session variables - help

session variables - help

am 14.08.2009 01:43:01 von Allen McCabe

--0016364173750cbb2504710e7fac
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

I am asking a similar question to one I asked yesterday (which received no
answers) with more information in the hopes someone will be kind enough to
guide me.

I have an order form populated with an array (as opposed to a database
table). The user can enter quantities, and the form posts all the
information to the order_process page where the values they entered are
listed for review.

I decided I wanted to allow them to edit quantities before actually
submitting the form (by which I mean before using the mail() function).

I found that $_SESSION is the way to go.

On the order summary page (order_process.php), I start a session and I get
all the POST information via:

[code]

session_start();

extract($_POST);

[/code]

Instead of echoing the quantity values of each item, I populate an input
field with them within an echo:

[code]

//when this function is called, $a is a the quantity variable $show_01_qty
function writeResultRow($a, $b, $c, $d, $e, $f) {
if($a != '') {
echo "";
. . .
}
[/code]

Now, in order to update a quantity, the user replaces the quantity in the
input field with the new number, and clicks a submit button which posts to
order_update.php.

I have the following code for order_update.php:

[code]

session_start();
extract($_POST);
foreach ($_POST as $var => $val) {
if ($val > 0) {
$_SESSION[$var] = $val;
} else {
unset($var);

}
header("Location: order_process.php");
}

[/code]

This is not working, however, and it just loads order_process.php with no
values for the varaibles, as if I just refreshed the page with no sessions.

Help please!

--0016364173750cbb2504710e7fac--

Re: session variables - help

am 14.08.2009 02:56:28 von Ben Dunlap

--001636417375b8171304710f85dc
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

>
> I have the following code for order_update.php:
>
> [code]
>
> session_start();
> extract($_POST);
> foreach ($_POST as $var => $val) {
> if ($val > 0) {
> $_SESSION[$var] = $val;
> } else {
> unset($var);
>
> }
> header("Location: order_process.php");
> }
>
> [/code]
>
> This is not working, however, and it just loads order_process.php with no
> values for the varaibles, as if I just refreshed the page with no sessions.


Maybe you left it out but I didn't see any place where you used $_SESSION in
order_process.php. Also, your redirect in order_update.php appears to be
inside your foreach loop, which would definitely mess things right up -- but
maybe that was just a typo in your email?

Otherwise the logic in order_update.php looks OK, but there are a few side
notes that jumped out:

1. I'm not seeing why you used "extract($_POST)" in order_update.php. Right
after the extract() call, you iterate through $_POST with a foreach loop, so
what's the purpose of calling extract()? Is there more code that you left
out?

2. Calling "extract($_POST)" is dangerous. The PHP manual warns against it,
although without giving much of an explanation:

http://us2.php.net/manual/en/function.extract.php

Apart from making it difficult to filter the input you're expecting to see,
"extract($_POST)" also allows a malicious end-user to define any variable of
his choosing and to overwrite any variables that you may have defined in the
script before the extract() call.

I like to use filter_input() to read the values of POST variables.

By much the same token, you'll want to escape $a, etc., in your
writeResultRow() function, with something like htmlentities().

3. Why the "unset($var)" in order_update.php? $var already gets reset each
time foreach iterates. So, calling unset() on it at the end of the loop
doesn't really do much. I'm wondering what you were aiming at there.

Thanks,

Ben

--001636417375b8171304710f85dc--

Re: session variables - help

am 14.08.2009 07:57:35 von Allen McCabe

--00163641853995922f047113ba7f
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Ben,

First of all, I thank you for your time and help.

My ai with using unset($var) in update_order.php is to set the SESSION
variable for an item to ' ' (empty) so that it would not show up on the
order summary (because my writeResultRow() function will only write a row if
that variable is greater than 0).

I just can't figure out what I'm missing here. Before I received your
response, I made a few changes to my code, which helped streamline the
calculating parts (grabbing values from SESSION instead of POST, and now
when I update order_summary, the values will remain because it pulls them
from the SESSION).

I want to edit the values in the SESSION, so that when update_order.php
redirects to order_process.php, the values are changed, and if applicable,
an item is removed from the html table (if the quantity is less than 1).

Here is some more complete code:

[code = order_process.php]

session_start();
// POST ALL $_POST VALUES, CREATE AS VARIABLES IN SESSION
foreach($_POST as $k=>$v) {
$_SESSION[$k]=$v;
}

$thisPage="AFY"; //NAVIGATION PURPOSES
include("afyshows.php"); //CONTAINS ARRAYS FOR SHOW ENTITIES; POPULATES
ORDER FORM
?>

.. . .











