I have a variable that contains post data:
$ttransid = $_POST["t_transid"];
I then connect to a database and pull info from the row that corresponds with $ttransid.
This works fine.
A paypal transaction is then made, if the payment is successful the database is updated with the payment info - This works.
Now my code tries to update the database and remove stock based on the original $ttransid variable at the beginning.
$querysub = "UPDATE ibn_table SET iname = iname - 1 WHERE itransaction_id='$ttransid'";
if(!mysql_query($querysub))
{
//mysql error..!
}
The database is updated, but only where itransaction_id is blank, suggesting $ttransid is empty. Although it was called and used correctly at the beginning of the code.
Any ideas?
This is because next time your page is hit, the $_POST is empty so there is no $_POST["t_transid"]. So when you assign
$ttransid = $_POST["t_transid"];
It gets empty and update empty string. I suggest you to save that post variable value in your database or in session so you can use that latter.
At starting point before going to the paypal payment page just keep the $transid [Availabe in POST data] in to the session then after payment success, update db with session transid.
After this process just destroy the transid from the session.
Sure it will work.
Related
So I finally managed to save some session data in to the database.
Now a new problem arises. When I load the page once all data is being saved.
When I reload the page and I write something to the session all data that's already in the session is being replaced with this new data. This means that with each load all the data is being replaced for new data. This is giving me problems because I'm saving a order_id into the session when there is no order_id present in the session.
This is the code that writes the data into the database. And yes it says replace into. But because this is a custom handler how can i actually append data to this current session with out renewing everything. Also how can I replace old data for new data witch is already present in the session.
The code that handles the writing to the database.
function _write($id, $data) {
$access = time();
$id = $this->session_db->real_escape_string($id);
$access = $this->session_db->real_escape_string($access);
$data = $this->session_db->real_escape_string($data);
$sql = "REPLACE INTO sessions VALUES ('$id', '$access', '$data')";
return $this->session_db->query($sql);
}
Is there something that i can do to put all the data directly after session_start() in the session variable so it always has all the data and doesn't overwrite the data with a single value when I do something like:
$_SESSION['LAST_ACTIVITY'] = time(); ?
EDIT: Also when I try to echo the session directly after the session_start();
It gives me there error
Warning: session_start(): Failed to decode session object. Session has been destroyed in /var/www/vhosts/url/httpdocs/index.php on line 13
Is there something wrong with the serialized string I don't understand why it is giving me this error.
Thanks in advance, some help will be appreciated.
Ok so now everything is working. I kinda feel embarrassed for saying what the problem was. So ok the problem and the solution.
The problem was that the session serialized data was way to long for a regular text field in the database. My string was over 500.000 characters long regular text field in database supports until 65.000+ characters.
So I changed the field from "TEXT" to "LONGTEXT" now it has enough space to save the string. And now everything works properly.
Everybody thanks for your time so far.
I am trying to retrieve user inputs from a previous page using the URL. I have the following code on the previous page which sends the username and account status via the URL.
header("location: pagename.php?user=$username&status=$status");
On 'pagename.php' I have the following code which stores the values in local variables and echos them for my benefit.
if(isset($_GET['user'], $_GET['status'])){
$user = mysqli_real_escape_string($con, $_GET['user']);
$status = mysqli_real_escape_string($con, $_GET['status']);
echo $user.' - '. $status;
}
While, elswhere, this method works perfectly for retrieving 5 values form the URL, on this occasion I am failing to retrieve the status and it echoes the following 'username - ' You can see an image of the output for better understanding. I would much appreciate your assistance in helping me retrieve the status from the URL using PHP.
http://www.awesomescreenshot.com/image/378892/c50c452d8597f2ac29970a6a21bfcc62
Having tried var_dump($_GET) I get the following result:
I just realised that the issue lied with the naming of the variable $status, which incidentally happened to be the same name used in my login session and because I was not logged in it did not get the account status. I fixed the issue by simply renaming the variable.
I have a website where the front page contains a search form with several fields.
When the user performs a search, I make an ajax call to a function in a controller.
Basically, when the user clicks on the submit button, I send an ajax call via post to:
Route::post('/search', 'SearchController#general');
Then, in the SearchController class, in the function general, I store the values received in a session variable which is an object:
Session::get("search")->language = Input::get("language");
Session::get("search")->category = Input::get("category");
//I'm using examples, not the real variables names
After updating the session variable, in fact, right after the code snippet shown above, I create (or override) a cookie storing the session values:
Cookie::queue("mysite_search", json_encode(Session::get("search")));
And after that operation, I perform the search query and send the results, etc.
All that work fine, but I'm not getting back the values in the cookie. Let me explain myself.
