the first issue I see that needs to be corrected is that the code for setting the session variables is before the code for the recordset.
the session variables use recordet values, so need to be created after the recordset.
change the code at line 8 - 60:
<?php
if (!session_id()) session_start();
if(!($totalRows_rsCoupon == 0)) {
$_SESSION["PromoCode"] = "".((isset($_POST["txtPromoCode"]))?$_POST["txtPromoCode"]:"") ."";
}
?>
<?php
if (!session_id()) session_start();
if(!($totalRows_rsCoupon == 0)) {
$_SESSION["PromoAmount"] = "".$row_rsCoupon['couponAmount'] ."";
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$colname_rsCoupon = "-1";
if (isset($_POST['txtPromoCode'])) {
$colname_rsCoupon = (get_magic_quotes_gpc()) ? $_POST['txtPromoCode'] : addslashes($_POST['txtPromoCode']);
}
mysql_select_db($database_hellolittleone, $hellolittleone);
$query_rsCoupon = sprintf("SELECT * FROM coupons WHERE couponCode = %s", GetSQLValueString($colname_rsCoupon, "text"));
$rsCoupon = mysql_query($query_rsCoupon, $hellolittleone) or die(mysql_error());
$row_rsCoupon = mysql_fetch_assoc($rsCoupon);
$totalRows_rsCoupon = mysql_num_rows($rsCoupon);
?>
to:
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$colname_rsCoupon = "-1";
if (isset($_POST['txtPromoCode'])) {
$colname_rsCoupon = (get_magic_quotes_gpc()) ? $_POST['txtPromoCode'] : addslashes($_POST['txtPromoCode']);
}
mysql_select_db($database_hellolittleone, $hellolittleone);
$query_rsCoupon = sprintf("SELECT * FROM coupons WHERE couponCode = %s", GetSQLValueString($colname_rsCoupon, "text"));
$rsCoupon = mysql_query($query_rsCoupon, $hellolittleone) or die(mysql_error());
$row_rsCoupon = mysql_fetch_assoc($rsCoupon);
$totalRows_rsCoupon = mysql_num_rows($rsCoupon);
?>
<?php
if (!session_id()) session_start();
if(!($totalRows_rsCoupon == 0)) {
$_SESSION["PromoCode"] = "".((isset($_POST["txtPromoCode"]))?$_POST["txtPromoCode"]:"") ."";
}
?>
<?php
if (!session_id()) session_start();
if(!($totalRows_rsCoupon == 0)) {
$_SESSION["PromoAmount"] = "".$row_rsCoupon['couponAmount'] ."";
}
?>
so the sessions will be created after the recordset.