I may be going about this the wrong way, but I only learn by asking.
I have a form that gathers name, address, etc.. The form was originally designed with just one field for name called bill_name. I have changed it to two fields bill_fname and bill_lname. The session data is then used for visual verification on the next page and then submitted for processed following that.
How do I combine the variables $_SESSION['donate']['bill_fname'] and $_SESSION['donate']['bill_lname'] and add them to the array as $_SESSION['donate']['bill_name'] on the verification page before sending them to be processed?
The reason for having all 3 variables in the array is a good part of the processing code uses the $_SESSION['donate']['bill_name'] and the new code I'm adding needs the the separate values of $_SESSION['donate']['bill_fname'] and $_SESSION['donate']['bill_lname']
I hope this makes sense.
It's fairly simply, just concatenate the strings (i'm using a space here also) and assign them to the bill_name key;
$_SESSION['donate']['bill_name'] = $_SESSION['donate']['bill_fname'] . " " . $_SESSION['donate']['bill_lname']
Also, I don't think there's anything inherently wrong with this approach. However, I'm not much a php developer so I'm not knowledgable on best practices.
try:
$_SESSION['donate']['bill_name'] = $_SESSION['donate']['bill_fname']." ".$_SESSION['donate']['bill_lname'];
echo $_SESSION['donate']['bill_name'];
Or if you want the separate parts of the name in tact:
$_SESSION['donate']['bill_name'] = array(
'bill_fname' => $_SESSION['donate']['bill_fname'],
'bill_lname' => $_SESSION['donate']['bill_lname'],
'full_name' => $_SESSION['donate']['bill_fname'] . ' ' . $_SESSION['donate']['bill_lname']
);
Related
This goes to a target page and fills in a form field with the value of the variable dropdownText
window.location.replace("http://example.com/new_view.cgi?ticket_type=11111&F_14115="+dropdownText);
To fill two fields, from variables dropdownText and inputvalue, this doesn't work:
window.location.replace("http://example.com/new_view.cgi?ticket_type=11111&F_14115="+dropdownText&subject="+inputvalue);
If there weren't variables involved, this would work, to put enterThisOne and enterThisTwo in the respective fields:
window.location.replace("http://example.com/new_view.cgi?ticket_type=11111&F_14115=enterThisOne&subject=enterThisTwo);
So I know how to pick up a variable and send it to fill a field, and I know how to fill two fields with text, but I don't know how to fill two fields with two variables. How can I do this? I think it's just the syntax I'm missing but I can't find it.
UPDATE:
Based on the answer below, this is what worked:
window.location.replace("http://example.com/new_view.cgi?ticket_type=15932&F_14115="+dropdownText+"&subject="+inputvalue );
I was really just missing the +" between the two field/variable pairs, the answer below made it more clear how this works.
I did it this way because the base URL includes the ticket type; my modifications, based on user input, start after that.
I'll look into escaping the variables and learn about that next, but this is great for right now; the user input is pretty standardized and shouldn't contain anything problematic.
This really has nothing to do with URLs and variables and everything to do with JavaScript string syntax.
After +dropdownText you need to get back to string literal for &subject=
Like this:
window.location.replace("http://example.com/new_view.cgi" +
"?ticket_type=11111" +
"&F_14115=" + dropdownText +
"&subject=" + inputvalue );
But you also need to properly escape your variables, or somebody can break your URL by including (e.g.) a "&" character. For this, see: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
Right I had to make a variable as shown below.
$questionID = '$quizinfo[\'Q' . $ques_num . '_ID\']';
But now the code wont run when shown anywhere it shows like $quizinfo['Q1_ID'] Instead of getting the variable that the php got earlier that behind it.
I need to be done like that as there 15 questions in a quiz and the ids I held and I change the number every time to get the new ID number but it not getting them how do I fix it?
checking it I put in.
echo $quizinfo['Q1_ID'];
And it worked correctly so what do I need to do to make it work?
Try:
$questionID = $quizinfo['Q' . $ques_num . '_ID'];
It should work.
When you write:
$questionID = '$quizinfo[\'Q' . $ques_num . '_ID\']';
$quizinfo[…] is not interpreted. It is taken as a string.
See also:
Php variables inside strings
PHP - concatenate or directly insert variables in string
PHP: variables in strings without concatenation
PHP: Beware of Variables Inside Strings
Mixing PHP variable with string literal
Since it is just php, why do you escape it?
