Dreamweaver Advanced Recordset
I have a $_SESSION['username'] created in a login page. The session variable is being passed successfully and an echo statement shows that the variable is succesfully being passed on the DISPLAY PAGE. I want to use the $_SESSION variable in Dreamweaver Advanced Recordset to pass a parement to my query so that the user can only see this permitted records. I would appreciate any help please. The code is attached
-----------------------------------------------------------------------------------
<?php require_once('../Connections/filesDatabase_Connection.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$currentPage = $_SERVER["PHP_SELF"];
}if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$maxRows_Recordset1 = 10;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
$pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;
//$colname_Recordset1 = "-1";
$maxRows_Recordset1 = 10;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
$pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;
$colname_Recordset1 = "1901/000";
if (isset($_GET['txtSearch'])) {
$colname_Recordset1 = $_GET['txtSearch'];
}
mysql_select_db($database_filesDatabase_Connection, $filesDatabase_Connection);
$query_Recordset1 = sprintf("SELECT * FROM tblfile WHERE fileHeader like %s or FileName like %s ORDER BY tblfile.fileHeader, tblfile.FileName", GetSQLValueString("%" . $colname_Recordset1 . "%", "text"),GetSQLValueString("%" . $colname_Recordset1 . "%", "text"));
$query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1);
$Recordset1 = mysql_query($query_limit_Recordset1, $filesDatabase_Connection) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
if (isset($_GET['totalRows_Recordset1'])) {
$totalRows_Recordset1 = $_GET['totalRows_Recordset1'];
} else {
$all_Recordset1 = mysql_query($query_Recordset1);
$totalRows_Recordset1 = mysql_num_rows($all_Recordset1);
}
$totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1;
$maxRows_Recordset2 = 10;
$pageNum_Recordset2 = 0;
if (isset($_GET['pageNum_Recordset2'])) {
$pageNum_Recordset2 = $_GET['pageNum_Recordset2'];
}
$startRow_Recordset2 = $pageNum_Recordset2 * $maxRows_Recordset2;
$colname_Recordset2 = "-1";
if (isset($_SESSION["username"])) {
$colname_Recordset2 = $_SESSION["username"];
}
$enq_Recordset2 = "%";
if (isset($_GET['txtSearch'])) {
$enq_Recordset2 = $_GET['txtSearch'];
}
mysql_select_db($database_filesDatabase_Connection, $filesDatabase_Connection);
$query_Recordset2 = sprintf("SELECT tblfile.indexNo, tblfile.fileHeader, tblfile.fileName, tblfile.remarks, tblfile.ownerID, tblusers.username, tblfileAccess.fileViewID FROM (tblOwner INNER JOIN tblFile ON tblowner.ownerID = tblFile.ownerID) INNER JOIN (tblFileAccess INNER JOIN tblUsers ON tblFileAccess.fileViewID = tblUsers.fileViewID) ON tblOwner.ownerID = tblFileAccess.OwnerID WHERE tblUsers.username=%s and tblfile.fileHeader like %s or tblfile.fileName like %s", GetSQLValueString($colname_Recordset2, "text"),GetSQLValueString("%" . $enq_Recordset2 . "%", "text"),GetSQLValueString("%" . $enq_Recordset2 . "%", "text"));
$query_limit_Recordset2 = sprintf("%s LIMIT %d, %d", $query_Recordset2, $startRow_Recordset2, $maxRows_Recordset2);
$Recordset2 = mysql_query($query_limit_Recordset2, $filesDatabase_Connection) or die(mysql_error());
$row_Recordset2 = mysql_fetch_assoc($Recordset2);
if (isset($_GET['totalRows_Recordset2'])) {
$totalRows_Recordset2 = $_GET['totalRows_Recordset2'];
} else {
$all_Recordset2 = mysql_query($query_Recordset2);
$totalRows_Recordset2 = mysql_num_rows($all_Recordset2);
}
$totalPages_Recordset2 = ceil($totalRows_Recordset2/$maxRows_Recordset2)-1;
$queryString_Recordset1 = "";
if (!empty($_SERVER['QUERY_STRING'])) {
$params = explode("&", $_SERVER['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_Recordset1") == false &&
stristr($param, "totalRows_Recordset1") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_Recordset1 = "&" . htmlentities(implode("&", $newParams));
}
}
$queryString_Recordset1 = sprintf("&totalRows_Recordset1=%d%s", $totalRows_Recordset1, $queryString_Recordset1);
?>
<?php
session_start();
//ob_start();
if (!isset($_SESSION['logged-in']))
{
die('Incorrect password, please try again.<a href=login2.php> Back to Login Screen</a>');
//header("Location: noAccess.php");
exit;
}
$myusername = $_SESSION['username'];
echo "session variable is ". $_SESSION['username'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AFM File Database - List of Files</title>
<style type="text/css">
<!--
h1 {
font-size: xx-large;
color: #03F;
}
body {
background-color: #FFF;
}
#apDiv1 {
position:absolute;
left:758px;
top:6px;
width:138px;
height:29px;
z-index:1;
}
#apDiv2 {
position:absolute;
left:737px;
top:16px;
width:205px;
height:89px;
z-index:2;
}
-->
</style></head>
<body>
<?php
//if (isset($_COOKIE['ID_my_site']))
// {
// }
//else
// {
// header("Location: noAccess.php");
// exit();
//die('Incorrect password, please try again.<a href=login2.php> Back to Login Screen</a>');
// }
?>
<div id="apDiv2">
<table width="200" border="0">
<tr>
<td><a href="insert.php">Insert New File</a></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><a href="logout.php">Logout</a></td>
</tr>
</table>
</div>
<h1>File Display Page</h1>
<form id="form1" name="form1" method="get">
<label>Search by File Header e.g. 5204/000 or by File Name</label>
<input type="text" name="txtSearch" id="txtSearch" />
<input type="submit" name="button" id="button" value="Submit" />
</form>
<p><strong>Records to <?php echo min($startRow_Recordset1 + $maxRows_Recordset1, $totalRows_Recordset1) ?> of <?php echo $totalRows_Recordset1 ?> </strong></p>
<p> </p>
<p> </p>
<table border="0">
<tr>
<td>indexNo</td>
<td>fileHeader</td>
<td>fileName</td>
<td>remarks</td>
<td>ownerID</td>
<td>username</td>
<td>fileViewID</td>
</tr>
<?php do { ?>
<tr>
<td><?php echo $row_Recordset2['indexNo']; ?></td>
<td><?php echo $row_Recordset2['fileHeader']; ?></td>
<td><?php echo $row_Recordset2['fileName']; ?></td>
<td><?php echo $row_Recordset2['remarks']; ?></td>
<td><?php echo $row_Recordset2['ownerID']; ?></td>
<td><?php echo $row_Recordset2['username']; ?></td>
<td><?php echo $row_Recordset2['fileViewID']; ?></td>
</tr>
<?php } while ($row_Recordset2 = mysql_fetch_assoc($Recordset2)); ?>
</table>
<p> </p>
<p> </p>
<p> </p>
</body>
</html>
<?php
mysql_free_result($Recordset1);
mysql_free_result($Recordset2);
?>