/>

.. . .


function findTotalCost($b, $c) {
$total = $b * $c;
return $total;
}

function writeResultRow($a, $b, $c, $d, $e, $f) {
if($a != '') {
echo "\n\n\t";
echo "".$b."".$c."".$d."";
echo "".$e."  name='".$a."' id='".$a."' size='2' />=\$".$f."";
echo "";
}
}

//SETS $Total_show_01 to PRICE * QUANTITY
//FORMATS TOTAL
//IF A QUANTITY IS ENTERED, WRITES THE ROW WITH CURRENT VARIABLES
$Total_show_01 = findTotalCost($shows['show_01']['price'],
$_SESSION['show_01_qty']);
$Total_show_01_fmtd = number_format($Total_show_01, 2, '.', '');
writeResultRow($_SESSION['show_01_qty'], $shows['show_01']['title'],
$shows['show_01']['date'], $shows['show_01']['time'],
$shows['show_01']['price'],$Total_show_01_fmtd);

//ABOVE LINES REPEATED FOR ALL 38 ENTITIES (show_01 to show_38)

?>
.. . .



[/code]

Now, here is the update_order.php code in entirety:

[code]

session_start();
foreach ($_SESSION as $var => $val) {
if ($val == "0") {
unset($_SESSION[$var]);
} elseif ($val == '') {
unset($_SESSION[$var]);
} else {
$val = $_SESSION[$var];

}
}
header("Location: order_process.php");

//NOTICE I FIXED THE LOCATION OF THE header() FUNCTION
//BUT IT STILL DOES NOT UPDATE

?>

[/code]

If you're still with me, I thank you. I removed all the styling elements
from the html to make it easier for you (and me) to see what it says. I have
invested many hours into this, and have generated many many lines of code,
but I hope what I gave you is sufficient, while not being overwhelming at
this hour.

Thank you very much for your help thus far, anything else would be greatly
appreciated.


On Thu, Aug 13, 2009 at 5:56 PM, Ben Dunlap wrote:

>
>
>> I have the following code for order_update.php:
>>
>> [code]
>>
>> session_start();
>> extract($_POST);
>> foreach ($_POST as $var => $val) {
>> if ($val > 0) {
>> $_SESSION[$var] = $val;
>> } else {
>> unset($var);
>>
>> }
>> header("Location: order_process.php");
>> }
>>
>> [/code]
>>
>> This is not working, however, and it just loads order_process.php with no
>> values for the varaibles, as if I just refreshed the page with no
>> sessions.
>
>
> Maybe you left it out but I didn't see any place where you used $_SESSION
> in order_process.php. Also, your redirect in order_update.php appears to be
> inside your foreach loop, which would definitely mess things right up -- but
> maybe that was just a typo in your email?
>
> Otherwise the logic in order_update.php looks OK, but there are a few side
> notes that jumped out:
>
> 1. I'm not seeing why you used "extract($_POST)" in order_update.php. Right
> after the extract() call, you iterate through $_POST with a foreach loop, so
> what's the purpose of calling extract()? Is there more code that you left
> out?
>
> 2. Calling "extract($_POST)" is dangerous. The PHP manual warns against it,
> although without giving much of an explanation:
>
> http://us2.php.net/manual/en/function.extract.php
>
> Apart from making it difficult to filter the input you're expecting to see,
> "extract($_POST)" also allows a malicious end-user to define any variable of
> his choosing and to overwrite any variables that you may have defined in the
> script before the extract() call.
>
> I like to use filter_input() to read the values of POST variables.
>
> By much the same token, you'll want to escape $a, etc., in your
> writeResultRow() function, with something like htmlentities().
>
> 3. Why the "unset($var)" in order_update.php? $var already gets reset each
> time foreach iterates. So, calling unset() on it at the end of the loop
> doesn't really do much. I'm wondering what you were aiming at there.
>
> Thanks,
>
> Ben
>
>

--00163641853995922f047113ba7f--

Re: session variables - help

am 14.08.2009 09:55:07 von Ralph Deffke

I'm realy sorry for u, but the reason for no answers is ur concept.

may be some rules will help u and I recommend u to think to spend the time
to rewrite the whole code. Im shure u will solve the problem then:
first dont use the global arrays directly. pick the values u need and put
them in reasonable types of variables.
build the business logic on these variables and if u feel like put the
results in well readable new ones
then populate the presentation in the required htmls
this will give u an more structured code, easier to debug and more fun for
the group to help u

I still dont understand why u use the $_SESSION variable. user often leave
forms open for hours and then submit them. u can not expect a user to end a
job in the livecycle of the session. thats what hidden form fields are made
for.

the $_session is for member like things and applications with security
issues where u can expect the user to finish things in a certain time or u
restart the whole.