$questionID = $quizinfo['Q' . $ques_num . '_ID'];
should do it. Also, You have ]' which should be replaced by '] at the end.
I think you are looking to use a variable for your array index:
$index = "Q{$ques_num}_ID";
echo $quizinfo[$index];
The problem you're experiencing is that you've turned the whole expression into a string with a number inside it, and so no array look-up was being performed.
As an aside: having indices that are human-readable is nice for humans, but not necessary for a computer. Unless you have a particular need to do it this way, I'd change this so it is just numerically indexed - it'll simplify your code.
Im not really sure what im looking for but currently in my system i send a long url like this:
$name=1&option=2&field=4....
And its quite long. So if i have a list of values like:
name
option
field
can i put them into a string in which i can break at certain points eg by a slash or whatever.
And then encode the string so its completely random like, so i only have one field to send:
&data=JKHFGDKGLKJHFKDJHFKJDHFKHDF
Then finally i can decode the other side and break apart.
Is there a pre-built function to do this?
WHAT IT IS:
im sending data to paypal, but i have a few custom variables i wish to send, now for some reason my IPN isnt geting them, not sure why, but if i add one called custom it get to the IPN fine. So i thought if i just send one called custom in a random format and then decode?
You could simply Base64-encode your data.
$a = array('name' => '1', 'option' => '2', 'field' => '4');
$temp = json_encode($a); // convert array to string
$data = base64_encode($temp); // encode string
output:
"eyJuYW1lIjoiMSIsIm9wdGlvbiI6IjIiLCJmaWVsZCI6IjQifQ=="
To send this in an URL, you must encode it once more (like you must encode all data you would send in a URL)
$url = $url . "&data=" . urlencode($data)
The intermediary step through JSON ensures your data will kep its structure and will be easily decodeable on the receiving side.
On the downside: Your URL will be longer.
Use base64_encode and then base64_decode, this will solve your problem.
If you don't know what you are looking for we can't imagine that lol.
Anyway If i got you, you can do this, considering you have built your string:
$string ="$name=1&option=2&field=4";
You could pass it as a single param with:
$data = url_encode($string);
Other than url_encode you can use base64_encode
As the commenter (Bobby) says - consider using POST when you want to send larger sets of data and prevent your URL from becoming unmanageably long or ugly.
GET variables are handy for providing the user with a page they can bookmark directly which is desirable in some cases, such as on a search page with a query string and/or filters already filled in, so that the user can return to a search and check for new results periodically without having to reset all of their choices.
POST variables are better if you don't need that sort of functionality, you don't need to encode/decode them for URLs and they can't be bookmarked directly (which is also desirable in many cases).
To answer your original question though, if you really, really had to send the variable(s) on the URL and you wanted to just send one apparently random string, I suggest writing a couple of encode/decode functions of your own (since I assume the object of the excercise is not to encrypt it against tampering, just to make your URLs friendlier). This will be all the easier if there are restrictions to what the variables can be, and more difficult if they can be absolutely anything.
For example - if you have the following vars and possible settings:
var1 (apple, banana, orange)
var2 (car, motorbike, bicycle)
var3 (red, yellow, green)
Normally, you'd make a URL like:
http://www.mysite.com/page.php?var1=banana&var2=car&var3=green
If you assign the variables to numbers (for example) so that var1, var2 and var3 would be 1, 2 or 3 - then you could send over a URL like:
http://www.mysite.com/page.php?vars=213
Break it down at the other end into single numbers and convert those back into 'banana', 'car', and 'green'.
But seriously.... I'd look at POST first unless there is very specific reason why you would use this sort of approach - i've used it before for shortening a URL to make it more sharable on social media and forums.
I am looking to have a list of arguments passed across in an a URL.
$url['key1']=1;
$url['key2']=2;
$url['key3']=3;
$url['key4']=4;
$url['key5']=5;
$url['key6']=6;
$url['key7']=7;
Please Note I am trying to pass this in the URL in 1 GET variable. I know this would be better done by ?key1=1&key2=2&key3=3...etc but for reasons that are too complicated to try and explain they can't be in this format.
Any suggestions how I can convert this array into something that can be passed as 1 get var in a URL string?
Thanks in advance.
