|
PHP - How To Pass Session Values To Table ?
I am under developing PHP add to cart without DB, so that i am using SESSION, actually get data from fetch_data.php data to my_cart.php using the POST method, successfully retun the values, After receiving the post data how can i convert to display like a table. workout: fetch_data.php return values. https://snag.gy/IASCMZ.jpg & values received https://snag.gy/ojWxHe.jpg Here is my my_cart.php :
// FYI -> Here i am using only two fields : voice_sku & voice_name
<table width="100%" cellpadding="6" cellspacing="0">
<thead>
<tr>
<th>Voice Sku</th>
<th>Voice Name</th>
<th>Remove</th>
</tr>
</thead>
<tbody>
<?php
session_start();
$voice_sku = '';
$voice_name = '';
if(isset($_POST['voice_sku'])&& isset($_POST['voice_name']))
{
// print_r($_POST);
// die();
$voice_sku = $_POST['voice_sku'];
$voice_name = $_POST['voice_name'];
$_SESSION['voice_sku'] = $voice_sku;
$_SESSION['voice_name'] = $voice_name;
}
var_dump($_SESSION);
?>
<tr>
<td colspan="5">
<span style="float:right;text-align: right;">
<!-- -->
</span>
</td>
</tr>
<tr>
<td colspan="5">
<a href="index.php" class="button">Add More Items</a>
<button type="submit">Update</button>
</td>
</tr>
</tbody>
</table>
Similar Tutorials
Table Issue - Multiple Location Values For User Pushes Values Out Of Row Instead Of Wrapping In Cell
Hi I am having issues with the following code. I cannot get the table to produce a subtotal multiplying the value of 'ITEMQTY' which is a text field in the form in which the user enters by the 'ITEMPRICE' field which value is located in a text document. <h1>SHOPPING CART</h1><img src="images/cart.png" alt="Cart" width="100" height="100"/> <a href="browse_index.php">CLICK HERE TO CONTINUE SHOPPING</a> <?php if(isset($_POST['submit'])) { $itemname = $_POST['h1']; //echo $_SESSION['itemname'][$itemname]; unset($_SESSION['itemqty'][$itemname]); unset($_SESSION['itemprice'][$itemname]); unset($_SESSION['itemname'][$itemname]); } echo "<br/><br/>"; echo "<table border='8' cellpadding='10' >"; echo "<tr><th>Name</th><th>Quantity</th><th>Price</th><th>Subtotal</th></tr>"; foreach($_SESSION['itemname'] as $key => $value) $subtotal = ($_SESSION['itemprice']*($_SESSION['itemqty']; { echo '<tr> <td>'.$_SESSION['itemname'][$key].'</td> <td><input type="text" name="t1" value='.$_SESSION['itemqty'][$key].'></td> <td>'.$_SESSION['itemprice'][$key].'</td> <td>'.$_SESSION['h2'][$key].'</td> <td><form id="f1" method="post" name="f1"><input type="submit" name="submit" value = "delete"><input type="hidden" name="h1" value='.$key.'></td> </tr> <tr><form id="t1" method="post" action="summary.php" name="t1"><input type="submit" name="order" value="SUBMIT ORDER"></tr>'; } echo "</table>"; ?> hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> Hello. Basically I've created a login script. Works great. It sends users to different locations depending on what type of user they are. Now I have also created a Members account. Upon logging in this user should go to the members area. That all works fine! In the login script i stored a few session variable like username, access_level and so on. Now in the members area I am trying to make the page echo the name of the current user. I have been stairing at my code too long and can no longer see why nothing is echo'ing. Any ideas. I thought that the session_start() would continue the session in the next page and throughout the site until the person logs off and runs the session_destroy()! Is this not correct. First ill post the login script <?php include('database.php'); session_start(); if(isset($_POST['submit3'])) { $email = stripslashes($_POST['email3']); $password = stripslashes($_POST['password3']); $email = mysql_real_escape_string($_POST['email3']); $password = md5($password); $CheckUser = "SELECT * FROM Members WHERE email='".$email."' AND password='".