[RESOLVED] Accessing Session Variables

@mrwilsonMay 12.2008

I am passing a variety of session variables successfully, but my problem is that when outputting session variables, they always have ‘ ‘ around them. Example from the welcome page after registering through a form

~~[COLOR=”Blue”]~~Registration Date 5/12/2008
Thank you ‘Bill’ ‘Bunsonburner’, you are now registered.
We welcome you to Work At Home. An email is being sent to ‘[email protected]‘ with comfirmation of regisration
Your user name is ‘mortimer’ and your password is ‘corrina333’ [/COLOR]
(this is all bogus info) The date above is a session variable with no ‘ ‘ around it. The rest of the variables have the ‘ ‘. how do I get rid of the ‘ ‘?

The code from the form page is simple enough

[CODE]<?php session_start(); $_SESSION[‘user’]= $_POST[‘user’]; $_SESSION[‘first_name’] = $_POST[‘first_name’]; $_SESSION[‘last_name’] = $_POST[‘last_name’]; $_SESSION[’email’] = $_POST[’email’]; $_SESSION[‘company’] = $_POST[‘company’]; $_SESSION[‘pass’] = $_POST[‘pass’]; $_SESSION[‘date’] = $_POST[‘date’]; $_SESSION[‘logon_date’] = $_POST[‘logon_date’];

?>[/CODE]

The form data is not shown, its just a normal html form. This is header information
There is a form handling page inbetween that runs the form data through reg expressions, verifies the data and does the magic quotes thing then inserts the data into a batabase.

The code from the welcome page (example above output) is probably over kill but still quite simple

[CODE] $com = $_SESSION[‘company’]; $first = $_SESSION[‘first_name’]; $last = $_SESSION[‘last_name’]; $mal = $_SESSION[’email’]; $use = $_SESSION[‘user’]; $pas = $_SESSION[‘pass’]; $date = $_SESSION[‘date’]; $ldate = $_SESSION[‘logon_date’];

print “<div id=”header”>”; print “<h1>Welcome $com”; print “</h1></div>”;

print “<div id=”content”>”; print “Registration Date $ldate <br />”; print “Thank you $first $last, you are now registered.<br />”; print “We welcome you to Work At Home. An email is being sent to $mal with comfirmation of regisration<br />”; print “Your user name is $use and your password is $pas <br />”;[/CODE]

Everything works, its just the annoying punctuation that shows up. Any ideas? Thanks for reading

to post a comment

PHP

@svidgenMay 12.2008 — #You might just need to use print_r every now and then to determine when the quotes are being added. For example, use

[code=php]print "<pre>n";
 print_r($_POST);
 print "</pre>n";[/code]

right after you print the BODY tag to verify the condition of the POST data. Then, maybe immediately before displaying the data, use

[code=php]print "<pre>n";
 print_r($_SESSION);
 print "</pre>n";[/code]

to verify that the data is being tainted before it is interpolated. Assuming the first print_r shows good data and the second shows bad data, throw a few more print_r statements around (using $_SESSION) before/after some statements that modify/use $_SESSION.

Maybe someone else sees something obvious that we're both missing. But, it's probably best to narrow the problem down to a block or line of code that's tainting the data. In this case, repeatedly calling print_r on that data is probably the [B]quickest[/B] way to track the problem down.

@mrwilsonauthorMay 12.2008 — #Thanks Jon, I will give that a shot right now

@mrwilsonauthorMay 12.2008 — #Doscovered the problem! First, thank you very much for your suggestions. I am leavign the Print_r in 'just in case'

the problem was a function

[CODE]function check_input($value)
 {
 // Stripslashes
 if (get_magic_quotes_gpc())
 {
 $value = stripslashes($value);
 }
 // Quote if not a number
 if (!is_numeric($value))
 {
 $value = "" . mysql_real_escape_string($value) . "";
 }
 return $value;
 }[/CODE]

if you notice the last line on each side of the real escape string, there is a " ' ". I removed the ' and bingo, all my problems went away.

Thanks again, much appreciated

@svidgenMay 12.2008 — #Cool, I'm happy you found it [so quickly].

Success!

Help @mrwilson spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.24,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

[RESOLVED] Accessing Session Variables

4 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

[RESOLVED] Accessing Session Variables

4 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

4 Comments(s) _↴

Also in #PHP _↴