I have attempted to use $_SESSION in a form input I am creating however I cannot get it to work and do not know what I am doing wrong, it works with my previous part of the form when carrying data over to the next page - however the code does not seem to work for the main part of the form.
<?php
//This includes the variables, adjusted within the 'config.php file' and the functions from the 'functions.php' - the config variables are adjusted prior to anything else.
require('configs/config.php');
require('configs/functions.php');
//Check to see if the form has been submited, if it has we continue with the script.
if(isset($_POST['confirmation']) && isset($_POST['name']) && isset($_POST['email']) && isset($_POST['address1']) && isset($_POST['city']) && isset($_POST['postcode']) and $_POST['confirmation']=='true')
{
//Slashes are removed, depending on whether magic_quotes_gpc is on.
if(get_magic_quotes_gpc())
{
$_POST['name'] = stripslashes($_POST['name']);
$_POST['email'] = stripslashes($_POST['email']);
$_POST['address1'] = stripslashes($_POST['address1']);
$_POST['address2'] = stripslashes($_POST['address2']);
$_POST['city'] = stripslashes($_POST['city']);
$_POST['postcode'] = stripslashes($_POST['postcode']);
$_POST['phonenum'] = stripslashes($_POST['phonenum']);
}
//Create the future reference number of the repair.
$maxid = mysql_fetch_array(mysql_query('select max(id) as id from repairs'));
$id = intval($maxid['id'])+1;
//Create the future reference number of the repair.
$maxref = mysql_fetch_array(mysql_query('select max(reference) as reference from repairs'));
$reference = intval($maxref['reference'])+8;
//Here the session variables are converted back into standard variables.
$model = $_SESSION['model'];
$problem = $_SESSION['problem'];
$info = $_SESSION['info'];
$device = $_SESSION['device'];
$price = $_SESSION['price'];
$image = $_SESSION['image'];
//Here the variables are protected using mysql_real_escape_string.
$name = mysql_real_escape_string(substr($_POST['name'],0,150));
$email = mysql_real_escape_string(substr($_POST['email'],0,255));
$address1 = mysql_real_escape_string(substr($_POST['address1'],0,255));
$address2 = mysql_real_escape_string(substr($_POST['address2'],0,255));
$city = mysql_real_escape_string(substr($_POST['city'],0,100));
$postcode = mysql_real_escape_string(substr($_POST['postcode'],0,9));
$phonenum = mysql_real_escape_string(substr($_POST['phonenum'],0,11));
$date = date("r");
//Here the variables are protected using trim.
$name = trim($name);
$email = trim($email);
$address1 = trim($address1);
$address2 = trim($address2);
$city = trim($city);
$postcode = trim($postcode);
$phonenum = trim($phonenum);
//Here the variables are protected using htmlspecialchars.
$name = htmlspecialchars($name);
$email = htmlspecialchars($email);
$address1 = htmlspecialchars($address1);
$address2 = htmlspecialchars($address2);
$city = htmlspecialchars($city);
$postcode = htmlspecialchars($postcode);
$phonenum = htmlspecialchars($phonenum);
//Here the variables are protected using strip_tags.
$name = strip_tags($name);
$email = strip_tags($email);
$address1 = strip_tags($address1);
$address2 = strip_tags($address2);
$city = strip_tags($city);
$postcode = strip_tags($postcode);
$phonenum = strip_tags($phonenum);
//The details about the repair are entered into the database
$query = mysql_query("insert into repairs (id, model, problem, info, name, email, address1, address2, city, postcode, phonenum, price, date, reference) values ('$id', '$model', '$problem', '$info', '$name', '$email', '$address1', '$address2', '$city', '$postcode', '$phonenum', '$price', '$date', '$reference')") or die(header('Location: 404.php'));
?>
Some HTML is here.
<?
}
else {
header('Location: 404.php');
}
?>
Can anyone help me to get this to work?