$password."'"; $userDetails2 = mysql_query($CheckUser); $userInfo = mysql_fetch_array($userDetails2); $count = mysql_num_rows($userDetails2); if($count != 0) { $_SESSION['username'] = $userInfo['username']; $_SESSION['usertype'] = $userInfo['usertype']; $_SESSION['access_level']= $userInfo['access_level']; if($userInfo['usertype']== 'Member') { header('Location: members/index.php'); } else if($userInfo['usertype'] == 'Owner') { header('Location: owner/index.php'); } else if($userInfo['usertype'] == 'Corporation') { header('Location: corporation/index.php'); } else if($userInfo['usertype'] == 'Administrator') { header('Location: owner/admin/index.php'); } else if($userInfo['usertype'] == 'Staff') { header('Location: owner/staff/index.php'); } } else { $message = "incorrect login details"; } } ?> now ill post the members page <?php include('../database.php'); session_start(); ?> <head> <link href="stylz.css" rel="stylesheet" type="text/css" /> <link href="reset.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> WELCOME TO THE MEMBERS AREA <?php $_SESSION['username']; ?> <?php include('../title.php');?> <?php include('../nav.php');?> <div id="test"></div> <?php include('../footer.php');?> </div> </body> </html> Hello. I am just beginning to teach myself the basics of php. I am learning from books and video tutorials etc. I have come across a problem that I just can't work out, I'm sure it is very simple. Two files, movie1.php and moviesite.php, movie1.php looks like this: Code: [Select] <?php session_start(); $_SESSION['username'] = "Joe12345"; $_SESSION['authuser'] = 1; ?> <html> <head> <title>Find My Movie!</title> </head> <body> <?php $myfavmovie = urlencode("The Life of Brian"); echo "<a href='moviesite.php?favmovie=$myfavmovie'>"; echo "click here to see information about my favourite movie!"; echo "</a>" ?> </body> </html> OK? You see the '$_SESSION['username'] = "Joe12345";', this is my specific problem. This should be echoed into the next page, moviesite.php which you can see below: Code: [Select] <?php session_start(); //check to see if the user has logged in with a valid password if ($_SESSION['authuser'] != 0) { echo "sorry, but you don't have permission to view this page"; exit(); } ?> <html> <head> <title>My Movie Site - <?php echo $_REQUEST['favmovie']; ?></title> </head> <body> <?php echo "Welcome to our site, "; echo $_SESSION['username']; echo "! <br>"; echo "My favourite movie is "; echo $_REQUEST['favmovie']; echo "<br>"; $movierate = 5; echo "My movie rating for this movie is "; echo $movierate; ?> </body> </html> OK? 'echo $_SESSION['username'];' does not echo the username. Everything else seems to be ok. This is an example I have been working on from the book 'Beginning PHP, MySQL and Apache Web Development'. I hope someone can help. The username 'Joe12345' is not carried to the next page. It is just blank. Many Thanks for all and any assistance people can give me. Hello there,
I have 2 questions:
1) Look he http://www.hellastra...ooking/taxi.php
I have a form and i want to pass values from URL to fields.
So, for example to pass a value to Prefered driver ID field you write this:
http://www.hellastra...?drivercode-123 and the value 123 is passed to that field. I did this with this code:
<?php $sDriverCode = $_REQUEST['drivercode']; ?> <input style="width:100px;" name="drivercode" id="drivercode" value="<?=$sDriverCode?>" data-mini="true" />At the same form i have some radio-type fields. Its the one you see at Type of Vehicle (Standard, Premium etc). When i try to do the same, i cannot get this to work. What i am trying to do is this: I tried many ways but unable to pass sessions to virtual subdomains on my site.. I edited ihi.ini file and included Code: [Select] session.cookie_domain = .mydomain.com I like to add that session is active on my main domain for www.mydomain.com only.. So how do I pass sessions for WWW to other subdomains ? Thanks n Advance Unfortunately I have no code for this yet cuz I don;t even know if its possible... I am programming an application that is used by a couple of stores, which could end up being a lot of stores. Anyways, the basis is that the stores would, though a separate application (and therefore separate database) create a username and password, I now want to use this username and password to do the following 1. Allow them to login to my