Carrying a string from one page to another

[wojo1086]

I keep trying to use cookies and sessions but I can't seem to figure out how to do it. I have form on page 1 that the user fills out, then when submitted, goes through two functions to check a few things and when everything is fine, gets sent to a php page to be put into a database. How would I use a session to take the strings to the php file?

[mlseim]

Do you need sessions to keep the variables in case you have to go back to the form?
Otherwise, you can go from form to database without using sessions.

And how many variables are you talking about?

[wojo1086]

I tried to go from form to database, but I'm not sure where in my scripting to put the php script. Once the form returns true, it goes to another page. Do I put the php script somewhere in the javascript function? I only have, like, six strings. Here are the two functions and the <form>.

Code:

<script>
    function checkFields() {
        var recipeNameEl = document.getElementById( 'recipeName' );
        var ingredientsEl = document.getElementById( 'ingredients' );
        var descriptionEl = document.getElementById( 'description' );
        
        var helperMsg1 = 'You have not filled in all required fields.';
        var helperMsg2 = 'I thought I said no measurements! (No Numbers)';
        
        return notEmpty( recipeNameEl, ingredientsEl, descriptionEl, helperMsg1, helperMsg2 );
    }
</script>

<script type="text/javascript">
function notEmpty( recipeNameEl, ingredientsEl, descriptionEl, helperMsg1, helperMsg2 ){
	if(recipeNameEl.value.length == 0){
		alert(helperMsg1);
		recipeNameEl.focus();
		return false;}

	if(ingredientsEl.value.length == 0){
		alert(helperMsg1);
		ingredientsEl.focus();
		return false;}
	
	if(descriptionEl.value.length == 0){
		alert(helperMsg1);
		descriptionEl.focus();
		return false;}
	
	
	var alphaExp = /^[a-zA-Z]+$/;
	if(ingredientsEl.value.match(alphaExp)){
	return true;
		}else{
		alert(helperMsg2);
		ingredientsEl.focus();
		return false;}
	
	return true;
}

</script>

Code:

<center>

<div id="main">
<form align="center" method="post" action="/wamp/www/recipesubmit2.php" onsubmit="return checkFields();">
<font color="red"><i>* = Required Field</i></font>
<table  border="0" bordercolor="darkblue">
<tr><td align="right"><font color="red">*</font>Recipe Name:</td><td><input type='text' id='recipeName' name='recipeName' size=50></td></tr>
<tr><td></br></td></tr>
<tr><td align="right"><font color="red">*</font>Ingredients:</td><td><input type='text' id='ingredients' name='ingredients' size=50></td></tr>
<tr><td></td><td><font font size="2" color="red">Reminder: </font><font font size="2">Make sure you put a space between each ingredient.</br>Example: <b>chicken cream of mushroom soup</b>. DO NOT PUT</br>MEASUREMENTS! It is also important to correctly spell the</br>ingredients otherwise your recipe may not be found when searched.</td></tr>
<tr><td></br></td></tr>
<tr><td align="right"><font color="red">*</font>Directions:</td><td><textarea id='description' name='description' cols=50 rows=10></textarea></td></tr>
<tr><td></br></td></tr>
<tr><td align="right"><font color="red">*</font>Cook/Prep Time:</td>
<td><select name="cooktimedrop">
    <option value="zerofive">0-5</option>
    <option value="sixten">6-10</option>
    <option value="elevenfifteen">11-15</option>
    <option value="sixteentwenty">16-20</option>
    <option value="twentyonetwentyfive">21-25</option>
    <option value="twentysixthirty">26-30</option>
    <option value="thirtyonethirtyfive">31-35</option>
    <option value="thirtysixforty">36-40</option>
    <option value="fortyonefortyfive">41-45</option>
    <option value="fortysixfifty">46-50</option>
    <option value="fiftyonefiftyfive">51-55</option>
    <option value="fiftysixsixty">56-60</option>
    <option value="sixtyoneplus">61+</option>
</select>  minutes</td>
<tr><td></br></td></tr>
<tr><td align="right"><font color="red">*</font>Genre:</td>
<td><select name="genredrop">
    <option value="alcoholic">Alcoholic</option>
    <option value="appetizers">Appetizers</option>
    <option value="beverages">Beverages</option>
    <option value="breads">Breads</option>
    <option value="breakfast">Breakfast</option>
    <option value="cakes">Cakes</option>
    <option value="candies">Candies</option>
    <option value="casseroles">Casseroles</option>
    <option value="cookies">Cookies</option>
    <option value="crockpot">Crockpot</option>
    <option value="desserts">Desserts</option>
    <option value="dipsdressings">Dips/Dressings</option>
    <option value="entrees">Entrees</option>
    <option value="fatfree">Fat Free</option>
    <option value="georgeforeman">George Foreman</option>
    <option value="halal">Halal</option>
    <option value="herbal">Herbal</option>
    <option value="italian">Italian</option>
    <option value="jams">Jams</option>
    <option value="jello">Jell-O</option>
    <option value="lowfat">Low Fat</option>
    <option value="mexican">Mexican</option>
    <option value="puddings">Puddings</option>
    <option value="rice">Rice</option>
    <option value="salads">Salads</option>
    <option value="sauces">Sauces</option>
    <option value="seafood">Seafood</option>
    <option value="snacks">Snacks</option>
    <option value="soups">Soups</option>
    <option value="vegan">Vegan</option>
    <option value="vegetarian">Vegetarian</option>
<tr><td></br></td></tr>
<tr><td align="right">Submitted By:</td><td><input type='text' id='submittedBy' name='submittedBy' size=40></br></td></tr>
<tr><td></br></td></tr>
<tr><td></td><td align="right"><input type='submit' value='Submit Recipe'></td></tr>
</form>
</div>
</center>