As soon as the front page of my website is opened, I perform an action like this:
if (!Session::has("search")) {
//check for a cookie
$search = Cookie::get('mysite_search');
if($search) Session::put("search", json_decode($search));
else {
$search = new stdClass();
$search->language = "any";
$search->category = "any";
Session::put("search", $search);
}
}
That seems to be always failing if($search) is always returning false, and as a result, my session variable search has always its properties language and category populated with the value any. (Again: I'm using examples, not the real variables names).
So, I would like to know what is happening here and how I could achieve what I'm intending to do.
I tried to put Session::put("search", json_decode($search)); right after $search = Cookie::get('mysite_search'); removing all the if else block, and that throws an error (the ajax call returns an error) so the whole thing is failling at some point, when storing the object in the cookie or when retieving it.
Or could also be something else. I don't know. That's why I'm here. Thanks for reading such a long question.
Ok. This is what was going on.
The problem was this:
Cookie::queue("mysite_search", json_encode(Session::get("search")));
Before having it that way I had this:
Cookie::forever("mysite_search", json_encode(Session::get("search")));
But for some reason, that approach with forever wasn't creating any cookie, so I swichted to queue (this is Laravel 4.2). But queue needs a third parameter with the expiration time. So, what was really going on is that the cookie was being deleted after closing the browser (I also have the session.php in app/config folder set to 'lifetime' => 0 and 'expire_on_close' => true which is exactly what I want).
In simple words, I set the expiration time to forever (5 years) this way:
Cookie::queue("mysite_search", json_encode(Session::get("search")), 2592000);
And now it seems to be working fine after testing it.
i Have created an php file which will Update the scores to database.For example : http://domain.com/heli/test.php?id=100001181378824&score=50000
Test.php contains below code
mysql_connect(localhost,$user,$password);
$id = mysql_real_escape_string($_GET['id']);
$score = mysql_real_escape_string$_GET['score']);
#mysql_select_db($database) or die( "Unable to select database");
$query = "UPDATE heli SET score = '$score' WHERE app = '$id'";
echo $query;
$result=mysql_query($query);
mysql_close();
I Want to know how to Do Get or post Request to My test.php Via Javascript in secure way.Right Now i have created below Js.
var httpwp = new XMLHttpRequest();
var urlwp = "http://domain.com/heli/test.php?id=100001181378824&score=50000";
var paramswp = "id="+ids+"&score="+scores+";
httpwp.open("GET", urlwp, true);
httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
httpwp.setRequestHeader("Content-length", paramswp.length);
httpwp.setRequestHeader("Connection", "keep-alive");
httpwp.send(paramswp);
But how to do Post or Get Request securely with authentication key etc ?
You never can be sure for data which clients submit.
To make this more "secure" you must write some logic on your server, on how that score calculated.
For example. Lets say that you start the game now and after 3 seconds you submit 1000 points.
Is that possible?
You must create some steps or limits, for example, if player is on level 1 the score cant be more than 100 points and cant be submited before 1 minute gameplay. And so on!
Good luck.
1.First, fix your PHP code so you are not vulnerable to SQL Injection.
2.Next, access your server via https instead of http.
3.Add a php file to accept a login request for a name and password which will return a unique session key. ( a large random number could be good enough, or a sha1 hash of random data + some data in the request)
4.Store this number in a serverside database along with the date it was issued.
6.Make your app get a session key from this file before uploading the score.
7.Make your score saving php file accept your session key along with the score data and compare it against the database to see if its valid, and not too old (check the issue date).
8.Store a new session key and return it with the result of the score update, and remove the old session key from the database.
9.Make your js use the new key in later posts, each time getting a new one form the server.
10.Build in sanity checks in your php app to check for ridiculous and impossible scores. Also check for large scores achieved too quickly.
i have a callback page, that i am using to insert data in a db. when i load this page. and echo $_SESSION['user_id']. it echos the user_id, and inserts it into the db. however when i am trying to insert the data while doing the callback function, the $_SESSSION['user_id'] is ignored and the other data is succesfully inserted. why is this?
echo $_SESSION['user_id'];
$decodedJSON = json_decode(file_get_contents('php://input'), true);
$account = $decodedJSON['account'];
$query_insert = "insert into video (account,userid) values ($account,$_SESSION['user_id'])";
$result_insert = mysql_query($query_insert);
When i refresh the page, $_SESSION['user_id'] is inserted. But when i try to run the callback function, $account is inserted, but $_SESSION['user_id'] is not.
I'm not 100% sure of how this all fits together with your code sample, but if you're trying to pass somethign to stanard input and then run the PHP, you also need to pass the sessionID.
When you call the code from your borwser, cookies magically handle all that for you, and the sessions ID is passed in a cookie. But if you're calling from another source, cookies are not passed.
I could explain how to do it, but nothing better than the PHP manual: http://php.net/manual/en/session.idpassing.php - basically append the SID to the end of hte URL.
But note the comment about "session.use_trans_sid" which is disabled by default and needs to be enabled in php.ini