application using the same username and password 2. I want the store the username in a session to pull tables based on the username from my database For instance, a user has the login store123, after loggin in it now pulls the information from the tables store123_items, store123_prices, store123_settings, etc. Now my database will have quite a lot of store###_tables I am, sadly, a noobie to PHP and I do recall seeing an article (somewhere on the net, and I stupidly forgot to bookmark it, knowing I would need it eventually) on how to access multiple databases easily. Now because they are both under my account I can use the same username and password for both, its accessing the MySQL username/password database and storing the info I know I am lacking on how to do it. Any ideas? hey guys,i'm back with a new prob.. i have an image here that when clicked using onclick, will open a window and sort of pass the php values to the window. okay,it's confusing but perhaps this will help you understand. let me break it down. this is what the image code looks like. i have placed this inside the php echo. Code: [Select] <img src="images/edit.png" alt="Edit rooms" width="16" height="16" onclick="window.open(\'edit.php?course='.$row['c_name'].'&year='.$row['year'].'&block='.$row['block'].'\',\'width=300, height=200, menubar=yes\')"/> now my problem is i can't seem to get all three of the values, c_name,year and block to be posted on the window.. here's the code on edit.php: Code: [Select] <?php include("dbcon.php"); $course = $_GET['c_name']; $year = $_GET['year']; $block = $_GET['block']; ?> <html> <body> Course:<input type="text" name="course" value="<?php echo $course;?>"><br> Year:<input type="text" name="year" value="<?php echo $year;?>"><br> Block:<input type="text" name="block" value="<?php echo $block;?>"><br></html> i have already used $_GET as you can see but only year and block appear on the form. i get a notice saying that c_name is an undefined index. i am really confused and i don't know what the problem is. i hope you guys can help me.. Hi, I'm trying to pass values from an array into a form. As a newbie, I've came up with the code underneath, but I want to pinpoint all the first values toward 1 selection list in the form. Any suggestions how to accomplish this? Thanks in advance. Ruud <html> <head> <title>Test formulier</title> </head> <body> <h2>Test formulier</h2> <form action="test.php" method="post"> <p> <?php $prijzen = array( array("01", "125","150", "A" => true,"B" => true), array("02", "125","150", "A" => true,"B" => true), array("03", "125","150", "A" => true,"B" => false), array("04", "125","150", "A" => true,"B" => true) ); ?> </P> <select name="prijzen[]" id="prijzen" multiple="multiple" size="7" class="none"> <?php while(list($key, $val) = each($prijzen)){ while(list($key2, $val2) = each($val)){ echo '<option value="'.$key2.'">'.$val2.'</option>'.PHP_EOL; } } ?> </select> </body> </html> First, I will select checkbox then click generate report then it displays the items with download link Then i click download link to download the selected checkbox values in pdf I want to download the selected checkbox items by clicking download link Now i am getting all check box items in the pdf download How to download only the selected check box items Code: [Select] <?php session_start(); $_SESSION['pidd'] = 2; $sessvar = $_SESSION['pidd']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Untitled Document</title> <link rel="stylesheet" type="text/css" href="css/style.css" /> <style type="text/css" media="print"> DIV#noprint{visibility:hidden;} INPUT#printbutt{visibility:hidden;} #downloadlink{visibility:hidden;} </style> <script type="text/javascript"> function gen() { var st1=document.getElementById("ckbox1").checked; var st2=document.getElementById("ckbox2").checked; var st3=document.getElementById("ckbox3").checked; var st4=document.getElementById("ckbox4").checked; if(st1 == true) { document.getElementById('g1').style.display = 'block'; } if(st2 == true) { document.getElementById('g2').style.display = 'block'; } if(st3 == true) { document.getElementById('g3').style.display = 'block'; } if(st4 == true) { document.getElementById('g4').style.display = 'block'; } document.getElementById('p_info').style.display = 'none'; document.getElementById('histree').style.display = 'none'; document.getElementById('insurence').style.display = 'none'; document.getElementById('billin').style.display = 'none'; } function showuser() { document.getElementById('g1').style.display = 'none'; document.getElementById('g2').style.display = 'none'; document.getElementById('g3').style.display = 'none'; document.getElementById('g4').style.display = 'none'; var str1=document.getElementById("ckbox1").checked; var str2=document.getElementById("ckbox2").checked; var str3=document.getElementById("ckbox3").checked; var str4=document.getElementById("ckbox4").checked; if(str1 == true) { document.getElementById('p_info').style.display = 'block'; } else document.getElementById('p_info').style.display = 'none'; if(str2 == true) { document.getElementById('histree').style.display = 'block'; } else document.getElementById('histree').style.display = 'none'; if(str3 == true) { document.getElementById('insurence').style.display = 'block'; } else document.getElementById('insurence').style.display = 'none'; if(str4 == true) { document.getElementById('billin').style.display = 'block'; } else document.getElementById('billin').style.display = 'none'; } function checkByParent(aId, aChecked) { var collection = document.getElementById(aId).getElementsByTagName('INPUT'); for (var x=0; x<collection.length; x++) { if (collection[x].type.toUpperCase()=='CHECKBOX') collection[x].checked = aChecked; } } </script> </head> <body> <div id="main_content"> <div id="left"> <div id="noprint"> <h4>Patient Report</h4> <a id="check_all" href="#" style="text-decoration:none" onClick="checkByParent('checkboxes', true); return false;">check all</a> <a id="uncheckall" href="#" style="text-decoration:none" onClick="checkByParent('checkboxes', false); return false;">uncheck all</a> <br> <br> <form method="post" name="myform" action=""> <div id="checkboxes"> <div id="cb_id1"> <input id="ckbox1" name="cbox1" type="checkbox" <? if(isset($_REQUEST['cbox1'])) echo 'checked="checked"' ; ?> value="p_info" /> Patient Info </div> <div id="cb_id2"> <input id="ckbox2" name="cbox2" type="checkbox" <?php if(isset($_REQUEST['cbox2'])) echo 'checked="checked"' ; ?> value="histree" /> History </div> <div id="cb_id3"> <input id="ckbox3" name="cbox3" type="checkbox" <?php if(isset($_REQUEST['cbox3'])) echo 'checked="checked"' ; ?> value="insurance" /> Insurence </div> <div id="cb_id4"> <input id="ckbox4" name="cbox4" type="checkbox" <?php if(isset($_REQUEST['cbox4'])) echo 'checked="checked"' ; ?> value="billin" /> Billing </div> </div> <!--checkboxes div --> <br> <input id="vuprint" name="view" type="button" value="View" onClick="showuser();"> <hr/> <label for="docs"> Documents:<br> <br> </label> <input name="sub" type="button" value="Generate report" onclick="gen();"> <hr/> </form> <input id="printbutt" name="prt" type="button" value="Print" onClick="javascript:window.print();"> </div> <!--No print --> </div> <!--Left div --> <div id="side"> <div id="p_info"> <?php require("db_conn.php"); $pinfo = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='".$sessvar."' "); while($fet = mysqli_fetch_array($pinfo)) { echo "<h4>Patient Info</h4>"; echo "<b>Name: </b>" . $fet["P_Fname"] . " " . $fet["P_Lname"]. "<br>"; echo "<b>Dob:</b> " . date("d-m-Y",strtotime($fet["P_Dob"]))."<br>"; echo "<b>Age:</b> " . $fet["P_Age"]."<br>"; echo "<b>Gender:</b> " . $fet["P_Gender"]."<br>"; echo "<b>Marital Status:</b> " . $fet["P_Mstatus"]."<br>"; echo "<b>Blood: </b>" . $fet["P_Blood"]."<br>"; echo "<b>Height: </b>" . $fet["P_Height"] . $fet["P_Hval"]."<br>"; echo "<b>Weight: </b>" . $fet["P_Weight"] . $fet["P_Wval"]; } ?> </div> <div id="histree"> <?php $his = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='".$sessvar."' "); while($hisrow = mysqli_fetch_array($his,MYSQLI_ASSOC)) { echo "<h4>Patient Histroy</h4>"; echo "<b>P_Idate: </b>" . date("d-m-Y",strtotime($hisrow["P_Idate"]))."