sprinjee
-
Posts
11 -
Joined
-
Last visited
Never
sprinjee's Achievements
Newbie (1/5)
0
Reputation
-
I was in the assumption that session variables on the server were passed even with cookies disabled...but just tested it and I was wrong. Thx for the answer! ;)
-
I'm doing an online survey for my university, I'm storing part of the link as a session variable which is inserted in a myssql database. In the database i've seen one answered survey where this variable has not been stored. As it is not even 1% of the dataset I do not really mind but I would like to suggest a reason for not storing this variable in my thesis. Does anyone know about security settings / browser types etc. that will not allow to pass session variables? Thx!
-
[!--quoteo(post=380009:date=Jun 4 2006, 02:31 PM:name=sprinjee)--][div class=\'quotetop\']QUOTE(sprinjee @ Jun 4 2006, 02:31 PM) [snapback]380009[/snapback][/div][div class=\'quotemain\'][!--quotec--] hmm there are some severe limitations to 'HTTP_REFERER'. If an url entered directly it will not work. Seems I'm still in need of a better solution. [/quote] Nevermind used session variables to solve the issue...works great
-
hmm there are some severe limitations to 'HTTP_REFERER'. If an url entered directly it will not work. Seems I'm still in need of a better solution.
-
[!--quoteo(post=379975:date=Jun 4 2006, 01:03 PM:name=sprinjee)--][div class=\'quotetop\']QUOTE(sprinjee @ Jun 4 2006, 01:03 PM) [snapback]379975[/snapback][/div][div class=\'quotemain\'][!--quotec--] I messed the code up bit...but the different names is not the issue... There is a submit button when you access the page...the variables in the url dissappear when clicking the button...there are two variables in the url uid and linkcode, I'm convinced if only the uid variable is errased that the problem is solved...I realy don't see a submit button in this php script though [/quote] Yep that's it..solved it using $lnkcod = str_replace("http://www.koenvissers.nl/survey/survey.php?uid=14482e0bec0181&linkcode=", "" , $_SERVER['HTTP_REFERER']); Thanx for everyones efforts
-
thx... Solved it: $lnkcod = str_replace("http://www.koenvissers.nl/survey/survey.php?uid=14482e0bec0181&linkcode=", "" , $_SERVER['HTTP_REFERER']);
-
When doing echo $_SERVER['HTTP_REFERER'] I see the information: [a href=\"http://www.koenvissers.nl/survey/survey.php?uid=14482e0bec0181&linkcode=Ef0004\" target=\"_blank\"]http://www.koenvissers.nl/survey/survey.ph...linkcode=Ef0004[/a] How can I extract Ef0004 from $_SERVER['HTTP_REFERER']?
-
[!--quoteo(post=379966:date=Jun 4 2006, 12:41 PM:name=AndyB)--][div class=\'quotetop\']QUOTE(AndyB @ Jun 4 2006, 12:41 PM) [snapback]379966[/snapback][/div][div class=\'quotemain\'][!--quotec--] $lnkcod $linkcode $lnkcode I suspect part 2 of the problem is that what I think is the same variable has been given different names in different sections of the code, which is perhaps why it is blank. Part 1 of the problem is it isn't obvious why the value of that variable would even be available to the script - unless it's relying on register_globals being ON (nominally insecure). [/quote] I messed the code up bit...but the different names is not the issue... There is a submit button when you access the page...the variables in the url dissappear when clicking the button...there are two variables in the url uid and linkcode, I'm convinced if only the uid variable is errased that the problem is solved...I realy don't see a submit button in this php script though
-
The problem is that my variable linkcode is reset to "" before the actual inserting takes place. Is there anyway I can prevent this? I'm just editing this code and my knowledge op php is limited I'd really appreciate the help!! [code] <?php require_once('appTop.php'); echo "the word is: $linkcode"; if (empty($lnkcode)) { $lnkcod = $_GET['linkcode']; echo "the word is: $linkcode"; $params = array(); if (getG("uid") != '') { // display the survey $params["mode"] = "survey"; $sql ="SELECT * FROM `".DB_NAME."`.`".TABLE_SURVEYS."` WHERE uniqid='".getG("uid")."' LIMIT 1"; $rez = dbQuery($sql); $row = dbFetchArray($rez); $params["display_survey"] = $row; $sql2 ="SELECT `t1`.*, `t2`.`max_responses_from_ip` FROM `".DB_NAME."`.`".TABLE_USER_DETAILS."` `t1`, `".DB_NAME."`.`".TABLE_USERS."` `t2` WHERE t1.id_user=t2.id AND t2.id='".$row["id_user"]."' LIMIT 1"; $rez2 = dbQuery($sql2); $row2 = dbFetchArray($rez2); $params["user"] = $row2; $sql_q = "SELECT * FROM `".DB_NAME."`.`".TABLE_QUESTIONS."` WHERE `id_survey`='".$row["id"]."' ORDER BY `position`"; $res_q = dbQuery($sql_q); $i = 0; while ($row_q = dbFetchArray($res_q)) { $params["display_survey"]["questions"][$i] = $row_q; if($row_q["type"] != "text") { $sql_a = "SELECT * FROM `".DB_NAME."`.`".TABLE_QUESTION_ANSWERS."` WHERE `id_question`='".