Sticky forms

Its like this site is a conspiracy, nothing seems to work like it should. I have applied sticky forms plenty of times in the past, this site, they dont work.

I have tried $_POST and $_SESSION, nothing. I have chopped out the html, you will notice I have several different ways I am trying.

<?php if (!isset($_SESSION)) {
  session_start();
}
?>
<?php require_once('Connections/assess_remote.php'); ?>
<?php
$county_choice=$_SESSION['county$1'];
 if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
} 

mysql_select_db($database_assess, $assess_remote);
$query_county_result = "SELECT * FROM counties WHERE name ='checked'";
$county_result = mysql_query($query_county_result, $assess_remote) or die(mysql_error());
$row_county_result = mysql_fetch_assoc($county_result);
$totalRows_county_result = mysql_num_rows($county_result);
?>

<?php
$_SESSION['user_name']=$_POST['user_name']; 
 $user_name=$_SESSION['user_name'];

?>
<?php $firm_name=$_SESSION['firm_name']; ?>
<?php 

if ( !empty($_POST['county']))
  foreach ( $_POST['county'] AS $id => $name )
    echo 'You have selected '. " {$name}".'<br />';
	


	
	/*$totalRows_county_result_net= "($totalRows_county_result + 1)".'<br />';	
 echo "$totalRows_county_result_net";
 echo "$totalRows_county_result";*/

 ?>
 <?php $result=$_SESSION[$county_result]; ?>


<?php 
/*$name=$_POST['name'];
echo 'You have selected'."$name".'<br />';
echo 'this is the new one'. "$result";*/
?>
<h1>Step 2:</h1><br  />
<h3>Create Your Profile</h3>
<p>You may change or update your profile any time you wish by logging into this page.</p>
<table>
<form action="profile_result.php" name="attinput" method="POST"  >
 <tr><td><label for "user_name">Enter a User Name: *</label></td>
<td><input name="user_name" type="text" <?php if(isset ($_POST['user_name'])) {echo htmlentities($_POST['user_name']);}?> size="25"/></td></tr>
<tr><td><label for "password">Enter a Password:*</label></td>
<td><input name="password" type="text" size="25"/> 
</td></tr>
<tr><td><label for "firm_name">Name of Law Firm:* </label></td>
<td><input name="firm_name" type="text" <?php if(isset($_SESSION['firm_name'])) echo  $_SESSION['firm_name']?>size="45" /></td></tr> 

<tr><td><label for "logo"> Firm Logo </label></td>
<td><input name="logo" input type="file" /></td></tr>
<tr><td>
<label for "fname">First name of Attorney:*</label></td>
<td><input name="fname" type="text"<?php echo((isset($_POST["fname"]))?$_POST["fname"]:"") ?>  size="25"/>
<tr><td><label>Initial</label></td><td><input name="initial" type="text" value="<?php echo((isset($_POST["initial"]))?$_POST["initial"]:"") ?>" size="3" /></td></tr>

<tr><td>
<label>Last name of Attorney:*</label></td>
<td><input name="lname" type="text" <?php echo((isset($_POST["lname"]))?$_POST["lname"]:""); ?> size="25"/></td></tr>
<tr><td>Attorney Picture</td><td><input name="att_image" type="file" />
<tr><td>
<label for "street">Street Address:*</label></td><td>
<input name="street" type="text" value="<?php  if(isset($_POST['street'])) echo $_POST['street'];?>" size="40"/></td></tr>