<br>"; echo "<b>P_Edate: </b>" . date("d-m-Y",strtotime($hisrow["P_Edate"]))."<br>"; echo "<b>D_Ddate: </b>" . date("d-m-Y",strtotime($hisrow["D_Ddate"])); } ?> </div> <!-- Insurence --> <div id="insurence"> <?php $insu = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='".$sessvar."' "); while($insrow = mysqli_fetch_array($insu,MYSQLI_ASSOC)) { ?> <?php echo "<h4>Insurence</h4>"; echo "<b>P_Isname: </b>" . $insrow["P_Isname"]."<br>"; // echo $insow[""]; } ?> </div> <div id="billin"> <?php $bilrow = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($bill = mysqli_fetch_array($bilrow,MYSQLI_ASSOC)) { ?> <?php echo "<h4>Billing</h4>"; echo "<b>P_Fbill: </b>" . $bill["P_Fbill"]."<br>"; echo "<b>Fees: </b>" . $bill["fees"]; } ?> </div> </div> <!--/side div --> <div id="generatereport"> <div id="g1" style="display:none; clear:both;"> <label for="Gen_reports">Generaterd reports</label> <br /> <br /> <?php $pinfo = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($fet = mysqli_fetch_array($pinfo,MYSQLI_ASSOC)) { $new_dob = date("d-m-Y",strtotime($fet["P_Dob"])); ?> <?php echo "<h4>Patient Info</h4>"; echo "<b>Patient Id:</b> ". $fet["P_Id"]."<br>"; echo "<b>Name:</b> " . $fet["P_Fname"] . " " . $fet["P_Lname"]."<br>"; echo "<b>Dob:</b> " . $new_dob ."<br>"; echo "<b>Age:</b> " .$fet["P_Age"]."<br>"; echo "<b>Gender:</b> " . $fet["P_Gender"]."<br>"; echo "<b>Marital Status:</b> " . $fet["P_Mstatus"]. "<br>"; echo "<b>Blood:</b> " . $fet["P_Blood"] . "<br>"; echo "<b>Height:</b> " . $fet["P_Height"] . $fet["P_Hval"]. "<br>"; echo "<b>Weight:</b> " . $fet["P_Weight"] . $fet["P_Wval"]. "<br>"; } echo "*************************************************************************************************************************"; ?> </div> <div id="g2" style="display:none"> <?php $his = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($secrow = mysqli_fetch_array($his,MYSQLI_ASSOC)) { echo "<h4>Patient Histroy</h4>"; echo "<b>P_Idate:</b> " . date("d-m-Y",strtotime($secrow["P_Idate"])) ."<br>"; echo "<b>P_Edate:</b> " . date("d-m-Y",strtotime($secrow["P_Edate"])) ."<br>"; echo "<b>D_Ddate:</b> " . date("d-m-Y",strtotime($secrow["D_Ddate"])) ."<br>"; } echo "*************************************************************************************************************************"; ?> </div> <div id="g3" style="display:none"> <?php $insu = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($insrow = mysqli_fetch_array($insu,MYSQLI_ASSOC)) { echo "<h4>Insurence</h4>"; echo "<b>P_Isname:</b>" . $insrow["P_Isname"]."<br>"; } echo "*************************************************************************************************************************"; ?> </div> <div id="g4" style="display:none"> <?php $bilrow = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($bill = mysqli_fetch_array($bilrow,MYSQLI_ASSOC)) { echo "<h4>Billing</h4>"; echo "<b>P_Fbill:</b> " . $bill["P_Fbill"]."<br>"; echo "<b>Fees:</b> " . $bill["fees"]; } ?> </div> <?php $infochk = 'p_info'; $hischk = 'histree'; $insuchk = 'insurance'; $billchk = 'billin'; ?> <a id="downloadlink" href="download_pdf2.php?info=<?php if(isset($infochk)) echo $infochk; ?>&hist=<?php if(isset($hischk)) echo $hischk; ?>&insu=<?php if(isset($insuchk)) echo $insuchk; ?>&billin=<?php if(isset($billchk)) echo $billchk; ?>">Download</a> </div> <!--generate report --> </div> <!--/main_coontent --> </body> </html> I have a page that contains a List box containing a list of categories taken from a mysql database, 4 iframe elements and 4 submit button (code to follow)
When an item is selected from the List box the onchange event submits the page to jobs.php and loads it into the joblist iframe. Once the iframe is loaded and visible it makes the "Add Job To Category" submit button visible. This all works great
When I click the "Add Job To Category" Submit button it loads Jobnew.php into the jobed iframe this is working but I can not seem to figure out how to pass the selected item from the List box using this submit button
I hope I am clear in my question if not please advise any help is very much appreciated....
