This question already has an answer here:
Everything I'm doing is in Dreamweaver, PHP, and MySQL. I'm trying to figure out how to allow a user to write to the database with a form and then use some of that information as a $_SESSION variable on the next page. In this scenario, the user selects an option from a drop-down list and submits a form named "SelectBookForm" for a value 'play_system', writing a new row to my table 'characters', receiving a new "character_id" value. "SelectBookForm" is also used to write a name to the field "character_name1".
<?php require_once('Connections/DLP_RPG.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}
php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "SelectBookForm")) {
$insertSQL = sprintf("INSERT INTO characters (character_name1, play_system, character_owner) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['NewCharacterNameInput'], "text"),
GetSQLValueString($_POST['select'], "text"),
GetSQLValueString($_POST['CharacterOwner'], "int"));
mysql_select_db($database_DLP_RPG, $DLP_RPG);
$Result1 = mysql_query($insertSQL, $DLP_RPG) or die(mysql_error());
$insertGoTo = "character_new_book_select.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_login = "SELECT * FROM users";
$login = mysql_query($query_login, $DLP_RPG) or die(mysql_error());
$row_login = mysql_fetch_assoc($login);
$totalRows_login = mysql_num_rows($login);
mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_play_systems_recordset = "SELECT * FROM play_systems";
$play_systems_recordset = mysql_query($query_play_systems_recordset, $DLP_RPG) or die(mysql_error());
$row_play_systems_recordset = mysql_fetch_assoc($play_systems_recordset);
$totalRows_play_systems_recordset = mysql_num_rows($play_systems_recordset);
mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_CharacterOwner = "SELECT * FROM users WHERE users.user_id =
(SELECT user_id FROM users WHERE user_login = '{$_SESSION['MM_Username']}')";
$CharacterOwner = mysql_query($query_CharacterOwner, $DLP_RPG) or die(mysql_error());
$row_CharacterOwner = mysql_fetch_assoc($CharacterOwner);
$totalRows_CharacterOwner = mysql_num_rows($CharacterOwner);
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="default.css" media="screen"/>
<title>Dark Ritual</title>
</head>
<body>
<div class="container">
<div class="header">DLP RPG testing</div>
<div class="main_right">
<div class="padded">
<h1>Help files</h1>
<p>This would hopefully be where help files load when a user clicks on something. Unobtrusive to people that know what they what to enter, but helpful to people that like to poke around.</p>
</div>
</div>
<div class="subnav">
<h1>Character Sheets</h1>
<ul>
<li><a href="character_list.php">My Characters</a></li>
<li><a href="character_new_system_select.php">New Character</a></li>
</ul><br>
<ul><li><a href="<?php echo $logoutAction ?>">Logout</a></li></ul>
<h1>Do you want to help?</h1>
<li><a href="http://dangerouslylow.com/?page_id=6">Contact page</a></li>
</ul>
</div>
<div class="main">
<div class="padded">
<h1>Select a play system</h1>
<p class="meta">Every system is different and how you interact with the site will be radically different depending on what you choose. You're making a new character, so the first question is, What game do you want to play?</p>
<form action="<?php echo $editFormAction; ?>" name="SelectBookForm" method="POST" id="SelectBookForm">
<select name="select" size="1" form="SelectBookForm">
<?php
do {
?>
<option value="<?php echo $row_play_systems_recordset['play_system']?>"><?php echo $row_play_systems_recordset['play_system']?></option>
<?php
} while ($row_play_systems_recordset = mysql_fetch_assoc($play_systems_recordset));
$rows = mysql_num_rows($play_systems_recordset);
if($rows > 0) {
mysql_data_seek($play_systems_recordset, 0);
$row_play_systems_recordset = mysql_fetch_assoc($play_systems_recordset);
}
?>
</select>
<input name="CharacterOwner" type="hidden" id="CharacterOwner" value="<?php echo $row_CharacterOwner['user_id']; ?>"><input name="NewCharacterNameInput" type="text" required id="NewCharacterNameInput" form="SelectBookForm" placeholder="Give your character a name!" size="25" maxlength="128">
<BR>
<input name="NewCharacterSubmit" type="submit" id="NewCharacterSubmit" form="SelectBookForm" value="Select system and start my character">
<input type="hidden" name="MM_insert" value="PlaySystemForm">
<input type="hidden" name="MM_insert" value="SelectBookForm">
</form>
<br>
<table width="100%" border="1">
<tbody>
<tr>
<td width="175"><h2>System Name:</h2></td>
<td width="175"><h2>Manufacturer:</h2></td>
</tr></tbody>
<?php do { ?>
<table width="100%" border="1">
<tbody>
<tr>
<td width="175"><?php echo $row_play_systems_recordset['play_system']; ?></td>
<td width="175"><a href="<?php echo $row_play_systems_recordset['play_system_url']; ?>" target="_blank"><img src="img/<?php echo $row_play_systems_recordset['play_system_graphic_filename']; ?>" alt="" width="150" border="0"/></a></td>
</tr>
</tbody>
</table>
<?php } while ($row_play_systems_recordset = mysql_fetch_assoc($play_systems_recordset)); ?>
<p>Ideally this would be a dynamic list based on products that are out of testing and available. If you're a system creator or whatever kind of site admin, they should be able to see everything. Still trying to figure out how to make it load dynamically. Maybe write to a cookie so it holds in POST the system selection?</p>
<p>Next you'll choose what books you want to start with</p>
... </div>
</div>
<div class="clearer"><span></span></div>
<div class="footer">
<span class="left">Most of what is behind this page is copyrighted and used without permission</span>
<span class="right">Design by <a href="http://arcsin.se/">Arcsin</a> <a href="http://templates.arcsin.se/">Web Templates</a></span>
<div class="clearer"><span></span></div>
</div>
</div>
</body>
</html>
<?php
mysql_free_result($login);
mysql_free_result($play_systems_recordset);
?>What I would like to do is take the 'character_id' value for the new row that was created and the 'play_system' value that was written in as $_SESSION values. I'm expecting there to be a lot of values and rows and the next page is going to have another drop-down list that I'm hoping will be restricted by the selection in the first page. With a little help I think passing more SESSION values will let me get to the end of the process I'm trying to start.