"Allen McCabe" wrote in message
news:657acef20908132257x630719e1g4ecddcdff94923a5@mail.gmail .com...
> Ben,
>
> First of all, I thank you for your time and help.
>
> My ai with using unset($var) in update_order.php is to set the SESSION
> variable for an item to ' ' (empty) so that it would not show up on the
> order summary (because my writeResultRow() function will only write a row
if
> that variable is greater than 0).
>
> I just can't figure out what I'm missing here. Before I received your
> response, I made a few changes to my code, which helped streamline the
> calculating parts (grabbing values from SESSION instead of POST, and now
> when I update order_summary, the values will remain because it pulls them
> from the SESSION).
>
> I want to edit the values in the SESSION, so that when update_order.php
> redirects to order_process.php, the values are changed, and if applicable,
> an item is removed from the html table (if the quantity is less than 1).
>
> Here is some more complete code:
>
> [code = order_process.php]
>
> > session_start();
> // POST ALL $_POST VALUES, CREATE AS VARIABLES IN SESSION
> foreach($_POST as $k=>$v) {
> $_SESSION[$k]=$v;
> }
>
> $thisPage="AFY"; //NAVIGATION PURPOSES
> include("afyshows.php"); //CONTAINS ARRAYS FOR SHOW ENTITIES; POPULATES
> ORDER FORM
> ?>
>
> . . .
>
>


>
>
>
>
>
>
>
>
>
> > />
>
> . . .
>
> >
> function findTotalCost($b, $c) {
> $total = $b * $c;
> return $total;
> }
>
> function writeResultRow($a, $b, $c, $d, $e, $f) {
> if($a != '') {
> echo "\n\n\t";
> echo "".$b."".$c."".$d."";
> echo "".$e."  value='".$a."'
> name='".$a."' id='".$a."' size='2' />=\$".$f."";
> echo "";
> }
> }
>
> //SETS $Total_show_01 to PRICE * QUANTITY
> //FORMATS TOTAL
> //IF A QUANTITY IS ENTERED, WRITES THE ROW WITH CURRENT VARIABLES
> $Total_show_01 = findTotalCost($shows['show_01']['price'],
> $_SESSION['show_01_qty']);
> $Total_show_01_fmtd = number_format($Total_show_01, 2, '.', '');
> writeResultRow($_SESSION['show_01_qty'], $shows['show_01']['title'],
> $shows['show_01']['date'], $shows['show_01']['time'],
> $shows['show_01']['price'],$Total_show_01_fmtd);
>
> //ABOVE LINES REPEATED FOR ALL 38 ENTITIES (show_01 to show_38)
>
> ?>
> . . .
>
>
>
> [/code]
>
> Now, here is the update_order.php code in entirety:
>
> [code]
>
> > session_start();
> foreach ($_SESSION as $var => $val) {
> if ($val == "0") {
> unset($_SESSION[$var]);
> } elseif ($val == '') {
> unset($_SESSION[$var]);
> } else {
> $val = $_SESSION[$var];
>
> }
> }
> header("Location: order_process.php");
>
> //NOTICE I FIXED THE LOCATION OF THE header() FUNCTION
> //BUT IT STILL DOES NOT UPDATE
>
> ?>
>
> [/code]
>
> If you're still with me, I thank you. I removed all the styling elements
> from the html to make it easier for you (and me) to see what it says. I
have
> invested many hours into this, and have generated many many lines of code,
> but I hope what I gave you is sufficient, while not being overwhelming at
> this hour.
>
> Thank you very much for your help thus far, anything else would be greatly
> appreciated.
>
>
> On Thu, Aug 13, 2009 at 5:56 PM, Ben Dunlap
wrote:
>
> >
> >
> >> I have the following code for order_update.php:
> >>
> >> [code]
> >>
> >> session_start();
> >> extract($_POST);
> >> foreach ($_POST as $var => $val) {
> >> if ($val > 0) {
> >> $_SESSION[$var] = $val;
> >> } else {
> >> unset($var);
> >>
> >> }
> >> header("Location: order_process.php");
> >> }
> >>
> >> [/code]
> >>
> >> This is not working, however, and it just loads order_process.php with
no
> >> values for the varaibles, as if I just refreshed the page with no
> >> sessions.
> >
> >
> > Maybe you left it out but I didn't see any place where you used
$_SESSION
> > in order_process.php. Also, your redirect in order_update.php appears to
be
> > inside your foreach loop, which would definitely mess things right up --
but
> > maybe that was just a typo in your email?
> >
> > Otherwise the logic in order_update.php looks OK, but there are a few
side
> > notes that jumped out:
> >
> > 1. I'm not seeing why you used "extract($_POST)" in order_update.php.
Right
> > after the extract() call, you iterate through $_POST with a foreach
loop, so
> > what's the purpose of calling extract()? Is there more code that you
left
> > out?
> >
> > 2. Calling "extract($_POST)" is dangerous. The PHP manual warns against
it,
> > although without giving much of an explanation:
> >
> > http://us2.php.net/manual/en/function.extract.php
> >
> > Apart from making it difficult to filter the input you're expecting to
see,
> > "extract($_POST)" also allows a malicious end-user to define any
variable of
> > his choosing and to overwrite any variables that you may have defined in
the
> > script before the extract() call.
> >
> > I like to use filter_input() to read the values of POST variables.
> >
> > By much the same token, you'll want to escape $a, etc., in your
> > writeResultRow() function, with something like htmlentities().
> >
> > 3. Why the "unset($var)" in order_update.php? $var already gets reset
each
> > time foreach iterates. So, calling unset() on it at the end of the loop
> > doesn't really do much. I'm wondering what you were aiming at there.
> >
> > Thanks,
> >
> > Ben
> >
> >
>



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: session variables - help

am 14.08.2009 10:03:09 von Ashley Sheridan

On Fri, 2009-08-14 at 09:55 +0200, Ralph Deffke wrote:
> user often leave
> forms open for hours and then submit them

These users should be taken out and beaten over the head with their
keyboards!