Jobtask.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Job Configuration</title>
<head>
</head>
<body>
<div style="position:absolute;left:5px;top:0px;width:1345px;height:50px;z-index:0;">
<img src="images/img0001.png" id="Shape1" alt="" style="border-width:0;width:1345px;height:50px;"></div>
<span style='position:fixed;left:525px;top:8px;font-family:Arial;font-size:32px;width:275px;'>Job Configuration</span>
<form action='index.html' target='' method='post'>
<div style="position:absolute;left:205px;top:55px;width:1345px;height:50px;z-index:0;">
<Input type="submit" action="index.html" Target="_top" method='post'Value="Main Menu">
</div>
</form>
<form style=position:fixed;left:200px;top:82px;>
<iframe name='joblist' id='joblist' style=position:fixed;left:200px;top:px;visibility:hidden;z-index:10 src='' height="475" width="1150" scrolling='yes' frameBorder='0' ></iframe>
<iframe name='job' id='job' style=absolute:fixed;left:200px;top:0px;visibility:hidden;z-index:0 src='' height="475" width="1150" scrolling='yes' frameBorder='0' ></iframe>
<iframe name='jobed' id='jobed' style=position:fixed;left:460px;top:150px;visibility:hidden;z-index:10 src='' height="217" width="350" scrolling='no' frameBorder='0' ></iframe>
<iframe name='newcat' id='newcat' style=position:fixed;left:460px;top:150px;visibility:hidden;z-index:10 src='' height="125" width="350" scrolling='no' frameBorder='0' ></iframe>
</form>
<?php
error_reporting(E_ALL);
include('dbcon/dbconnect.php');
$con=mysqli_connect($host,$user,$password,$db);
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if (isset($_POST['id'])) {
$insql= "INSERT INTO catagory (Catagory) VALUES ('$_REQUEST[newcat]')";
$con->query($insql);
}
$Catresult = mysqli_query($con, "SELECT CatID, Catagory FROM catagory");
echo "<div id='wb_CatSel' style='position:absolute;z-index:0;text-align:center;'bgcolor='#00b0e6';>";
echo "<span style='position:fixed;left:10px;top:82px;font-family:Arial;font-size:15px;background-color:#00b0e6;width:175px;'>Select Category</span></div>";
echo "<form action='jobs.php' target='joblist' style='position:fixed;left:10px;top:101px;'></td>";
echo "<select name='cat' size='11' style='width: 175px;' onchange='this.form.submit()'>";
while($row = mysqli_fetch_array($Catresult))
{
echo "<option value=\"".$row['CatID']."\">".$row['Catagory']."</option>\n ";
}
echo "</select>";
echo "</form>";
echo "<form action='Jobnew.php' target='jobed' method='post'>";
echo "<div style='position:absolute;left:10px;top:285px;width:1345px;height:50px;z-index:0;'>";
echo "<Input type='hidden' id='id1'><Input type='submit' id='sbtn' style='width:175px;visibility:hidden;' Value='Add Job To Category'></div></form>";
echo "<form action='Jobtask.php' target='' method='post'>";
echo "<div style='position:absolute;left:10px;top:310px;width:1345px;height:50px;z-index:0;'>";
echo "<Input type='submit' style='width:175px;' action='Jobtask.php' Target='_top' method='post' Value='Reset Form'></div></form>";
echo "<form action='newcat.php' target='newcat' method='post'>";
echo "<div style='position:absolute;left:10px;top:335px;width:1345px;height:50px;z-index:0;''>";
echo "<Input type='submit' style='width:175px;'' action='newcat.php' Target='newcat' method='post' Value='Add New Category'></div></form>";
?>
</body>
</html>
I have a list of checkboxes, like e.g each checkbox has a value as ResumeID, now question is/are; 1) how to get the values of the checkboxes using jQuery ? 2) when I got the values of the checkboxes using jQuery, how to pass those values to a PHP Controller action ? Since there have been some debates about how to safely pass PHP values to JavaScript, I hope I can clarify a few things.
One suggestion that kept recurring was to simply run the value through json_encode() and then inject the result into a script element. The JSON-encoding is supposed to (magically?) prevent cross-site scripting vulnerabilities. And indeed it seemingly works, because naïve attacks like trying to inject a double quote will fail.
Unfortunately, this approach doesn't work at all and is fundamentally wrong for several reasons:
json_encode() was never intended to be a security function. It simply builds a JSON object from a value. And the JSON specification doesn't make any security promises either. So even if the function happens to prevent some attack, this is implementation-specific and may change at any time.
JSON doesn't know anything about HTML entities. The encoder leaves entities like " untouched, not realizing that this represents a double quote which is dangerous in a JavaScript context.
The json_encode() function is not encoding-aware, which makes it extremely fragile and unsuitable for any security purposes. Some of you may know this problem from SQL-escaping: There used to be a function called mysql_escape_string() which was based on a fixed character encoding instead of the actual encoding of the database connection. This quickly turned out to be a very bad idea, because a mismatch could render the function useless (e. g. the infamous GBK vulnerability). So back in 2002(!), the function was abandoned in favor of mysql_real_escape_string(). Well, json_encode() is like the old mysql_escape_string() and suffers from the exact same issues.
Any of those issues can be fatal and enable attackers to perform cross-site scripting, as demonstrated below.