This is the code on the second page:
<?php require_once('Connections/DLP_RPG.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['PrevUrl']);
$logoutGoTo = "pretty_index.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "0,1,2,3,4,5,6,7,8,9";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_login = "SELECT * FROM users";
$login = mysql_query($query_login, $DLP_RPG) or die(mysql_error());
$row_login = mysql_fetch_assoc($login);
$totalRows_login = mysql_num_rows($login);
mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_BooksRecordset = "SELECT * FROM character_system";
$BooksRecordset = mysql_query($query_BooksRecordset, $DLP_RPG) or die(mysql_error());
$row_BooksRecordset = mysql_fetch_assoc($BooksRecordset);
$totalRows_BooksRecordset = mysql_num_rows($BooksRecordset);
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="default.css" media="screen"/>
<title>Dark Ritual</title>
</head>
<body>
<div class="container">
<div class="header">DLP RPG testing</div>
<div class="main_right">
<div class="padded">
<h1>Help files</h1>
<p>This would hopefully be where help files load when a user clicks on something. Unobtrusive to people that know what they what to enter, but helpful to people that like to poke around.</p>
</div>
</div>
<div class="subnav">
<h1>Character Sheets</h1>
<ul>
<li><a href="character_list.php">My Characters</a></li>
<li><a href="character_new_system_select.php">New Character</a></li>
</ul><br>
<ul><li><a href="<?php echo $logoutAction ?>">Logout</a></li></ul>
<h1>Do you want to help?</h1>
<li><a href="http://dangerouslylow.com/?page_id=6">Contact page</a></li>
</ul>
</div>
<div class="main">
<div class="padded">
<h1>Which campaigns and books do you want to start with?</h1>
<p>If you're just starting a new character and not all that familiar with the campaigns available, I would suggest only picking one book. If you know you want a very specific type of character, then feel free to select as many as you want. Don't forget to include the base books in your selection!</p>
<form method="post" id="BookSelectionForm">
<select name="BookSelections" size="10" multiple id="BookSelections" form="BookSelectionForm">
<?php
do {
?>
<option value="<?php echo $row_BooksRecordset['character_system_id']?>"><?php echo $row_BooksRecordset['book']?></option>
<?php
} while ($row_BooksRecordset = mysql_fetch_assoc($BooksRecordset));
$rows = mysql_num_rows($BooksRecordset);
if($rows > 0) {
mysql_data_seek($BooksRecordset, 0);
$row_BooksRecordset = mysql_fetch_assoc($BooksRecordset);
}
?>
</select>
</form>
<h1>Select which books to use</h1>
<p class="meta">The 'book' table has a 'play_system' field that is equal to the text of the name of the system. The intention here is to only show the books for the system and not confuse the user.</p>
<p>If the post data shows it would ideally be only for the play_system values</p>
<?php
echo "this is the _POST data";
print_r($_POST);
//or
foreach ($_POST as $key => $value)
echo $key.'='.$value.'<br />';
?><BR>
<?php
echo "this is the _SESSION data";
echo '<pre>';
var_dump($_SESSION);
echo '</pre>';
?>
</div>
</div>
<div class="clearer"><span></span></div>
<div class="footer">
<span class="left">Most of what is behind this page is copyrighted and used without permission</span>
<span class="right">Design by <a href="http://arcsin.se/">Arcsin</a> <a href="http://templates.arcsin.se/">Web Templates</a></span>
<div class="clearer"><span></span></div>
</div>
</div>
</body>
</html>
<?php
mysql_free_result($login);
mysql_free_result($BooksRecordset);
?>
<?php require_once('Connections/DLP_RPG.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['PrevUrl']);
$logoutGoTo = "pretty_index.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "0,1,2,3,4,5,6,7,8,9";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_login = "SELECT * FROM users";
$login = mysql_query($query_login, $DLP_RPG) or die(mysql_error());
$row_login = mysql_fetch_assoc($login);
$totalRows_login = mysql_num_rows($login);
mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_BooksRecordset = "SELECT * FROM character_system";
$BooksRecordset = mysql_query($query_BooksRecordset, $DLP_RPG) or die(mysql_error());