Thanks,
Ash
http://www.ashleysheridan.co.uk


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: session variables - help

am 14.08.2009 10:05:20 von Ralph Deffke

well thanks good they are far away then, but the problem is ur client, i
didnt find anybody giving me the permission to beat his customers

"Ashley Sheridan" wrote in message
news:1250236989.2344.10.camel@localhost...
> On Fri, 2009-08-14 at 09:55 +0200, Ralph Deffke wrote:
> > user often leave
> > forms open for hours and then submit them
>
> These users should be taken out and beaten over the head with their
> keyboards!
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: session variables - help

am 14.08.2009 10:15:54 von Ashley Sheridan

On Fri, 2009-08-14 at 10:05 +0200, Ralph Deffke wrote:
> well thanks good they are far away then, but the problem is ur client, i
> didnt find anybody giving me the permission to beat his customers
>
> "Ashley Sheridan" wrote in message
> news:1250236989.2344.10.camel@localhost...
> > On Fri, 2009-08-14 at 09:55 +0200, Ralph Deffke wrote:
> > > user often leave
> > > forms open for hours and then submit them
> >
> > These users should be taken out and beaten over the head with their
> > keyboards!
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
>
>
>

Beat them hard enough and they tend to forget who did it...

My life would be so much easier without end users!

Thanks,
Ash
http://www.ashleysheridan.co.uk


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: session variables - help

am 14.08.2009 12:44:50 von M.Ford

> -----Original Message-----
> From: Allen McCabe [mailto:allenmccabe@gmail.com]
> Sent: 14 August 2009 06:58

=20
> My ai with using unset($var) in update_order.php is to set the
> SESSION
> variable for an item to ' ' (empty) so that it would not show up on
> the
> order summary (because my writeResultRow() function will only write
> a row if
> that variable is greater than 0).
>=20
> I just can't figure out what I'm missing here. Before I received
> your
> response, I made a few changes to my code, which helped streamline
> the
> calculating parts (grabbing values from SESSION instead of POST, and
> now
> when I update order_summary, the values will remain because it pulls
> them
> from the SESSION).
>=20
> I want to edit the values in the SESSION, so that when
> update_order.php
> redirects to order_process.php, the values are changed, and if
> applicable,
> an item is removed from the html table (if the quantity is less than
> 1).
>=20
> Here is some more complete code:
>=20
> [code =3D order_process.php]
>=20
> > session_start();
> // POST ALL $_POST VALUES, CREATE AS VARIABLES IN SESSION
> foreach($_POST as $k=3D>$v) {
> $_SESSION[$k]=3D$v;
> }

This has just destroyed anything that was previously in the session, so if =
you're recycling from the update_order.php script, you've just thrown away =
whatever that script did! You need to make this conditional on having arri=
ved here from the initial form -- various ways you could do that, but I lea=
ve you to figure that one out.

(Also, personally, if I were doing this at all, I would just copy the array=
as a single entity:

$_SESSION['_POST'] =3D $_POST;

and then reference individual elements through that as, e.g., $_SESSION['_P=
OST']['School']. That's probably a matter of personal style as much as anyt=
hing, but gives you another way to think about.)


[ . . . . ]


>=20
> >=20
> function findTotalCost($b, $c) {
> $total =3D $b * $c;
> return $total;
> }
>=20
> function writeResultRow($a, $b, $c, $d, $e, $f) {
> if($a !=3D '') {
> echo "\n\n\t";
> echo "".$b."".$c."".$d."";
> echo "".$e."  > value=3D'".$a."'
> name=3D'".$a."' id=3D'".$a."' size=3D'2'
> />=3D\$".$f."";
> echo "";
> }
> }
>=20
> //SETS $Total_show_01 to PRICE * QUANTITY
> //FORMATS TOTAL
> //IF A QUANTITY IS ENTERED, WRITES THE ROW WITH CURRENT VARIABLES
> $Total_show_01 =3D findTotalCost($shows['show_01']['price'],
> $_SESSION['show_01_qty']);
> $Total_show_01_fmtd =3D number_format($Total_show_01, 2, '.', '');
> writeResultRow($_SESSION['show_01_qty'], $shows['show_01']['title'],
> $shows['show_01']['date'], $shows['show_01']['time'],
> $shows['show_01']['price'],$Total_show_01_fmtd);
>=20
> //ABOVE LINES REPEATED FOR ALL 38 ENTITIES (show_01 to show_38)

AAAAAARRRRRRRGGGGGGGGGHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!!!!!

This cries out for an array-based solution -- repeating near-identical code=
that many times is totally ludicrous, and should be a major clue that you =
need to refactor. You'll have to forgo using indexes like ['show_01'] and =
use straight integers, but the massive reduction in repetitive code (and he=
nce far fewer opportunities for mistakes!) will be well worth it.