$row_q["id"]."' ORDER BY `position`"; $res_a = dbQuery($sql_a); $j = 0; while ($row_a = dbFetchArray($res_a)) { $params["display_survey"]["questions"][$i]["answers"][$j] = $row_a; $j++; } // end while } // end if $i++; } // end while } elseif (getP("survey_id") != '') { // the client answred the survey $params["mode"] = "answers"; $params["uniq"] = getP("hidden_uniq"); // extra verif (for emails only) // if the user got the survey through email he must have a hidden_uniq set - we verify if he already completed the survey if ($params["uniq"] != '') { $sql_verif = "SELECT COUNT(`id`) AS `noResponses` FROM `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` WHERE `id_survey`='".getP("survey_id")."' AND `uniq`='".$params["uniq"]."' "; $rez_verif = dbQuery($sql_verif); $row_verif = dbFetchAssoc($rez_verif); if ($row_verif['noResponses'] > 0) { $params["err"] = 1; } } $sql ="SELECT * FROM `".DB_NAME."`.`".TABLE_SURVEYS."` WHERE id='".getP("survey_id")."' LIMIT 1"; $rez = dbQuery($sql); $row = dbFetchArray($rez); $params["display_survey"] = $row; $sql2 ="SELECT `t1`.*, `t2`.`max_responses_from_ip` FROM `".DB_NAME."`.`".TABLE_USER_DETAILS."` `t1`, `".DB_NAME."`.`".TABLE_USERS."` `t2` WHERE t1.id_user=t2.id AND t2.id='".$row["id_user"]."' LIMIT 1"; $rez2 = dbQuery($sql2); $row2 = dbFetchArray($rez2); $params["user"] = $row2; // verify if the user already answered at this survey $sql_verif = "SELECT COUNT(`id`) AS `noResponses` FROM `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` WHERE "; $sql_verif.= "`id_survey`='".getP("survey_id")."' AND `ip`='".$_SERVER["REMOTE_ADDR"]."'"; $rez_verif = dbQuery($sql_verif); $info = dbFetchAssoc($rez_verif); if ($info['noResponses'] >= $params["user"]["max_responses_from_ip"] OR $_COOKIE[$row["uniqid"]] == "y") { //error: the user already answered at thos survey $params["err"] = 1; } if ($params["err"] == '') { dbQuery("LOCK TABLES `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` WRITE"); $sql_insert = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` (`id_survey`,`LinkCode`,`timestamp`,`ip`,`uniq`)"; $sql_insert .= " VALUES ('".getP("survey_id")."','".$lnkcod."',unix_timestamp(now()),'".$_SERVER["REMOTE_ADDR"]."'"; if ($params["uniq"] != '') { $sql_insert .=", '".$params["uniq"]."')"; } else { $sql_insert .=", '')"; dbQuery($sql_insert); echo "$sql_insert"; $id_result = dbInsertId(); dbQuery("UNLOCK TABLES"); foreach ($_POST as $key=>$val) { if (!(strpos($key,"quest_") === false)) { $temp_ar = explode ("_",$key); //$temp_ar[1] - question id // multiple select, multiple answers if (is_array($val)) { foreach ($val as $option) { // insert the option answers $sql_insert2 = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS_ANSWERS."` (`id_survey_result`,`id_question`,`id_answer`, `answer_text`)"; $sql_insert2.= " VALUES ('".$id_result."','".$temp_ar[1]."', '".$option."', '')"; dbQuery($sql_insert2); } } else { //find out the question type $sql_t = "SELECT `type` FROM `".DB_NAME."`.`".TABLE_QUESTIONS."` WHERE id='".$temp_ar[1]."' LIMIT 1"; $rez_t = dbQuery($sql_t); $row_t = dbFetchAssoc($rez_t); $type = $row_t["type"]; // insert the answer $sql_insert2 = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS_ANSWERS."` (`id_survey_result`,`id_question`,`id_answer`, `answer_text`)"; $sql_insert2.= " VALUES ('".$id_result."','".$temp_ar[1]."'"; if ($type == "text") { $sql_insert2 .= ", '','".$val."')"; //text answer } else { $sql_insert2 .= ",'".$val."','')"; //option answer } dbQuery($sql_insert2); } } } //set the cookie for an year setcookie($row["uniqid"], "y", time() + 365 * 24 * 3600); } } else { $params["mode"] = "none"; } } } $smarty->assign('params', $params); $smarty->display('content_survey.tmpl.html'); ?> [/code]
-
[!--quoteo(post=379920:date=Jun 4 2006, 10:56 AM:name=homchz)--][div class=\'quotetop\']QUOTE(homchz @ Jun 4 2006, 10:56 AM) [snapback]379920[/snapback][/div][div class=\'quotemain\'][!--quotec--] is anything being inserted? or just not the $linkcode variable?? [/quote] just not the linkcode variable
-
I have a variable in my url: [a href=\"http://www.test.com/test.php?linkcode=call\" target=\"_blank\"]http://www.test.com/test.php?linkcode=call[/a] I can get and call the variable without any problem: [code] $linkcode = $_GET['linkcode']; echo "the word is: $linkcode"; [/code] however I haven't managed to insert it in MySql: [code] $sql_insert = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` (`id_survey`,`LinkCode`,`timestamp`,`ip`,`uniq`)"; $sql_insert .= " VALUES ('".getP("survey_id")."','$linkcode',unix_timestamp(now()),'".$_SERVER["REMOTE_ADDR"]."'"; if ($params["uniq"] != '') { $sql_insert .=", '".$params["uniq"]."')"; } else { $sql_insert .=", '')"; } dbQuery($sql_insert); $id_result = dbInsertId(); dbQuery("UNLOCK TABLES"); [/code] I've been trying everything but the record in the database remains empty! Please help me out I've been trying to solve this for hours now.