$row_BooksRecordset = mysql_fetch_assoc($BooksRecordset);
$totalRows_BooksRecordset = mysql_num_rows($BooksRecordset);
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="default.css" media="screen"/>
<title>Dark Ritual</title>
</head>
<body>
<div class="container">
<div class="header">DLP RPG testing</div>
<div class="main_right">
<div class="padded">
<h1>Help files</h1>
<p>This would hopefully be where help files load when a user clicks on something. Unobtrusive to people that know what they what to enter, but helpful to people that like to poke around.</p>
</div>
</div>
<div class="subnav">
<h1>Character Sheets</h1>
<ul>
<li><a href="character_list.php">My Characters</a></li>
<li><a href="character_new_system_select.php">New Character</a></li>
</ul><br>
<ul><li><a href="<?php echo $logoutAction ?>">Logout</a></li></ul>
<h1>Do you want to help?</h1>
<li><a href="http://dangerouslylow.com/?page_id=6">Contact page</a></li>
</ul>
</div>
<div class="main">
<div class="padded">
<h1>Which campaigns and books do you want to start with?</h1>
<p>If you're just starting a new character and not all that familiar with the campaigns available, I would suggest only picking one book. If you know you want a very specific type of character, then feel free to select as many as you want. Don't forget to include the base books in your selection!</p>
<form method="post" id="BookSelectionForm">
<select name="BookSelections" size="10" multiple id="BookSelections" form="BookSelectionForm">
<?php
do {
?>
<option value="<?php echo $row_BooksRecordset['character_system_id']?>"><?php echo $row_BooksRecordset['book']?></option>
<?php
} while ($row_BooksRecordset = mysql_fetch_assoc($BooksRecordset));
$rows = mysql_num_rows($BooksRecordset);
if($rows > 0) {
mysql_data_seek($BooksRecordset, 0);
$row_BooksRecordset = mysql_fetch_assoc($BooksRecordset);
}
?>
</select>
</form>
<h1>Select which books to use</h1>
<p class="meta">The 'book' table has a 'play_system' field that is equal to the text of the name of the system. The intention here is to only show the books for the system and not confuse the user.</p>
<p>If the post data shows it would ideally be only for the play_system values</p>
<?php
echo "this is the _POST data";
print_r($_POST);
//or
foreach ($_POST as $key => $value)
echo $key.'='.$value.'<br />';
?><BR>
<?php
echo "this is the _SESSION data";
echo '<pre>';
var_dump($_SESSION);
echo '</pre>';
?>
</div>
</div>
<div class="clearer"><span></span></div>
<div class="footer">
<span class="left">Most of what is behind this page is copyrighted and used without permission</span>
<span class="right">Design by <a href="http://arcsin.se/">Arcsin</a> <a href="http://templates.arcsin.se/">Web Templates</a></span>
<div class="clearer"><span></span></div>
</div>
</div>
</body>
</html>
<?php
mysql_free_result($login);
mysql_free_result($BooksRecordset);
?>I'm still trying to figure out which section of the code runs when the button is pressed.
I think it's here:
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "SelectBookForm")) {
$insertSQL = sprintf("INSERT INTO characters (character_name1, play_system, character_owner) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['NewCharacterNameInput'], "text"),
GetSQLValueString($_POST['select'], "text"),
GetSQLValueString($_POST['CharacterOwner'], "int"));
$_SESSION['play_system'] = clone GetSQLValueString($_POST['select'], "text");
$_SESSION['character_owner'] = clone GetSQLValueString($_POST['CharacterOwner'], "int"));
$_SESSION['character_name1'] = clone GetSQLValueString($_POST['NewCharacterNameInput'], "text");
mysql_select_db($database_DLP_RPG, $DLP_RPG);
$Result1 = mysql_query($insertSQL, $DLP_RPG) or die(mysql_error());
$insertGoTo = "character_new_book_select.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}So I tried to create the session variables, the line for CharacterOwner keeps coming up as an issue though. Dreamweaver flags it as a problem, but the syntax is the same so I'm confused as to what is causing the issue.
Parse error: syntax error, unexpected ')' in /home/.../character_new_system_select.php on line 118
I'll try to figure out where the extra parenthesis is or is missing from
</div>