[mlseim]

Your Javascripting can do the validation and stay on the same page as the form,
so you validate without ever leaving the form page. When Javascript says everything
is OK, you then send the variables to the "recipesubmit2.php" script. I think that's
what you're trying to do?

So the Javascripting does the validation and you're saying that part works good?

Now you want to send the form variables to this script, recipesubmit2.php?

Let's see what you have for that script so far.

[wojo1086]

This is what recipesubmit2.php looks like. The echo $_request line was me trying to display what the page was carrying over as far as strings. I've tried other things like $_session and $_post but I can't seem to make them work. As far as the whole mySQL section, that was me testing to see if it was really putting strings into the database. That section works no problem. When I figure out how to carry the strings from the previous page, the "values" part of the mySQL query will change to those strings.

Code:

<?php session_start();?>
<html>
<head>
<?php
$con = mysql_connect("localhost","wojo1086","badboy21");
if (!$con)
	{die('Could not connect: ' . mysql_error());}
mysql_select_db("recipes", $con);
mysql_query("insert into recipeData (recipeName, ingredients, description, cookTime, submittedBy, genre)
values ('Lemon and Honey Tea', 'Lemon Honey', 'Enjoy it!', '3', 'Timothy Wojtylak', 'Herbal')");
mysql_close($con);
?>


</head>
<body>
<?php
echo $_request["recipeName"];;
?>
</body>
</html>

[mlseim]

Try something more like this (and use comments, they help with troubleshooting) ...

PHP Code:

<?php

// Get variables from form - sanitize them for any SQL Queries.
$recipeName=mysql_real_escape_string($_POST['recipeName']));
$ingredients=mysql_real_escape_string($_POST['ingredients']));
$description=mysql_real_escape_string($_POST['description']));
$cooktimedrop=mysql_real_escape_string($_POST['cooktimedrop']));
$genredrop=mysql_real_escape_string($_POST['genredrop']));

// Connect to database
$con = mysql_connect("localhost","wojo1086","badboy21");
if (!$con)
    {die('Could not connect: ' . mysql_error());}
mysql_select_db("recipes", $con);

// MySQL query.
mysql_query("insert into recipeData (recipeName, ingredients, description, cookTime, submittedBy, genre)
values ('$recipeName', '$ingredients', '$description', '$cooktimedrop', 'Timothy Wojtylak', '$genredrop')");

// Close MySQL Connection.
mysql_close($con);

// Redirect back to a specific page ... like the main page?
header ("location: index.php");
?>

[wojo1086]

In every one of those mysql_real_escape_string, I get a warning saying the access was denied and it couldn't establish a connection to the server.