<tr><td><label for "suite">
Suite</label></td>

 <td> <input name="suite" type="text" size="30"/> </td></tr>
<tr><td>  <label for "city">City:*</label></td>
<td><input name="city" type="text"<?php if(isset ($_POST['city'])) {echo htmlentities($_POST['city']);}?>  size="30"/></td></tr>
 <tr><td><label for "state">State</label></td>
<td><input name="state" type="text" value="<?php echo $choice=$_POST['state'];?>" /></td></tr>
<tr><td> <label for "zip">Zip Code:*</label></td>
<td><input name="zip" type="text" size="10"/></td></tr>
<tr><td> <label for "phone">Phone Number:*</label></td>
<td><input name="phone" type="text" size="20"/></td></tr>
<tr><td> <label for "ext">Ext / Direct Line:*</label></td>
<td><input name="ext" type="text" size="20"/></td></tr>
<tr><td><label for "fax">Fax Numbereliminate</label></td>
<td><input name="fax" type="text" size="20"/></td></tr> 
<tr><td><label for "email">E-Mail Address</label></td>
<td><input name="email" type="text" size="30"/></td></tr>
<tr><td><label for "url">Web Site Address</label></td>
<td><input name="url" type="text" size="45" value="http://www." />
</td></tr>
<tr><td><label for "url">Web Blog Address</label></td>
<td><input name="url" type="text" size="45" value="http://www." />
</td></tr>
<tr><td><label for "url"> Contact Page Address</label></td>
<td><input name="url" type="text" size="45" value="http://www." />
</td></tr>
<tr><td><label for "url">Attorney Profile Address</label></td>
<td><input name="url" type="text" size="45" value="http://www." />
</td></tr>
<tr><td><label for "county">County</label></td>
<td><input name="county" type="text" size="45" />
</td></tr>
<tr><td><label for "deadline">Deadline for appeal</label></td>
<td><input name="deadline" type="text" size="25"/>
</td></tr>
<tr><td><label for"description">Description of your firm</label></td>
<td><textarea name="description" cols="45" id="eBann" rows="10" onKeyUp="toCount('eBann','sBann','{CHAR} characters left',4000);"></textarea></td></tr>
<tr><td></td><td><span id="sBann" class="minitext">4000 characters left.</span></td></tr>

<tr>
<td><label for"lawyer_description">Please give a description of attorney</label></td>
<td><textarea name="lawyer_description" cols="45" rows="10"></textarea></td></tr>

<tr>
<td> Check other area's of practice.<br />

  <input name="realestate" label="realestate" type="checkbox" value="Real Estate" />Real Estate<br />
  <input name="business" label="business" type="checkbox" value="Business" />Business Law<br />
<input name="criminal" label="criminal" type="checkbox" value="Criminal" />Criminal<br />
<input name="bankruptcy" label="bankruptcy" type="checkbox" value="Bankruptcy" />Bankruptcy<br />
<input <?php if (!(strcmp(((isset($_POST["family_law"]))?$_POST["family_law"]:""),"checked"))) {echo "checked=\\"checked\\"";} ?> name="family_law" label="family_law" type="checkbox" value="Family Law" />
Family Law<br />
<input name="labor" label="labor" type="checkbox" value="Labor Law" />Labor Law<br />
<input name="estate" label="estate" type="checkbox" value="estate" />Estate Planning<br />

<input name="pi" label="pi" type="checkbox" value="pi" />Personal Injury<br />
<input name="general" label="general" type="checkbox" value="General" />General Law</td>

</tr>
<tr><td>
<input name="submit" type="submit" value="Submit your Profile" />
<input type="hidden" name="MM_insert" value="attinput" />
</form>
</td></td>
</table>

What could be stopping this?

Thanks

Gary

I’m a noob at this, but rather than this

<?php if(isset ($_POST['user_name'])) {echo htmlentities([COLOR="Red"]$_POST['user_name'][/COLOR]);}?>

I’d try something like

<?php if(isset ($_POST['user_name'])) {echo htmlentities([COLOR="Red"]$name[/COLOR]);}?>

Thank you for your reply. I plugged your suggestion in and it did not work.

I changed

<?php if(isset ($_POST['user_name'])) {echo htmlentities($name);}?>

to this

<?php if(isset ($_POST['user_name'])) {echo htmlentities($user_name);}?>

I even added

 $user_name=$_POST['user_name'];

Something is stopping this from working. I have done plenty of these scripts.

Thank you again.

Gary

I may just be missing it, but I don’t actually see anywhere in your code where you’ve actually set a variable $name or $user_name. There is only this line, which is commented out:

/*$name=$_POST[‘name’];

Perhaps add in something like

$name=$_POST[‘name’];

and then try the code I suggested.

Thats what I had done. I dont have a variable called “name”, I have a user_name, an fname and a lname. (although I did try your example using the $name as well)

It is my understanding you dont really need to set a variable, so

$name=$_POST['name'];

echo "$name";

Gets you the same result as

echo "$_POST['name']";

If you notice I tried (and left for people to see) a few variations, so it is perplexing why something that has always worked is now not.

Again, I appriciate your looking it over, if you notice anything else, I would be happy to try it.

Gary

@gwpaul,

You’re mixing a lot of php and html. Can I suggest something? - please don’t take this the wrong way but perhaps you should try generating the php content and then putting it into the html with str_replace - basically a mini template system.

