Dreamweaver Advanced Recordset

I have a $_SESSION['username'] created in a login page. The session variable is being passed successfully and an echo statement shows that the variable is succesfully being passed on the DISPLAY PAGE. I want to use the $_SESSION variable in Dreamweaver Advanced Recordset to pass a parement to my query so that the user can only see this permitted records. I would appreciate any help please. The code is attached

-----------------------------------------------------------------------------------
<?php require_once('../Connections/filesDatabase_Connection.php'); ?>
<?php



if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;

}

$currentPage = $_SERVER["PHP_SELF"];
}if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$maxRows_Recordset1 = 10;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
$pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;

//$colname_Recordset1 = "-1";
$maxRows_Recordset1 = 10;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
$pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;

$colname_Recordset1 = "1901/000";
if (isset($_GET['txtSearch'])) {
$colname_Recordset1 = $_GET['txtSearch'];
}
mysql_select_db($database_filesDatabase_Connection, $filesDatabase_Connection);
$query_Recordset1 = sprintf("SELECT * FROM tblfile WHERE fileHeader like %s or FileName like %s ORDER BY tblfile.fileHeader, tblfile.FileName", GetSQLValueString("%" . $colname_Recordset1 . "%", "text"),GetSQLValueString("%" . $colname_Recordset1 . "%", "text"));
$query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1);
$Recordset1 = mysql_query($query_limit_Recordset1, $filesDatabase_Connection) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);

if (isset($_GET['totalRows_Recordset1'])) {
$totalRows_Recordset1 = $_GET['totalRows_Recordset1'];
} else {
$all_Recordset1 = mysql_query($query_Recordset1);
$totalRows_Recordset1 = mysql_num_rows($all_Recordset1);
}
$totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1;

$maxRows_Recordset2 = 10;
$pageNum_Recordset2 = 0;
if (isset($_GET['pageNum_Recordset2'])) {
$pageNum_Recordset2 = $_GET['pageNum_Recordset2'];
}
$startRow_Recordset2 = $pageNum_Recordset2 * $maxRows_Recordset2;

$colname_Recordset2 = "-1";
if (isset($_SESSION["username"])) {
$colname_Recordset2 = $_SESSION["username"];
}
$enq_Recordset2 = "%";
if (isset($_GET['txtSearch'])) {
$enq_Recordset2 = $_GET['txtSearch'];
}
mysql_select_db($database_filesDatabase_Connection, $filesDatabase_Connection);
$query_Recordset2 = sprintf("SELECT tblfile.indexNo, tblfile.fileHeader, tblfile.fileName, tblfile.remarks, tblfile.ownerID, tblusers.username, tblfileAccess.fileViewID FROM (tblOwner INNER JOIN tblFile ON tblowner.ownerID = tblFile.ownerID) INNER JOIN (tblFileAccess INNER JOIN tblUsers ON tblFileAccess.fileViewID = tblUsers.fileViewID) ON tblOwner.ownerID = tblFileAccess.OwnerID WHERE tblUsers.username=%s and tblfile.fileHeader like %s or tblfile.fileName like %s", GetSQLValueString($colname_Recordset2, "text"),GetSQLValueString("%" . $enq_Recordset2 . "%", "text"),GetSQLValueString("%" . $enq_Recordset2 . "%", "text"));
$query_limit_Recordset2 = sprintf("%s LIMIT %d, %d", $query_Recordset2, $startRow_Recordset2, $maxRows_Recordset2);
$Recordset2 = mysql_query($query_limit_Recordset2, $filesDatabase_Connection) or die(mysql_error());
$row_Recordset2 = mysql_fetch_assoc($Recordset2);

if (isset($_GET['totalRows_Recordset2'])) {
$totalRows_Recordset2 = $_GET['totalRows_Recordset2'];
} else {
$all_Recordset2 = mysql_query($query_Recordset2);
$totalRows_Recordset2 = mysql_num_rows($all_Recordset2);
}
$totalPages_Recordset2 = ceil($totalRows_Recordset2/$maxRows_Recordset2)-1;


