electric-fire Posted June 18, 2013 Share Posted June 18, 2013 Hi, I encountered a bug when using the 'view_order.php?oid=x' page (page #344 in the book), first time it loads, everything works fine and the $_SESSION['order_id'] is assigned the right value, after I click on the 'Ship This Order' button the page reloads itself and the URL becomes just the 'view_order.php' so the script should use 'elseif (isset($_SESSION['order_id'])' to assign '$order_id = $_SESSION['order_id'], but it doesn't, because for some reason the '($_SESSION['order_id'])' loses its value. I rechecked everything many times and there's no any mistake in my code here. And logic in the code is clear and obviously right. Meanwhile I found a workaround by modifying the <form action="view_order.php"... to <form action=" to view_order.php?oid=' . $order_id . '"..., so instead of the session the script uses $_GET['oid'] method and it works. But anyway I'd like to know if there's something I could tweak to make the session work in this file. P.S. I didn't have any problems using sessions when I was redirecting the user from the checkout.php to the billing.php and so on. The view_order.php doesn't jump from https to http or www. and the session_start(); function is always in the header.html Thanks in advance. Link to comment Share on other sites More sharing options...
HartleySan Posted June 18, 2013 Share Posted June 18, 2013 If you are using session_start() at the beginning of the script each time, then the $_SESSION superglobal will retain values you set. Without seeing your code though, there's not much else I can say. Link to comment Share on other sites More sharing options...
electric-fire Posted June 19, 2013 Author Share Posted June 19, 2013 Thank you for your help, here is the code: <?php // This file allows the administrator to view a specific order.// The administrator can also mark order items as shipped.// Require the configuration before any PHP code as configuration controls error reporting.require ('../includes/config.inc.php');// Set the page title and include the header:$page_title = 'Просмотр заказа';include ('./includes/header.html');// The header file begins the session.// Validate the order ID:$order_id = false;if (isset($_GET['oid']) && (filter_var($_GET['oid'], FILTER_VALIDATE_INT, array('min_range' => 1))) ) { // First access $order_id = $_GET['oid']; $_SESSION['order_id'] = $order_id; } elseif (isset($_SESSION['order_id']) && (filter_var($_SESSION['order_id'], FILTER_VALIDATE_INT, array('min_range' => 1))) ) { $order_id = $_SESSION['order_id'];}// Stop the page if the $order_id is not valid:if(!$order_id) { echo '<h3>Ошибка!</h3><p>Эта страница была открыта ошибочно.</p>'; include ('./includes/footer.html'); exit();/* If the page does not have a valid order ID, there's no point in continuing.An error will be printed, the footer included, and the script terminated. */}// Require the database connection:require(MYSQL);if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Update the order_contents table: $q = "UPDATE order_contents SET ship_date=NOW() WHERE order_id=$order_id"; $r = mysqli_query($dbc, $q); } // End of the submission IF.// Define and execute the query:$q = 'SELECT total, DATE_FORMAT(order_date, "%a %b %e, %Y at %h:%i%p") AS od, email, cus.name, CONCAT_WS(", ", district, city, address1, address2) AS address, phone, customer_id, CONCAT_WS(" - ", c.category, p.name) AS item, quantity, price_per, DATE_FORMAT(ship_date, "%b %e, %Y") AS sd, file_name, cat_file_name, CONCAT("O", p.id) AS sku FROM orders AS ord INNER JOIN customers AS cus ON (ord.customer_id=cus.id) INNER JOIN order_contents AS oc ON (oc.order_id=ord.id) INNER JOIN products as p ON (oc.product_id=p.id) INNER JOIN categories as c ON (c.id=p.category_id) WHERE ord.id=' . $order_id; // Execute the query:$r = mysqli_query($dbc, $q);// If rows were returned, start a form:if(mysqli_num_rows($r) > 0) { // Display the order info: echo '<h3>Заказ:</h3> <form action="view_order.php" method="post" accept-charset="utf-8"> <fieldset>'; // I had to hack and put the ?oid=' . $order_id . ' above, because for some reason the $_SESSION['order_id'] loses its value when the page is reloaded. // The form posts back to this same page and only contains, as written, // a submit button. // Fetch the first returned row and display the general information: $row = mysqli_fetch_array($r, MYSQLI_ASSOC); echo "<p><strong>Номер заказа</strong>: $order_id<br /> <strong>Общая сумма</strong>: {$row['total']}руб.<br /> <strong>Дата заказа (the US time)</strong>: {$row['od']}<br /> <strong>Имя клиента</strong>: {$row['name']}<br /> <strong>Адрес клиента</strong>: {$row['address']}<br /> <strong>Тел.</strong>: {$row['phone']}<br /> <strong>email</strong>: {$row['email']} </p>"; // Create the table: echo '<table border="0" width="100%" cellspacing="2" cellpadding="2"> <thead> <tr> <th align="center">Единица товара</th> <th align="right">Цена</th> <th align="center">Кол-во</th> <th align="center">Доставлен?</th> </tr> </thead> <tbody>'; // For confirming that the order has shipped: $shipped = true; // Print each item: do { echo '<tr> <td align="left"><a title="Просматреть товар в новой вкладке - URL: ' . $row['file_name'] . '" target="_blank" href="' . BASE_URL . 'catalog/' . $row['cat_file_name'] . '#' . $row['sku'] . '">' . $row['item'] . '</a></td> <td align="right">' . $row['price_per'] . '</td> <td align="center">' . $row['quantity'] . '</td> <td align="center">' . $row['sd'] . '</td> </tr>'; // Update the shipping status: if (!$row['sd']) $shipped = false; // if $row['sd'] is NULL (for any item in the order), // then the entire order has not been shipped yet, and the flag variable should // indicate such. } while ($row = mysqli_fetch_array($r)); echo '</tbody></table>'; // If the order hasn't entirely shipped, create the submit button: if(!$shipped) { echo '<div class="field"><input type="submit" value="Заказ доставлен" class="button" /></div>'; // For orders that have completely shipped, no submit button will exist. } echo '</fieldset> </form>'; } else { // Complete the mysqli_num_rows() conditional: // No records returned: echo '<h3>Ошибка!</h3><p>Данная страница была открыта из-за ошибки</p>'; include('./includes/footer.html'); exit();}include ('./includes/footer.html');?> Link to comment Share on other sites More sharing options...
HartleySan Posted June 19, 2013 Share Posted June 19, 2013 There's no session_start() in that code. You need to execute that on each script that you want to use sessions on. Link to comment Share on other sites More sharing options...
Larry Posted June 20, 2013 Share Posted June 20, 2013 The session should be started in the configuration file, I believe. I would start by confirming the session ID to make sure that's not changing. I'd also confirm the value of order ID at all points. Link to comment Share on other sites More sharing options...
electric-fire Posted June 22, 2013 Author Share Posted June 22, 2013 Thank you for your reply Link to comment Share on other sites More sharing options...
Recommended Posts