1)
The entire “security” of json_encode() is based on side-effects. For example, the current implementation happens to escape forward slashes. But the JSON standard doesn't mandate this in any way, so this feature could be removed at any time (it can also be disabled at runtime). If it does get disabled, then your application is suddenly wide open to even the most trivial cross-site scripting attacks:
<?php
header('Content-Type: text/html; charset=UTF-8');
$input = '</script><script>alert(String.fromCharCode(88, 83, 83));</script><script>';
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>XSS</title>
</head>
<body>
<script>
var x = <?= json_encode($input, JSON_UNESCAPED_SLASHES) ?>;
</script>
</body>
</html>
2)
In XHTML, a script element works like any other element, so HTML entities like " are replaced with their actual characters (in this case a double quote). But JSON does not recognize HTML entities, so an attacker can use them to bypass json_encode() and inject arbitrary characters:
<?php
header('Content-Type: application/xhtml+xml; charset=UTF-8');
$input = "";alert('XSS');"";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>XSS</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head>
<body>
<script type="text/javascript">
var x = <?= json_encode($input) ?>;
</script>
</body>
</html>
3)
json_encode() blindly assumes that the input and the output should always be UTF-8. If you happen to use a different encoding, or if an attacker manages to trigger a specific encoding, you're again left with no protection at all:
<?php
header('Content-Type: text/html; charset=UTF-7');
$input = '+ACIAOw-alert(+ACI-XSS+ACI)+ADsAIg-';
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-7">
<title>XSS</title>
</head>
<body>
<script>
var x = <?= json_encode($input) ?>;
</script>
</body>
</html>
(This particular example only works in Internet Explorer.)
I hope this makes it very clear that json_encode() is not a security feature in any way. Relying on it is conceptually wrong and simply a very bad idea.
It's generally not recommended to inject code directly into a script element, because any mistake or bug will immediately lead to a cross-site scripting vulnerability. It's also very difficult to do it correctly, because there are special parsing rules and differences between the various flavors of HTML. If you try it, you're asking for trouble.
So how should one pass PHP values to JavaScript? By far the most secure and robust approach is to simply use Ajax: Since Ajax cleanly separates the data from the application logic, the value can't just “leak” into a script context. This is essentially like a prepared statement.
If you're into micro-optimization and cannot live with the fact that Ajax may need an extra request, there's an alternative approach by the OWASP: You can JSON-encode the data, HTML-escape the result, put the escaped content into a hidden div element and then parse it with JSON.parse():
<?php
header('Content-Type: text/html; charset=UTF-8');
$input = 'bar';
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>XSS</title>
<style>
.hidden {
display: none;
}
</style>
</head>
<body>
<div id="my-data" class="hidden">
<?php
$json_object = json_encode(array(
'foo' => $input,
));
// HTML-escape the JSON object
echo htmlspecialchars($json_object, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
?>
</div>
<script>
var data = JSON.parse(document.getElementById('my-data').innerHTML);
alert('The following value has been safely passed to JavaScript: ' + data.foo);
</script>
</body>
</html>
This topic has been moved to PHP Applications. http://www.phpfreaks.com/forums/index.php?topic=357747.0 Hi, My company has 240+ locations and as such some users (general managers) cover multiple sites. When I run a query to pull user information, when the user has multiple sites to his or her name, its adds the second / third sites to the next columns, rather than wrapping it inside the same table cell. It also works the opposite way, if a piece of data is missing in the database and is blank, its pull the following columns in. Both cases mess up the table and formatting. I'm extremely new to any kind of programming and maybe this isn't the forum for this question but figured I'd give it a chance since I'm stuck. The HTML/PHP code is below: <table id="datatables-column-search-select-inputs" class="table table-striped" style="width:100%"> <thead> <tr> <th>ID</th> <th>FirstName</th> <th>LastName</th> <th>Username</th> <th>Phone #</th> <th>Location</th> <th>Title</th> <th>Role</th> <th>Actions</th> </tr> </thead> <tbody> <?php //QUERY TO SELECT ALL USERS FROM DATABASE $query = "SELECT * FROM users"; $select_users = mysqli_query($connection,$query);
// SET VARIABLE TO ARRAY FROM QUERY while($row = mysqli_fetch_assoc($select_users)) { $user_id = $row['user_id']; $user_firstname = $row['user_firstname']; $user_lastname = $row['user_lastname']; $username = $row['username']; $user_phone = $row['user_phone']; $user_image = $row['user_image']; $user_title_id = $row['user_title_id']; $user_role_id = $row['user_role_id'];