Something like:

for ($i=3D1; $i<=3D38; ++$i):
$Total[$i] =3D findTotalCost($shows[$i]['price'], $_SESSION['qty'][$i=
]);
$Total_fmtd[$i] =3D number_format($Total[$i], 2, '.', '');
writeResultRow($_SESSION['qty'][$i], $shows[$i]['title'], $shows[$i][=
'date'], $shows[$i]['time'], $shows[$i]['price'],$Total_fmtd[$i]);
endfor;

[ . . . . ]
=20
> Now, here is the update_order.php code in entirety:
>=20
> [code]
>=20
> > session_start();
> foreach ($_SESSION as $var =3D> $val) {
> if ($val == "0") {
> unset($_SESSION[$var]);
> } elseif ($val == '') {
> unset($_SESSION[$var]);
> } else {
> $val =3D $_SESSION[$var];

That line is back-to-front -- you're assigning the current value in the ses=
sion to $val, which is then immediately thrown away as the foreach loop sta=
rts a new iteration. What you mean is $_SESSION[$var] =3D $val.


Cheers!

Mike
--=20
Mike Ford,
Electronic Information Developer, Libraries and Learning Innovation,
Leeds Metropolitan University, C507, Civic Quarter Campus,=20
Woodhouse Lane, LEEDS,=A0 LS1 3HE,=A0 United Kingdom=20
Email: m.ford@leedsmet.ac.uk=20
Tel: +44 113 812 4730






To view the terms under which this email is distributed, please go to http:=
//disclaimer.leedsmet.ac.uk/email.htm

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: session variables - help

am 14.08.2009 14:47:16 von M.Ford

> -----Original Message-----
> From: Ford, Mike [mailto:M.Ford@leedsmet.ac.uk]
> Sent: 14 August 2009 11:45


> > Now, here is the update_order.php code in entirety:
> >
> > [code]
> >
> > > > session_start();
> > foreach ($_SESSION as $var =3D> $val) {
> > if ($val == "0") {
> > unset($_SESSION[$var]);
> > } elseif ($val == '') {
> > unset($_SESSION[$var]);
> > } else {
> > $val =3D $_SESSION[$var];
>=20
> That line is back-to-front -- you're assigning the current value in
> the session to $val, which is then immediately thrown away as the
> foreach loop starts a new iteration. What you mean is
> $_SESSION[$var] =3D $val.

No, wait a minute, hold your foot up! I was so focussed on the strange ass=
ignment that I didn't read the whole thing properly. What you're *actually=
* doing here is -- er, well, totally not what you want to, I suspect! Havin=
g re-read the message I responded to, I'm going to go back to it and post a=
nother response....


Cheers!

Mike
--=20
Mike Ford,
Electronic Information Developer, Libraries and Learning Innovation,
Leeds Metropolitan University, C507, Civic Quarter Campus,=20
Woodhouse Lane, LEEDS,=A0 LS1 3HE,=A0 United Kingdom=20
Email: m.ford@leedsmet.ac.uk=20
Tel: +44 113 812 4730





To view the terms under which this email is distributed, please go to http:=
//disclaimer.leedsmet.ac.uk/email.htm

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: session variables - help

am 14.08.2009 16:52:20 von M.Ford

> -----Original Message-----
> From: Allen McCabe [mailto:allenmccabe@gmail.com]
> Sent: 14 August 2009 06:58
>=20
> Here is some more complete code:
>=20
> [code =3D order_process.php]
>=20
> > session_start();
> // POST ALL $_POST VALUES, CREATE AS VARIABLES IN SESSION
> foreach($_POST as $k=3D>$v) {
> $_SESSION[$k]=3D$v;
> }
>=20
> $thisPage=3D"AFY"; //NAVIGATION PURPOSES
> include("afyshows.php"); //CONTAINS ARRAYS FOR SHOW ENTITIES;
> POPULATES
> ORDER FORM
> ?>
>=20
> . . .
>=20
>


>

Er wait, no! Sessions and hidden form fields are generally alternative solu=
tions to the same problem -- you shouldn't be putting the same values both =
in the session and in hidden form fields. In this case, I'm beginning to s=
uspect that the hidden fields are the better solution, but there is a certa=
in amount of personal preference in this.

