Re: [PHP] Session data disappearing?
On Tue, March 29, 2005 2:52 am, Colin Ross said:
> a couple points on your code...
>
> if something makes it to the session scope, $_SESSION[], it should be
> valid/verified, so why copy them all to a global var? i.e.
> $name = $_SESSION['name'];
I don't want to litter my later code with $_SESSION['name'], basically.
[shrug]
I'm still used to the old register_globals being "ON" so I basically
import the variables I want to use from there they should come from, and
add scrubbing after the logic is right.
I'll be wiping the database and starting fresh from my SQL script after
that, so an SQL injection over the next couple days won't do much.
> why not just type true instead of a var that gets looked up everytime.
> $valid = true;
> secondly... any auth scheme using something like if
> ($_SESSION['valid_user']) is not very strong, and prolly has a big
> hole somewhere... ie.
>
> // $_REQUEST, i.e anything a user can type in the url
> $username = $_REQUEST['username'];
> $password = $_REQUEST['password'];
> $query = "select client_id, password = password('$password'),
> name, access from client where username = '$username'";
> // this is beggin for a sql injection attack here (although you may
> have magic quotes on, which i don't suggest... do you own escaping...)
Magic quotes is on.
I'll add more scrubbing later.
> // check your SQL syntax, i'd be suprised if that runs like that... should
> be:
> $query = "SELECT client_id, password, name, access FROM `client` WHERE
> `username` = '$username' AND `password` = password($password)";
The SQL is correct, and works just fine.
>
> -- just use an external style sheet with either an @import or
No, thank you.
I don't trust browsers to cache or not cache style sheets correctly, nor
do I feel the need for the extra HTTP connection to get the style sheet.
>
> -- avoid short open tags, and use a semicolon after every statement
> i.e.
>
Again, I don't care about short open tags not being ON on your server.
They're on for mine, and always will be, and this code is not intended to
ever be ported anywhere.
The semi-colon is optional -- That is a documented feature.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session data disappearing?
On Tue, March 29, 2005 3:06 am, Colin Ross said:
> In edit_schedule.phps:
>
> if (isset($_POST['add_available'])){
> $year = $_POST['year'];
> $year = $year['NULL'];
> $month = $_POST['month'];
> $month = $month['NULL'];
> $day = $_POST['day'];
> $day = $day['NULL'];
> $time = $_POST['time'];
> $time = $time['NULL'];
> ...
> }
> after this is done..
> $year, $month, $day, and $time should all be arrays with a single
> 'null' (not the keyword null though) item with no value. ie.
> array(NULL=>);
No.
> what ARE you trying to do, you are making the POST vars global:
> $day = $_POST['day'];
> OK. (why do you even need to do this? whatever, matter of taste i guess..)
> But then you over write their values, making them arrays with that
> single element 'NULL'
> $day = $day['NULL'];
> Not seeing the logic here...
All of those $_POST elements *ARE* arrays because the HTML has
NAME="year[...]"
For pre-existing slots, they have a valid slot_id in the array index.
For the one NEW item to be inserted, I used the key [NULL] which in HTTP
turns into 'NULL' as an index into the array.
In other words, if there were 3 pre-exsiting slots, and the user fills in
the "NEW" date to add, and I did:
var_dump($_POST['date']);
I'd get something not unlike:
array('1'=>'2005-04-01', '2'=>'2005-04-04', '3'=>'2005-04-05',
'NULL'=>'2005-04-06');
Thus, $year = $_POST['year']; gets me the whole array, and then $year =
$year['NULL'] gets me the NEW year they are asking me to insert.
I dunno why this seemed so confusing, but it makes perfect sense to me.
[shrug]
> Overall, and not to mean offence, but your code is kinda sloppy and
> has syntax and logic errors.
>
> TAKEN' : '')?>
> SHOULD be erroring up (if you have errors turned on, please say you do
> for development)
> try:
> TAKEN'; ?>
>
> and btw, the short conditional syntax is:
> (condition) ? true : false;
> // ie. (note the empty string... you gotta have SOMETHING there
> [right?i think so]
> echo ($taken) ? 'TAKEN' : '' ;
Yes, http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session data disappearing?
Colin Ross wrote:
In edit_schedule.phps:
if (isset($_POST['add_available'])){
$year = $_POST['year'];
$year = $year['NULL'];
$month = $_POST['month'];
$month = $month['NULL'];
$day = $_POST['day'];
$day = $day['NULL'];
$time = $_POST['time'];
$time = $time['NULL'];
...
}
after this is done..
$year, $month, $day, and $time should all be arrays with a single
'null' (not the keyword null though) item with no value. ie.
array(NULL=>);
what ARE you trying to do, you are making the POST vars global:
$day = $_POST['day'];
OK. (why do you even need to do this? whatever, matter of taste i guess..)
But then you over write their values, making them arrays with that
single element 'NULL'
$day = $day['NULL'];
Not seeing the logic here...
didn't spot this yet. will take another look - maybe this is the prob? hmm.
Overall, and not to mean offence, but your code is kinda sloppy and
has syntax and logic errors.
Richards style is just different to yours, me thinks.
TAKEN' : '')?>
SHOULD be erroring up (if you have errors turned on, please say you do
for development)
Richard aint no noob :-)
...the syntax you point out as being bad is completely legal.
try:
TAKEN'; ?>
and btw, the short conditional syntax is:
(condition) ? true : false;
// ie. (note the empty string... you gotta have SOMETHING there
[right?i think so]
echo ($taken) ? 'TAKEN' : '' ;
Colin
On Mon, 28 Mar 2005 20:27:00 -0800 (PST), Richard Lynch <[EMAIL PROTECTED]>
wrote:
Can anybody 'splain under what conditions $_SESSION values would turn into
&NULL for no reason I can figure out?
