problem with passing session variable from cart
Hello, I have my information from my confirm page sending to my database. Then as the visitor clicks submit order the the success page shows up and behind the scenes a php xml pages is being created and submitted to a fulfillment company. That all works fine. However I need to filter recordsets on the page that creates the xml.
Right now anyone can go to that url and see the last posted order(containing all of the shipping, and order information). I need this page to come up blank and figured I should do this with a recordset filter. However, I have tried everything. I can not do a form or url filter - I am thinking I need to do a session variable filter - but I get blank results when I do that. Maybe someone has an idea or code that can help me out. Below is an example of what I have currently.
Top of Page
<?php
if (!session_id()) session_start();
?>
Not sure if I needed this one - but figured this wold specifically pull in the last name variable - which is just one example of what I could filter by
<?php
if (!session_id()) session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
$_SESSION["eCartCheckoutForm_lastname"] = "".((isset($_POST["lastname"]))?$_POST["lastname"]:"") ."";
}
?>
Here is the where query
mysql_select_db($database_tconnect, $tconnect);
$query_rsxmlorders = sprintf("SELECT * FROM order_detail WHERE billlname = %s ORDER BY `date` DESC", GetSQLValueString($colname_rsxmlorders, "text"));
$rsxmlorders = mysql_query($query_rsxmlorders, $tconnect) or die(mysql_error());
$row_rsxmlorders = mysql_fetch_assoc($rsxmlorders);
$totalRows_rsxmlorders = mysql_num_rows($rsxmlorders);
Here is what is actually entered in for the variable to filter by
$_SESSION['eCartCheckoutForm_lastname']
I get completely blank results when I do this.
Thank you for any help that you may be able to provide.