// POPULATES DATA INTO THE TABLE echo "<tr>"; echo "<td>{$user_id}</td>"; echo "<td>{$user_firstname}</td>"; echo "<td>{$user_lastname}</td>"; echo "<td>{$username}</td>"; echo "<td>{$user_phone}</td>";
//PULL SITE STATUS BASED ON SITE STATUS ID $query = "SELECT * FROM sites WHERE site_manager_id = {$user_id} "; $select_site = mysqli_query($connection, $query); while($row = mysqli_fetch_assoc($select_site)) { $site_name = $row['site_name']; echo "<td>{$site_name}</td>"; } echo "<td>{$user_title_id}</td>"; echo "<td>{$user_role_id}</td>"; echo "<td class='table-action'> <a href='#'><i class='align-middle' data-feather='edit-2'></i></a> <a href='#'><i class='align-middle' data-feather='trash'></i></a> </td>"; //echo "<td><a href='users.php?source=edit_user&p_id={$user_id}'>Edit</a></td>"; echo "</tr>"; } ?>
<tr> <td>ID</td> <td>FirstName</td> <td>LastName</td> <td>Username</td> <td>Phone #</td> <td>Location</td> <td>Title</td> <td>Role</td> <td class="table-action"> <a href="#"><i class="align-middle" data-feather="edit-2"></i></a> <a href="#"><i class="align-middle" data-feather="trash"></i></a> </td> </tr> </tbody> <tfoot> <tr> <th>ID</th> <th>FirstName</th> <th>LastName</th> <th>Username</th> <th>Phone #</th> <th>Location</th> <th>Title</th> <th>Role</th> </tr> </tfoot> </table>
I'm working on a small project that requires a user login function. There's only going to be about 10 members in the database. I've followed a tutorial of how to make a login system. I've never really worked with sessions before, but I did some research and get the general concept of them. What I want to do is store the user's username in a session when they log in, so I can run queries and such later specific to that user. How would I do that? I was able to manually set a session, but I need to set the session equal to what their username is on login. I've tried doing that below, but I don't think it's working. Either that, or I'm not calling the session correctly in the other page where I want to display their username. Here's the code for the page that checks if the login is correct: Code: [Select] // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $encrypted_mypassword=md5($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'"; $result=mysql_query($sql); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername'] = $myusername; $_SESSION['password'] = $encrypted_mypassword; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> Thanks in advance for any replies I have a script that was written and tested on another server, but now when I transferred it to the live server, session values are not being passed. I made a couple test pages to check and confirmed that the only issue is the session variables. Here is the test I performed. Please tell me what I'm missing: page1.php <? session_start(); $_SESSION['var1'] = 'testing'; print_r($_SESSION); ?> Returns: Array ( [var1] => testing ) page2.php <? session_start(); print_r($_SESSION); ?> Returns: Array () I am building a website that uses session variables extensively. The site is getting a little complicated, and I am starting to lose track of which session variables are assigned, and what their values are. Is there some way where I can create a piece of code that will display all of the existing session variables and their values? I am pretty new to php and trying to teach myself. I can't get the values from this form to write to my flat file called orders.txt: browse_index.php <?php include("includes/menu_members.php") ?> <div id="content"> <h1>SHOPPING CART</h1> <a href="browse_index.php">CLICK HERE TO CONTINUE SHOPPING</a> <?php echo ' <table border="0"> <tr> <td><form id="f2" method="post"name="f2"><input type="submit" action="order_summary.php" name="submit2" value="submit order"></td> '; if(isset($_POST['submit'])) { $itemname = $_POST['h1']; //echo $_SESSION['itemname'][$itemname]; unset($_SESSION['itemqty'][$itemname]); unset($_SESSION['itemprice'][$itemname]); unset($_SESSION['itemname'][$itemname]); } echo "<br/><br/>"; echo "<table border='8' bgcolor='#efefef'>"; echo "<tr><th>Name</th><th>Quantity</th><th>Price</th><th>Subtotal</th></tr>"; foreach($_SESSION['itemname'] as $key=>$value) { echo '<tr><td><b>'.$_SESSION['itemname'][$key].'</b></td> <td>'.$_SESSION['itemqty'][$key].'</td> <td>$'.$_SESSION['itemprice'][$key].'</td> <td name="subtotal">$'.($_SESSION['itemqty'][$key] * $_SESSION['itemprice'][$key]).'</td> <td><form id="f1" method="post" name="f1"><input type="submit" name="submit" value = "delete"><input type="hidden" name="h1" value='.$key.'></td></tr>' ; } ?> order_summary.php: <?php session_start (); $date = date ("H:i jS F"); $outputstring = $date."/t" .$_POST['h1']. ":" .$_SESSION['itemqty'][$key]. ":" .$_SESSION['subtotal'][$key]. ":" ."\n"; $fp = fopen("orders.txt","a"); fwrite($fp, $outputstring); fclose($fp); ?> Can someone direct me where I am going wrong??? |
|||||||