admin_update_resident_info.php?last_name=<? echo $last_name; ?>&add_admin_guest=1&ajaxs=1',g_name.value,desc.value,types.value,start_date.value,end_date.value,'profileresult');return false;"></td>

which should be picking up the fields from the html form (here's a snippet of that).

<td width="21%"  class="categoryLink2"><strong>Name of Guest</strong></td>

        <td width="79%"><input type="text" id="g_name" name="g_name">        </td>

      </tr>

      <tr>

        <td valign="top"  class="categoryLink2"><strong>Instructions</strong></td>

        <td><textarea id="desc" name="desc" cols="30" rows="6"></textarea></td>

So, i'm confused as to why i'm not getting the right values. I do have an earlier version of the script that works (before i made other needed changes) so i'm not sure what changed to make these fields get carried over.

MadTechie · May 19, 2007

OK ono the form you have a submit button and a method

just say the button is called add and the method is post

add this to the

admin_update_resident_info.php

if( isset($_POST['add']) )

{

//do all the update stuff

}

if that makes sense

but from what you have its not secure!

kcorless · May 19, 2007

Thanks for all the help on this one. Maybe my question is even more remedial. I am not using a post method or a form. I am using the onclick to display the same form again while parameterizing the values. see here:

<input type="submit" name="Submit3" value="Add" onclick="displaypage6('<? echo $lib; ?>/admin_update_resident_info.php?last_name=<? echo $last_name; ?>&add_admin_guest=1&ajaxs=1',g_name.value,desc.value,types.value,start_date.value,end_date.value,'profileresult');return false;">

It calls the displaypage6 function, (it's a js, not fully sure what it does, but it's below):

function displaypage6(str,str1,str2,str3,str4,str5,position)
{
xmlHttp=GetXmlHttpObject()
if (xmlHttp==null)
{
alert ("Browser does not support HTTP Request")
return
} 
var url=str+"&arg1="+str1+"&arg2="+str2+"&arg3="+str3+"&arg4="+str4+"&arg5="+str5
posi=position
//alert(url);
//url=url+"&cat_id="+str1
//url=url+"&sid="+Math.random()
xmlHttp.onreadystatechange=stateChanged_displaypage 
xmlHttp.open("GET",url,true)
xmlHttp.send(null)
//stateChanged_displaypage(position)
}

seems this displaypage6 function should be calling the admin_update_resident_info.php script with the list of parameters called, but somehow they are getting misplaced or overwritten.

thoughts?

Sign In

Help around sessions - newbie question

Recommended Posts

kcorless

Link to comment

Share on other sites

MadTechie

Link to comment

Share on other sites

kcorless

Link to comment

Share on other sites

MadTechie

Link to comment

Share on other sites

kcorless

Link to comment

Share on other sites

MadTechie

Link to comment

Share on other sites

kcorless

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information