Jump to content
Larry Ullman's Book Forums
Sign in to follow this  

$_Session['Order_Id'] Loses The Value When The View_Order.Php File Is Reloaded

Recommended Posts

Hi, I encountered a bug when using the 'view_order.php?oid=x' page (page #344 in the book), first time it loads, everything works fine and the $_SESSION['order_id'] is assigned the right value,


after I click on the 'Ship This Order' button the page reloads itself and the URL becomes just the 'view_order.php' so the script should use 'elseif (isset($_SESSION['order_id'])' to assign '$order_id = $_SESSION['order_id'],


but it doesn't, because for some reason the '($_SESSION['order_id'])' loses its value. I rechecked everything many times and there's no any mistake in my code here. And logic in the code

is clear and obviously right.


Meanwhile I found a workaround by modifying the <form action="view_order.php"...

to <form action=" to view_order.php?oid=' . $order_id . '"...,


so instead of the session the script uses $_GET['oid'] method and it works.


But anyway I'd like to know if there's something I could tweak to make the session work in this file.



I didn't have any problems using sessions when I was redirecting the user from the checkout.php to the billing.php and so on.


The  view_order.php doesn't jump from https to http or www. and the session_start(); function is always in the header.html




Thanks in advance.







Share this post

Link to post
Share on other sites

If you are using session_start() at the beginning of the script each time, then the $_SESSION superglobal will retain values you set.

Without seeing your code though, there's not much else I can say.

Share this post

Link to post
Share on other sites

Thank you for your help, here is the code:



// This file allows the administrator to view a specific order.
// The administrator can also mark order items as shipped.

// Require the configuration before any PHP code as configuration controls error reporting.
require ('../includes/config.inc.php');

// Set the page title and include the header:
$page_title = 'Просмотр заказа';
include ('./includes/header.html');
// The header file begins the session.

// Validate the order ID:
$order_id = false;

if (isset($_GET['oid']) && (filter_var($_GET['oid'], FILTER_VALIDATE_INT, array('min_range' => 1))) ) { // First access

    $order_id = $_GET['oid'];
    $_SESSION['order_id'] = $order_id;         

} elseif (isset($_SESSION['order_id']) && (filter_var($_SESSION['order_id'], FILTER_VALIDATE_INT, array('min_range' => 1))) ) {

    $order_id = $_SESSION['order_id'];


// Stop the page if the $order_id is not valid:
if(!$order_id) {
    echo '<h3>Ошибка!</h3><p>Эта страница была открыта ошибочно.</p>';    
    include ('./includes/footer.html');

/* If the page does not have a valid order ID, there's no point in continuing.
An error will be printed, the footer included, and the script terminated. */

// Require the database connection:

    // Update the order_contents table:
    $q = "UPDATE order_contents SET ship_date=NOW() WHERE order_id=$order_id";

    $r = mysqli_query($dbc, $q);

} // End of the submission IF.

// Define and execute the query:
$q = 'SELECT total,

      DATE_FORMAT(order_date, "%a %b %e, %Y at %h:%i%p") AS od,
      email, cus.name, CONCAT_WS(", ", district, city, address1, address2) AS address,
      phone, customer_id, CONCAT_WS(" - ", c.category, p.name) AS item,
      quantity, price_per,
      DATE_FORMAT(ship_date, "%b %e, %Y") AS sd,
      file_name, cat_file_name, CONCAT("O", p.id) AS sku
      FROM orders AS ord
      INNER JOIN customers AS cus ON (ord.customer_id=cus.id)
      INNER JOIN order_contents AS oc ON (oc.order_id=ord.id)
      INNER JOIN products as p ON (oc.product_id=p.id)
      INNER JOIN categories as c ON (c.id=p.category_id)
      WHERE ord.id=' . $order_id;

// Execute the query:
$r = mysqli_query($dbc, $q);

// If rows were returned, start a form:
if(mysqli_num_rows($r) > 0) { // Display the order info:

    echo '<h3>Заказ:</h3>
    <form action="view_order.php" method="post" accept-charset="utf-8">
        <fieldset>'; // I had to hack and put the ?oid=' . $order_id . ' above, because for some reason the $_SESSION['order_id'] loses its value when the page is reloaded.
        // The form posts back to this same page and only contains, as written,
        // a submit button.
        // Fetch the first returned row and display the general information:
        $row = mysqli_fetch_array($r, MYSQLI_ASSOC);
        echo "<p><strong>Номер заказа</strong>: $order_id<br />
        <strong>Общая сумма</strong>: {$row['total']}руб.<br />
        <strong>Дата заказа (the US time)</strong>: {$row['od']}<br />
        <strong>Имя клиента</strong>: {$row['name']}<br />
        <strong>Адрес клиента</strong>: {$row['address']}<br />
        <strong>Тел.</strong>: {$row['phone']}<br />
        <strong>email</strong>: {$row['email']}        
        // Create the table:
        echo '<table border="0" width="100%" cellspacing="2" cellpadding="2">
                <th align="center">Единица товара</th>
                <th align="right">Цена</th>
                <th align="center">Кол-во</th>
                <th align="center">Доставлен?</th>
            // For confirming that the order has shipped:
            $shipped = true;

            // Print each item:
            do {
                echo '<tr>
                    <td align="left"><a title="Просматреть товар в новой вкладке - URL: ' . $row['file_name'] . '" target="_blank" href="' . BASE_URL . 'catalog/' . $row['cat_file_name'] . '#' . $row['sku'] . '">' . $row['item'] . '</a></td>
                    <td align="right">' . $row['price_per'] . '</td>
                    <td align="center">' . $row['quantity'] . '</td>
                    <td align="center">' . $row['sd'] . '</td>
                // Update the shipping status:
                if (!$row['sd']) $shipped = false; // if $row['sd'] is NULL (for any item in the order),
                // then the entire order has not been shipped yet, and the flag variable should
                // indicate such.
            } while ($row = mysqli_fetch_array($r));           

            echo '</tbody></table>';                
            // If the order hasn't entirely shipped, create the submit button:
            if(!$shipped) {
                echo '<div class="field"><input type="submit" value="Заказ доставлен" class="button" /></div>';
                // For orders that have completely shipped, no submit button will exist.
        echo '</fieldset>
} else { // Complete the mysqli_num_rows() conditional:

    // No records returned:
    echo '<h3>Ошибка!</h3><p>Данная страница была открыта из-за ошибки</p>';

include ('./includes/footer.html');

Share this post

Link to post
Share on other sites

The session should be started in the configuration file, I believe. 


I would start by confirming the session ID to make sure that's not changing. I'd also confirm the value of order ID at all points.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...