It happens consistently on this one FORM submission, but works fine on
others.
PHP 5.0.3
FreeBSD 5.3-RELEASE
Tried with Cookies and with trans_sid
No difference.
Tried altering the session.name and no difference.
Naturally, I can't pare it down to a smaller example yet. :-(
I'm calling session_start(), for sure.
I'm dumping out session_id() and it has the same 32-character value as
before.
But one page has $_SESSION data, and the next, "poof" all the
&string(#)="#" values turn into &NULL
Actually only two out of three values was disappearing for awhile.
This worked fine under Windows XP on my laptop, so I'm reasonably certain
it's not my code at fault, at least not totally. Working versions:
PHP 4.3.9
Windows XP Home Edition
I've searched bugs.php.net, and found nothing that matched up in any
obvious way to what I'm experiencing, though maybe I just missed it.
H. Maybe I can blame the CSS somehow. That always seems to screw me
up. :-v
Anybody willing to poke at it can email me off list for a
username/password and I'll set it up for you to see it in action.
Source code (kinda long, sorry):
http://acousticdemo.com/edit_schedule.phps
http://acousticdemo.com/globals.phps
http://acousticdemo.com/client_id.phps
http://acousticdemo.com/global.phps (CSS)
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session data disappearing?
In edit_schedule.phps:
if (isset($_POST['add_available'])){
$year = $_POST['year'];
$year = $year['NULL'];
$month = $_POST['month'];
$month = $month['NULL'];
$day = $_POST['day'];
$day = $day['NULL'];
$time = $_POST['time'];
$time = $time['NULL'];
...
}
after this is done..
$year, $month, $day, and $time should all be arrays with a single
'null' (not the keyword null though) item with no value. ie.
array(NULL=>);
what ARE you trying to do, you are making the POST vars global:
$day = $_POST['day'];
OK. (why do you even need to do this? whatever, matter of taste i guess..)
But then you over write their values, making them arrays with that
single element 'NULL'
$day = $day['NULL'];
Not seeing the logic here...
Overall, and not to mean offence, but your code is kinda sloppy and
has syntax and logic errors.
TAKEN' : '')?>
SHOULD be erroring up (if you have errors turned on, please say you do
for development)
try:
TAKEN'; ?>
and btw, the short conditional syntax is:
(condition) ? true : false;
// ie. (note the empty string... you gotta have SOMETHING there
[right?i think so]
echo ($taken) ? 'TAKEN' : '' ;
Colin
On Mon, 28 Mar 2005 20:27:00 -0800 (PST), Richard Lynch <[EMAIL PROTECTED]>
wrote:
> Can anybody 'splain under what conditions $_SESSION values would turn into
> &NULL for no reason I can figure out?
>
> It happens consistently on this one FORM submission, but works fine on
> others.
>
> PHP 5.0.3
> FreeBSD 5.3-RELEASE
>
> Tried with Cookies and with trans_sid
>
> No difference.
>
> Tried altering the session.name and no difference.
>
> Naturally, I can't pare it down to a smaller example yet. :-(
>
> I'm calling session_start(), for sure.
>
> I'm dumping out session_id() and it has the same 32-character value as
> before.
>
> But one page has $_SESSION data, and the next, "poof" all the
> &string(#)="#" values turn into &NULL
>
> Actually only two out of three values was disappearing for awhile.
>
> This worked fine under Windows XP on my laptop, so I'm reasonably certain
> it's not my code at fault, at least not totally. Working versions:
> PHP 4.3.9
> Windows XP Home Edition
>
> I've searched bugs.php.net, and found nothing that matched up in any
> obvious way to what I'm experiencing, though maybe I just missed it.
>
> H. Maybe I can blame the CSS somehow. That always seems to screw me
> up. :-v
>
> Anybody willing to poke at it can email me off list for a
> username/password and I'll set it up for you to see it in action.
>
> Source code (kinda long, sorry):
> http://acousticdemo.com/edit_schedule.phps
> http://acousticdemo.com/globals.phps
> http://acousticdemo.com/client_id.phps
> http://acousticdemo.com/global.phps (CSS)
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session data disappearing?
Can anybody 'splain under what conditions $_SESSION values would turn into &NULL for no reason I can figure out? It happens consistently on this one FORM submission, but works fine on others. PHP 5.0.3 FreeBSD 5.3-RELEASE Tried with Cookies and with trans_sid No difference. Tried altering the session.name and no difference. Naturally, I can't pare it down to a smaller example yet. :-( I'm calling session_start(), for sure. I'm dumping out session_id() and it has the same 32-character value as before. But one page has $_SESSION data, and the next, "poof" all the &string(#)="#" values turn into &NULL Actually only two out of three values was disappearing for awhile. This worked fine under Windows XP on my laptop, so I'm reasonably certain it's not my code at fault, at least not totally. Working versions: PHP 4.3.9 Windows XP Home Edition I've searched bugs.php.net, and found nothing that matched up in any obvious way to what I'm experiencing, though maybe I just missed it. H. Maybe I can blame the CSS somehow. That always seems to screw me up. :-v Anybody willing to poke at it can email me off list for a username/password and I'll set it up for you to see it in action. Source code (kinda long, sorry): http://acousticdemo.com/edit_schedule.phps http://acousticdemo.com/globals.phps http://acousticdemo.com/client_id.phps http://acousticdemo.com/global.phps (CSS) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