> > $_SESSION['School']; ?>" />
> > $_SESSION['Grade']; ?>" />
> > $_SESSION['Address']; ?>" />
> > $_SESSION['City'];
> ?>" />
> > $_SESSION['State']; ?>" />
> > $_SESSION['Zip']; ?>" />
> > $_SESSION['Contact']; ?>" />
> > $_SESSION['Phone']; ?>" />
> > $_SESSION['Fax']; ?>"
> />
> > $_SESSION['Email']; ?>" />
> . . .
>=20
> >=20
> function findTotalCost($b, $c) {
> $total =3D $b * $c;
> return $total;
> }
>=20
> function writeResultRow($a, $b, $c, $d, $e, $f) {
> if($a !=3D '') {
> echo "\n\n\t";
> echo "".$b."".$c."".$d."";
> echo "".$e."  > value=3D'".$a."'
> name=3D'".$a."' id=3D'".$a."' size=3D'2'
> />=3D\$".$f."";
> echo "";
> }
> }
>=20
> //SETS $Total_show_01 to PRICE * QUANTITY
> //FORMATS TOTAL
> //IF A QUANTITY IS ENTERED, WRITES THE ROW WITH CURRENT VARIABLES
> $Total_show_01 =3D findTotalCost($shows['show_01']['price'],
> $_SESSION['show_01_qty']);
> $Total_show_01_fmtd =3D number_format($Total_show_01, 2, '.', '');
> writeResultRow($_SESSION['show_01_qty'], $shows['show_01']['title'],
> $shows['show_01']['date'], $shows['show_01']['time'],
> $shows['show_01']['price'],$Total_show_01_fmtd);
>=20
> //ABOVE LINES REPEATED FOR ALL 38 ENTITIES (show_01 to show_38)
>=20
> ?>
> . . .
>=20
> />
>=20
> [/code]

If I'm reading what you want to do correctly, it seems to me there are two =
obvious approaches to this:

(i) Have a single form which posts back to itself, showing all the show inf=
ormation and requested quantities and calculated result fields (such as tot=
al cost); initially, this will have the calculated fields not displaying an=
ything, and these will be (re)populated at each Update. Using this method,=
all your values are contained solely within the $_POST array.

(ii) Have your initial form post to the process form, which then also posts=
to itself on Update. This process form will have visible fields only for v=
alues which can be changed, but *must* then contain hidden fields for all t=
he other values which were originally passed in the $_POST array. This arr=
angement means that the process form always receives a full complement of v=
alues in the $_POST array -- either from the original form, or from hidden =
fields posted back to itself.

This is all just coming off the top of my head, and I'm sure there are impr=
ovements/other solutions to be offered. Hope this will give you some thing=
s to think about, and maybe a pointer or two towards a satisfactory solutio=
n.


Cheers!

Mike
--=20
Mike Ford,
Electronic Information Developer, Libraries and Learning Innovation,
Leeds Metropolitan University, C507, Civic Quarter Campus,=20
Woodhouse Lane, LEEDS,=A0 LS1 3HE,=A0 United Kingdom=20
Email: m.ford@leedsmet.ac.uk=20
Tel: +44 113 812 4730





To view the terms under which this email is distributed, please go to http:=
//disclaimer.leedsmet.ac.uk/email.htm

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: session variables - help

am 14.08.2009 17:25:44 von Allen McCabe

--002354471070707aff04711baaf2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Thank you all for your responses.

Mike.

I like the ii option better, mostly because I already have most of that in
place (ie. order posts to process, and process has editable fields and
hidden fields with the remaining complimentary values).
Martin suggested I use the following code for my update script (which is
posted to via the process page):

[code]

foreach($_POST as $key => $value)
if( '0' == $value || '' == $value )
{
/*if*/ session_is_registered( $key ) &&
session_unregister( $key );
}

[/code]

I am not following the logic on the above code very well, but is this indeed
a better option? And is not session_*whatever deprecated? The reason I am
using $_SESSION is because it seems that php 6 will use solely this method,
and it currently works with php 5. The other reason I am using it is so that
I can keep the variables stored elsewhere for whenever I need them; I don't
want to have to juggle all the information with POST and hidden inputs
unless it will work seamlessly, and be ready for update at a later date (if
I move to using a database to store show information, or when php 6 is
mainstream).

Keep in mind that once I get the update feature working, I need the process
page to have a final submit button that will insert the order into a
database table AND send a notification email to myself (and an email to the
user). Am I setting myself up for failure with this udate order option? I
ask because the update feature relies on a form, and are not forms limited
to one submit button?

Thanks all for your patience! I will work on this today and write back with
any further questions I can't figure out on my own. And if anyone has any
advice I will be checking my email regularly.

Allen
On Fri, Aug 14, 2009 at 7:52 AM, Ford, Mike wrote:

> > -----Original Message-----
> > From: Allen McCabe [mailto:allenmccabe@gmail.com]
> > Sent: 14 August 2009 06:58
> >
> > Here is some more complete code:
> >
> > [code = order_process.php]
> >
> > > > session_start();
> > // POST ALL $_POST VALUES, CREATE AS VARIABLES IN SESSION
> > foreach($_POST as $k=>$v) {
> > $_SESSION[$k]=$v;
> > }
> >
> > $thisPage="AFY"; //NAVIGATION PURPOSES
> > include("afyshows.php"); //CONTAINS ARRAYS FOR SHOW ENTITIES;
> > POPULATES
> > ORDER FORM
> > ?>
> >
> > . . .
> >
> >