You can use json_encode() or serialize()
$myUrl = 'http://www.example.com/?myKey=' . urlencode(json_encode($url));
or
$myUrl = 'http://www.example.com/?myKey=' . urlencode(serialize($url));
Using json_encode will usually give you a shorter string, but very old PHP version might not have the json_decode function available to decode it again.
The final way would be to create your own custom encoding... it could be as simple a pipe-separated values: key1|1|key2|2|key3|3
This would give you the best option for a short URL, but is the most work.
Try http_build_query:
$url['key1']=1;
$url['key2']=2;
$url['key3']=3;
$url['key4']=4;
$url['key5']=5;
$url['key6']=6;
$url['key7']=7;
echo http_build_query($url);
//echos key1=1&key2=2&key3=3&key...
What it does is converting an array into a query string using the keys and automatically takes care of url-encoding.
EDIT:
Just read your additional requirement that it should be just one variable. So nevermind this answer.
If your problem was the proper encoding though you might want to give this another try.
Hope that helps.
The recommendation to use serialize() is fine. If space is an issue, then use a combination of bzcompress() and serialize().
However, there's a security considering that hasn't been brought up, and that's that the end user (who can see and edit this url) could manipulate the data within it. You may think it's difficult, but most of the PHP-attacking worms in the wild do this to some degree or another.
If letting the user directly manipulate any of the keys or values (or replacing it with an integer, or an object, or anything else), then you should protect your script (and your users) from this attack.
A simple solution is to simply use a shared secret. It can be anything; just so long as it's unique and truly secret (perhaps you should randomly generate it at install-time). Let's say you have in your config file something like this:
define('SECRET', 'unoqetbioqtnioqrntbioqt');
Then, you can digitally sign the serialized data created with: $s=serialize($m) using $k=sha1($s.SECRET) and make the url value $k.$s
Then, before you unserialize() do this:
$v=substr($input,0,40);
$s=substr($input,40);
if ($v != sha1($s.SECRET)) { die("invalid input"); }
$m=unserialize($s);
This way, you know that $m is the same as the original value that you serialized.
If you like, you can use the following drop-in replacements:
define('SECRET','buh9tnb1094tib014'); // make sure you pick something else
function secureserialize($o) {
$s=serialize($o);
return sha1($s.SECRET).$s;
}
function secureunserialize($i) {
$v=substr($i,0,40);$s=substr($i,40);
if ($v!=sha1($s.SECRET)){die("invalid input");}
return unserialize($s);
}
You could serialize them as key-value pairs when constructing the URL, putting the resultant serialized value in a single $_GET variable (e.g. data=sfsdfasdf98sdfasdf), then unserialize the $_GET["data"] variable. You'll need to use urlencode to make sure the resultant serialized values are URL-safe. Make sure you watch out for maximum URL lengths - 2083 characters in IE.
However, unless you really can't use key-value pairs in URLs (per your question), key1=foo&key2=bar... is definitely the way to go.
If you don't mind dropping the key names, you can use
http://example.com?url[]=1&url[]=2&url[]=3
EDIT Keeping the key names:
http://example.com?values[]=1&values[]=2&values[]=3&keys[]=1&keys[]=2&keys[]=3
Then in your PHP script:
$url = array_combine($_GET['keys'], $_GET['values']);
Could you solve your problem by saving the data as a HTML cookie? That way you don't have to modify the URL at all.
If you know the values in advance, you can set them from the server side when you send the user the page with your target link on it.
If you won't know the values until the user fills out a form it can still be done using JavascriptL When the user clicks the form submit you can set multiple cookies by making multiple javascript calls like:
document.cookie = 'key1=test; expires=Mon, 7 Sept 2009 23:47:11 UTC; path=/'
The security model might give you some trouble if you are trying to pass this data from one domain to another though.
What is the quickest way to get a large amount of data (think golf) and the most efficient (think performance) to get a large amount of data from a MySQL database to a session without having to continue doing what I already have:
$sql = "SELECT * FROM users WHERE username='" . mysql_escape_string($_POST['username']) . "' AND password='" . mysql_escape_string(md5($_POST['password'])) . "'";
$result = mysql_query($sql, $link) or die("There was an error while trying to get your information.\n<!--\n" . mysql_error($link) . "\n-->");
if(mysql_num_rows($result) < 1)
{
$_SESSION['username'] = $_POST['username'];
redirect('index.php?p=signup');
}
$_SESSION['id'] = mysql_result($result, '0', 'id');
$_SESSION['fName'] = mysql_result($result, '0', 'fName');
$_SESSION['lName'] = mysql_result($result, '0', 'lName');
...