[mlseim]

Then move things around ....
You have to sort of experiment with things.
We have no way to test any of your scripting.

PHP Code:

<?php

// Connect to database
$con = mysql_connect("localhost","wojo1086","badboy21");
if (!$con)
    {die('Could not connect: ' . mysql_error());}
mysql_select_db("recipes", $con);

// Get variables from form - sanitize them for any SQL Queries.
$recipeName=mysql_real_escape_string($_POST['recipeName']));
$ingredients=mysql_real_escape_string($_POST['ingredients']));
$description=mysql_real_escape_string($_POST['description']));
$cooktimedrop=mysql_real_escape_string($_POST['cooktimedrop']));
$genredrop=mysql_real_escape_string($_POST['genredrop']));

// MySQL query.
mysql_query("insert into recipeData (recipeName, ingredients, description, cookTime, submittedBy, genre)
values ('$recipeName', '$ingredients', '$description', '$cooktimedrop', 'Timothy Wojtylak', '$genredrop')");

// Close MySQL Connection.
mysql_close($con);

// Redirect back to a specific page ... like the main page?
header ("location: index.php");
?>

[Phil Jackson]

Quote:

Originally Posted by mlseim

Then move things around ....
You have to sort of experiment with things.
We have no way to test any of your scripting.

PHP Code:

<?php

// Connect to database
$con = mysql_connect("localhost","wojo1086","badboy21");
if (!$con)
    {die('Could not connect: ' . mysql_error());}
mysql_select_db("recipes", $con);

// Get variables from form - sanitize them for any SQL Queries.
$recipeName=mysql_real_escape_string($_POST['recipeName']));
$ingredients=mysql_real_escape_string($_POST['ingredients']));
$description=mysql_real_escape_string($_POST['description']));
$cooktimedrop=mysql_real_escape_string($_POST['cooktimedrop']));
$genredrop=mysql_real_escape_string($_POST['genredrop']));

// MySQL query.
mysql_query("insert into recipeData (recipeName, ingredients, description, cookTime, submittedBy, genre)
values ('$recipeName', '$ingredients', '$description', '$cooktimedrop', 'Timothy Wojtylak', '$genredrop')");

// Close MySQL Connection.
mysql_close($con);

// Redirect back to a specific page ... like the main page?
header ("location: index.php");
?>

As mlseim says you must start to move things around to test theory. The actual problem being that mysql_real_escape string is not just simply a PHP function but a php/mysql function such as mysql_query, mysql_num_rows, mysql_fetch array. The link between all of these being that you must first have a connection established to use the functions.

If I was you I would consider using the following as good practice;

PHP Code:

# connect to main database that holds all accounts
$con = mysql_connect( MYSQL_SERVER_HOST, MYSQL_SERVER_USER, MYSQL_SERVER_PASS ) or die ( mysql_error() );
$db = mysql_select_db( MYSQL_SERVER_DB, $con);

# purify all data being passed to the server
function filter( $data ) { $data = trim( htmlentities( strip_tags( $data ) ) ); if ( get_magic_quotes_gpc() ) { $data = stripslashes( $data ); } $data = mysql_real_escape_string( $data ); return $data; }
foreach( $_POST as $key => $val ){ $post[$key] = filter( $val ); unset( $_POST[$key] ); }
foreach( $_GET as $key => $val ){ $get[$key] = filter( $val ); unset( $_GET[$key] ); }

// close the connection
mysql_close($con);

// now continue with your code here. Display the previous code at the top of every page you intend on using the database with post and get data.

// $_POST and $_GET now no longer exist. $post[''] and $get[''] have taken their place ( you could change to what you want.