> >
>
> Er wait, no! Sessions and hidden form fields are generally alternative
> solutions to the same problem -- you shouldn't be putting the same values
> both in the session and in hidden form fields. In this case, I'm beginning
> to suspect that the hidden fields are the better solution, but there is a
> certain amount of personal preference in this.
>
> >
> >
> >
> >
> >
> >
> >
> >
> > > > />
> >
> > . . .
> >
> > > >
> > function findTotalCost($b, $c) {
> > $total = $b * $c;
> > return $total;
> > }
> >
> > function writeResultRow($a, $b, $c, $d, $e, $f) {
> > if($a != '') {
> > echo "\n\n\t";
> > echo "".$b."".$c."".$d."";
> > echo "".$e."  > > value='".$a."'
> > name='".$a."' id='".$a."' size='2'
> > />=\$".$f."";
> > echo "";
> > }
> > }
> >
> > //SETS $Total_show_01 to PRICE * QUANTITY
> > //FORMATS TOTAL
> > //IF A QUANTITY IS ENTERED, WRITES THE ROW WITH CURRENT VARIABLES
> > $Total_show_01 = findTotalCost($shows['show_01']['price'],
> > $_SESSION['show_01_qty']);
> > $Total_show_01_fmtd = number_format($Total_show_01, 2, '.', '');
> > writeResultRow($_SESSION['show_01_qty'], $shows['show_01']['title'],
> > $shows['show_01']['date'], $shows['show_01']['time'],
> > $shows['show_01']['price'],$Total_show_01_fmtd);
> >
> > //ABOVE LINES REPEATED FOR ALL 38 ENTITIES (show_01 to show_38)
> >
> > ?>
> > . . .
> >
> >
> >
> > [/code]
>
> If I'm reading what you want to do correctly, it seems to me there are two
> obvious approaches to this:
>
> (i) Have a single form which posts back to itself, showing all the show
> information and requested quantities and calculated result fields (such as
> total cost); initially, this will have the calculated fields not displaying
> anything, and these will be (re)populated at each Update. Using this
> method, all your values are contained solely within the $_POST array.
>
> (ii) Have your initial form post to the process form, which then also posts
> to itself on Update. This process form will have visible fields only for
> values which can be changed, but *must* then contain hidden fields for all
> the other values which were originally passed in the $_POST array. This
> arrangement means that the process form always receives a full complement of
> values in the $_POST array -- either from the original form, or from hidden
> fields posted back to itself.
>
> This is all just coming off the top of my head, and I'm sure there are
> improvements/other solutions to be offered. Hope this will give you some
> things to think about, and maybe a pointer or two towards a satisfactory
> solution.
>
>
> Cheers!
>
> Mike
> --
> Mike Ford,
> Electronic Information Developer, Libraries and Learning Innovation,
> Leeds Metropolitan University, C507, Civic Quarter Campus,
> Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom
> Email: m.ford@leedsmet.ac.uk
> Tel: +44 113 812 4730
>
>
>
>
>
> To view the terms under which this email is distributed, please go to
> http://disclaimer.leedsmet.ac.uk/email.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--002354471070707aff04711baaf2--

Re: session variables - help

am 14.08.2009 17:34:08 von Martin Scotta

--0016e647543878a6de04711bc8f1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

On Fri, Aug 14, 2009 at 12:25 PM, Allen McCabe wrote:

> Thank you all for your responses.
>
> Mike.
>
> I like the ii option better, mostly because I already have most of that in
> place (ie. order posts to process, and process has editable fields and
> hidden fields with the remaining complimentary values).
> Martin suggested I use the following code for my update script (which is
> posted to via the process page):
>
> [code]
>
> foreach($_POST as $key => $value)
> if( '0' == $value || '' == $value )
> {
> /*if*/ session_is_registered( $key ) &&
> session_unregister( $key );
> }
>
> [/code]
>
> I am not following the logic on the above code very well, but is this
> indeed
> a better option? And is not session_*whatever deprecated? The reason I am
> using $_SESSION is because it seems that php 6 will use solely this method,
> and it currently works with php 5. The other reason I am using it is so
> that
> I can keep the variables stored elsewhere for whenever I need them; I don't
> want to have to juggle all the information with POST and hidden inputs
> unless it will work seamlessly, and be ready for update at a later date (if
> I move to using a database to store show information, or when php 6 is
> mainstream).
>
> Keep in mind that once I get the update feature working, I need the process
> page to have a final submit button that will insert the order into a
> database table AND send a notification email to myself (and an email to the
> user). Am I setting myself up for failure with this udate order option? I
> ask because the update feature relies on a form, and are not forms limited
> to one submit button?
>
> Thanks all for your patience! I will work on this today and write back with
> any further questions I can't figure out on my own. And if anyone has any
> advice I will be checking my email regularly.
>
> Allen
> On Fri, Aug 14, 2009 at 7:52 AM, Ford, Mike wrote:
>
> > > -----Original Message-----
> > > From: Allen McCabe [mailto:allenmccabe@gmail.com]
> > > Sent: 14 August 2009 06:58
> > >
> > > Here is some more complete code:
> > >
> > > [code = order_process.php]
> > >
> > > > > > session_start();
> > > // POST ALL $_POST VALUES, CREATE AS VARIABLES IN SESSION
> > > foreach($_POST as $k=>$v) {
> > > $_SESSION[$k]=$v;
> > > }
> > >
> > > $thisPage="AFY"; //NAVIGATION PURPOSES
> > > include("afyshows.php"); //CONTAINS ARRAYS FOR SHOW ENTITIES;
> > > POPULATES
> > > ORDER FORM
> > > ?>
> > >
> > > . . .
> > >
> > >