And before anyone asks yes I do really need to 'SELECT
Edit: Yes, I am sanitizing the data, so that there can be no SQL injection, that is further up in the code.
I came up with this and it appears to work.
while($row = mysql_fetch_assoc($result))
{
$_SESSION = array_merge_recursive($_SESSION, $row);
}
Most efficient:
$get = mysql_query("SELECT * FROM table_name WHERE field_name=$something") or die(mysql_error());
$_SESSION['data'] = mysql_fetch_assoc($get);
Done.
This is now stored in an array. So say a field is username you just do:
echo $_SESSION['data']['username'];
Data is the name of the array - username is the array field.. which holds the value for that field.
EDIT: fixed some syntax mistakes :P but you get the idea.
OK, this doesn't answer your question, but doesn't your current code leave you open to SQL Injection?
I could be wrong, never worked in PHP, just saw the use of strings in the SQL and alarm bells started ringing!
Edit:
I am not trying to tamper with your post, I was correcting a spelling error, please do not roll back.
I am not sure what you mean by "large amounts of data", but it looks to me like you are only initializing data for one user? If so, I don't see any reason to optimize this unless you have hundreds of columns in your database with several megabytes of data in them.
Or, to put it differently, why do you need to optimize this? Are you having performance problems?
What you are doing now is the straight-forward approach, and I can't really see any reason to do it differently unless you have some specific problems with it.
Wrapping the user data in a user object might help some on the program structure though. Validating your input is probably also a good idea.
#Unkwntech
Looks like you are correct, but following a Google, which led here looks like you may want to change to mysql_real_escape_string()
As for the edit, I corrected the spelling of efficient as well as removed the "what is the".. Since that's not really required since the topic says it all.
You can review the edit history (which nicely highlights the actual changes) by clicking the "edited a min ago" text at the bottom of your question.
Try using json for example:
$_SESSION['data'] = json_encode(mysql_fetch_array($result));
Is the implementation of that function faster than what he is already doing?
Does anyone else have trouble entering ] into markdown? I have to paste it in
Yes, it's bugged.
#Anders - there are something like 50-75 columns.
Again, unless this is actually causing performance problems in your application I would not bother with optimizing it. If, however, performance is a problem I would consider only getting some of the data initially and lazy-loading the other columns as they are needed.
If Unkwntech's suggestion does indeed work, I suggest you change your SELECT statement so that it doesn't grab everything, since your password column would be one of those fields.
As for whether or not you need to keep this stuff in the session, I say why not? If you're going to check the DB when the user logs in (I'm assuming this would be done then, no?) anyway, you might as well store fairly non-sensitive information (like name) in the session if you plan on using that information throughout the person's visit.
It's not so much that it causing performance problems but that I would like the code to look a bit cleaner.
Then wrap the user data in a class. Modifyng $_SESSION directly looks somewhat dirty. If you want to keep the data in a dictionary—which you can still do even if you put it in a separate class.
You could also implement a loop that iterates over all columns, gets their names and copy the data to a map with the same key names. That way your internal variables—named by key in the dictionary—and database column names would always be the same. (This also has the downside of changing the variable name when you change the column name in the database, but this is a quite common and well-accepted trade-off.)
Try using json for example:
$_SESSION['data'] = json_encode(mysql_fetch_array($result));
Edit
Later you then json_decode the $_SESSION['data'] variable and you got an array with all the data you need.
Clarification:
You can use json_encode and json_decode if you want to reduce the number of lines of code you write. In the example in the question, a line of code was needed to copy each column in the database to the SESSION array. Instead of doing it with 50-75 lines of code, you could do it with 1 by json_encoding the entire database record into a string. This string can be stored in the SESSION variable. Later, when the user visits another page, the SESSION variable is there with the entire JSON string. If you then want to know the first name, you can use the following code:
$fname = json_decode($_SESSION['data'])['fname'];
This method won't be faster than a line by line copy, but it will save coding and it will be more resistant to changes in your database or code.
BTW
Does anyone else have trouble entering ] into markdown? I have to paste it in.