$queryString_Recordset1 = "";
if (!empty($_SERVER['QUERY_STRING'])) {
$params = explode("&", $_SERVER['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_Recordset1") == false &&
stristr($param, "totalRows_Recordset1") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_Recordset1 = "&" . htmlentities(implode("&", $newParams));
}
}
$queryString_Recordset1 = sprintf("&totalRows_Recordset1=%d%s", $totalRows_Recordset1, $queryString_Recordset1);
?>

<?php

session_start();
//ob_start();


if (!isset($_SESSION['logged-in']))
{

die('Incorrect password, please try again.<a href=login2.php> Back to Login Screen</a>');
//header("Location: noAccess.php");
exit;
}


$myusername = $_SESSION['username'];
echo "session variable is ". $_SESSION['username'];

?>




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AFM File Database - List of Files</title>
<style type="text/css">
<!--
h1 {
font-size: xx-large;
color: #03F;
}
body {
background-color: #FFF;
}
#apDiv1 {
position:absolute;
left:758px;
top:6px;
width:138px;
height:29px;
z-index:1;
}
#apDiv2 {
position:absolute;
left:737px;
top:16px;
width:205px;
height:89px;
z-index:2;
}
-->
</style></head>

<body>

<?php


//if (isset($_COOKIE['ID_my_site']))
// {

// }

//else
// {
// header("Location: noAccess.php");
// exit();

//die('Incorrect password, please try again.<a href=login2.php> Back to Login Screen</a>');

// }

?>




<div id="apDiv2">
<table width="200" border="0">
<tr>
<td><a href="insert.php">Insert New File</a></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td><a href="logout.php">Logout</a></td>
</tr>
</table>
</div>
<h1>File Display Page</h1>
<form id="form1" name="form1" method="get">
<label>Search by File Header e.g. 5204/000 or by File Name</label>
<input type="text" name="txtSearch" id="txtSearch" />
<input type="submit" name="button" id="button" value="Submit" />
</form>
<p><strong>Records to <?php echo min($startRow_Recordset1 + $maxRows_Recordset1, $totalRows_Recordset1) ?> of <?php echo $totalRows_Recordset1 ?> </strong></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<table border="0">
<tr>
<td>indexNo</td>
<td>fileHeader</td>
<td>fileName</td>
<td>remarks</td>
<td>ownerID</td>
<td>username</td>
<td>fileViewID</td>
</tr>
<?php do { ?>
<tr>
<td><?php echo $row_Recordset2['indexNo']; ?></td>
<td><?php echo $row_Recordset2['fileHeader']; ?></td>
<td><?php echo $row_Recordset2['fileName']; ?></td>
<td><?php echo $row_Recordset2['remarks']; ?></td>
<td><?php echo $row_Recordset2['ownerID']; ?></td>
<td><?php echo $row_Recordset2['username']; ?></td>
<td><?php echo $row_Recordset2['fileViewID']; ?></td>
</tr>
<?php } while ($row_Recordset2 = mysql_fetch_assoc($Recordset2)); ?>
</table>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</body>
</html>
<?php
mysql_free_result($Recordset1);

mysql_free_result($Recordset2);
?>

add the following code at line 1:

<?php @session_start(); ?>

thanks very much for you help but there is already a <?php @session_start(); ?> in line 153

but that comes _after_ the recordset.


you are trying to use the session in the recordset...

so the session start command needs to come _before_ the code for the recordset.

if you add it at line 1 like i suggested, it will come before any possible place where the session can be referenced

dear jason, I moved the whole session_start at the very beginning of the code and it WORKED. I cannot thank you enough!!

if the user leaves the txtSearch field empty, the parameters $_SESSION['username'] is not being called and all the records are viewed.
On the other hand, if a search parameter is entered in the txtSearch field, the SQL query works perfectly showing only the records that the user is permitted to see.
What shall I do to make the SQL query run correctly by displaying only the permitted records if the txtSearch is left blank?
THanks

set the default value for the parameter that uses the txtSearch field to "-1"