> > >
> >
> > Er wait, no! Sessions and hidden form fields are generally alternative
> > solutions to the same problem -- you shouldn't be putting the same values
> > both in the session and in hidden form fields. In this case, I'm
> beginning
> > to suspect that the hidden fields are the better solution, but there is a
> > certain amount of personal preference in this.
> >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > > > > />
> > >
> > > . . .
> > >
> > > > > >
> > > function findTotalCost($b, $c) {
> > > $total = $b * $c;
> > > return $total;
> > > }
> > >
> > > function writeResultRow($a, $b, $c, $d, $e, $f) {
> > > if($a != '') {
> > > echo "\n\n\t";
> > > echo "".$b."".$c."".$d."";
> > > echo "".$e."  > > > value='".$a."'
> > > name='".$a."' id='".$a."' size='2'
> > > />=\$".$f."";
> > > echo "";
> > > }
> > > }
> > >
> > > //SETS $Total_show_01 to PRICE * QUANTITY
> > > //FORMATS TOTAL
> > > //IF A QUANTITY IS ENTERED, WRITES THE ROW WITH CURRENT VARIABLES
> > > $Total_show_01 = findTotalCost($shows['show_01']['price'],
> > > $_SESSION['show_01_qty']);
> > > $Total_show_01_fmtd = number_format($Total_show_01, 2, '.', '');
> > > writeResultRow($_SESSION['show_01_qty'], $shows['show_01']['title'],
> > > $shows['show_01']['date'], $shows['show_01']['time'],
> > > $shows['show_01']['price'],$Total_show_01_fmtd);
> > >
> > > //ABOVE LINES REPEATED FOR ALL 38 ENTITIES (show_01 to show_38)
> > >
> > > ?>
> > > . . .
> > >
> > >
> > >
> > > [/code]
> >
> > If I'm reading what you want to do correctly, it seems to me there are
> two
> > obvious approaches to this:
> >
> > (i) Have a single form which posts back to itself, showing all the show
> > information and requested quantities and calculated result fields (such
> as
> > total cost); initially, this will have the calculated fields not
> displaying
> > anything, and these will be (re)populated at each Update. Using this
> > method, all your values are contained solely within the $_POST array.
> >
> > (ii) Have your initial form post to the process form, which then also
> posts
> > to itself on Update. This process form will have visible fields only for
> > values which can be changed, but *must* then contain hidden fields for
> all
> > the other values which were originally passed in the $_POST array. This
> > arrangement means that the process form always receives a full complement
> of
> > values in the $_POST array -- either from the original form, or from
> hidden
> > fields posted back to itself.
> >
> > This is all just coming off the top of my head, and I'm sure there are
> > improvements/other solutions to be offered. Hope this will give you some
> > things to think about, and maybe a pointer or two towards a satisfactory
> > solution.
> >
> >
> > Cheers!
> >
> > Mike
> > --
> > Mike Ford,
> > Electronic Information Developer, Libraries and Learning Innovation,
> > Leeds Metropolitan University, C507, Civic Quarter Campus,
> > Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom
> > Email: m.ford@leedsmet.ac.uk
> > Tel: +44 113 812 4730
> >
> >
> >
> >
> >
> > To view the terms under which this email is distributed, please go to
> > http://disclaimer.leedsmet.ac.uk/email.htm
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>

I didn't know that session_* were deprecated. is this for all session_*
functions?
Anyways.. here you have the same code fixed

foreach($_POST as $key => $value)
if( ('0' == $value || '' == $value) &&
array_key_exists( $key, $_SESSION) )
{
unset( $_SESSION[ $key ] );
}

--
Martin Scotta

--0016e647543878a6de04711bc8f1--

Re: session variables - help

am 14.08.2009 19:37:30 von Ben Dunlap

> Thanks all for your patience! I will work on this today and write back with
> any further questions I can't figure out on my own. And if anyone has any
> advice I will be checking my email regularly.

If you've already tried this with no luck, please ignore -- but you
might speed up the whole process by stepping aside from the "real"
code briefly, starting fresh in an empty directory, and just putting
together a handful of extremely simple scripts with the single goal of
entering one value, updating it, and then doing some final
pseudo-processing on the updated value.

Then, you could step it up a bit by by adding a second value that gets
entered at the beginning, and cannot be updated in the middle but must
be preserved through to the end.

Doing all this might help clarify the basic flow of the system and
enable you to simplify its structure before going back and tackling
the real code.

Ben

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php