That way you can seperate the php into one file and the html into another. Then just replace tokens (like Name) using str_replace. You’ll find it much neater and easier to debug too.

I am always up for new suggestions and alway appriciate input. I am unfamiliar with the method you are talking about, I’ll do a search for it. What search words would you suggest?

As I had mentioned, I have used this method plenty of times in the past, I have it set up as a snippet (pre-written script) and the program will insert it for me as well.

I am at a loss why it is not working on this.

As always, thank you for your help.

Gary

Hi

Well basically it works as I said. Generate your content in PHP, put it into variables and then merge it into your html template. You don’t really need to do any searching for it (although you could search php basic template if you really can’t think of anything).

It’s easy - look at this:

$Name = 'Joe Bloggs';

$Html = file_get_contents('template.inc.php');

$Html = str_replace('__Name__', $Name, $Html)

print $Html;

A more complex example for multiple variables would be to use an array like this:

function merge_template($Vars, $Template)
   {
   foreach ($Vars as $Key => $Content)
      {
      if (strpos($Template, $Key) !== false)
         {
         $Template = str_replace($Key, $Content, $Template);
         }
      }

   return $Template;
   }

$Content['__Name__'] = 'Joe Bloggs';
$Content['__Age__'] = '25';

$Html = file_get_contents('template.inc.php');

$Html = merge_template($Content, $Html);

print $Html;

I use similar to this in my code. I’ve had to edit it a bit to show you here so it might not work instantly if you use it and you might need to adjust a couple of bits but you should get the idea.

Wrong! That used to be the case once upon a time - it was a feature called register_globals - and it was turned on by default. This meant you could simply pass variables in the url or as a post and they would automatically be initialised in the script for you to use. Because this posed massive security problems (EG an attacker could simply pass their own price for a product in the url - getting a £600 TV for £1) a huge fuss followed and they were then disabled back in some version of php4. If you’ve got away with not setting variables for a while then the server you’re using isn’t safe.

You should never use single quotes in a array thats inside double quotes. If its in double quotes just use “$_POST[name]”. Look below:

//Incorrect
echo "$_POST['name']";

//Correct
echo "$_POST[name]";

//Incorrect
echo $_POST[name];

//Correct
echo $_POST['name'];

//Also correct - useful for multidimensional arrays
echo "{$_POST['name']}";
echo "{$_POST['name'][$i]}";

I solved the issue with session variables, however given what you said earlier, I wonder if it is unsafe.

My solution was to create a session varable and call it like so:

$_SESSION['user_name']=stripslashes($_POST['user_name']);

<?php if (isset($_SESSION['user_name'])) {echo 'value="'.htmlentities($_SESSION['user_name']).'"';}?>

Are you saying I should :

$_SESSION['user_name']=stripslashes($_POST['user_name']);

$user_name= $_SESSION['user_name']

<?php if (isset($user_name)) {echo 'value="'.htmlentities($user_name).'"';}?>

None of the above black code will work. It’s outside of php <? and ?> tags.

Issue with session variables? - Gary seriously you have more surprises than a box of chocolates! One minute we’re talking about templates and $_POST variables and how to set them, then suddenly we’re talking about $_SESSION problems

Man you’re a challenge to keep up with

Why are you using stripslashes in the $_POST? - The server should automatically do that for you (I think thats what magic_quotes is - can’t remember for sure). Again whats with htmlentities? - Are your usernames containing odd symbols?

Forgot to say on that second php block of code, add a semicolon; to the end of the 2nd line once its inside the php <? and ?> tags.

Hey… I resemble those remarks…

This missing <?php ?> tags in the post are oversights, they are in the code.

Session variables came into the discussion because I was able to create the sticky form using them.

Magic Quotes have been deprecated so I pretty much disregard them.

In your earlier post you said it is not a good practice to use:

<?php

echo $_POST['name'];

//but rather

$name=$_POST['name'];
echo $name;

So I was asking if that same thought applied to session variables.

Gary

No, I was referring to your use of the double and single quotation marks.

Assigning a $_POST value to a variable is fine OR directly echo’ing the $_POST variable is fine. It was your use of the single quotes inside the $_POST array inside double quotation marks which I was commenting about.

Do you have Teamviewer? - We might get it solved better if I can see your real code via a desktop connection.

Teamviewer…I do not. How do I get it?

GOOGLE

Download it, you’ll have an .exe. Run it, select run (you can install but run does the same) and then PM me your connectionID and password that it gives you.

Script fixed by Teamviewer connection.