close ad
Help us test the new Databridge BETA with MySQLi support
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Dreamweaver Advanced Recordset

Thread began 1/04/2013 1:43 pm by kas444899 | Last modified 1/04/2013 3:44 pm by Jason Byrnes | 3593 views | 6 replies |

kas444899

Dreamweaver Advanced Recordset

I have a $_SESSION['username'] created in a login page. The session variable is being passed successfully and an echo statement shows that the variable is succesfully being passed on the DISPLAY PAGE. I want to use the $_SESSION variable in Dreamweaver Advanced Recordset to pass a parement to my query so that the user can only see this permitted records. I would appreciate any help please. The code is attached

-----------------------------------------------------------------------------------
<?php require_once('../Connections/filesDatabase_Connection.php'); ?>
<?php



if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;

}

$currentPage = $_SERVER["PHP_SELF"];
}if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$maxRows_Recordset1 = 10;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
$pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;

//$colname_Recordset1 = "-1";
$maxRows_Recordset1 = 10;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
$pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;

$colname_Recordset1 = "1901/000";
if (isset($_GET['txtSearch'])) {
$colname_Recordset1 = $_GET['txtSearch'];
}
mysql_select_db($database_filesDatabase_Connection, $filesDatabase_Connection);
$query_Recordset1 = sprintf("SELECT * FROM tblfile WHERE fileHeader like %s or FileName like %s ORDER BY tblfile.fileHeader, tblfile.FileName", GetSQLValueString("%" . $colname_Recordset1 . "%", "text"),GetSQLValueString("%" . $colname_Recordset1 . "%", "text"));
$query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1);
$Recordset1 = mysql_query($query_limit_Recordset1, $filesDatabase_Connection) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);

if (isset($_GET['totalRows_Recordset1'])) {
$totalRows_Recordset1 = $_GET['totalRows_Recordset1'];
} else {
$all_Recordset1 = mysql_query($query_Recordset1);
$totalRows_Recordset1 = mysql_num_rows($all_Recordset1);
}
$totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1;

$maxRows_Recordset2 = 10;
$pageNum_Recordset2 = 0;
if (isset($_GET['pageNum_Recordset2'])) {
$pageNum_Recordset2 = $_GET['pageNum_Recordset2'];
}
$startRow_Recordset2 = $pageNum_Recordset2 * $maxRows_Recordset2;

$colname_Recordset2 = "-1";
if (isset($_SESSION["username"])) {
$colname_Recordset2 = $_SESSION["username"];
}
$enq_Recordset2 = "%";
if (isset($_GET['txtSearch'])) {
$enq_Recordset2 = $_GET['txtSearch'];
}
mysql_select_db($database_filesDatabase_Connection, $filesDatabase_Connection);
$query_Recordset2 = sprintf("SELECT tblfile.indexNo, tblfile.fileHeader, tblfile.fileName, tblfile.remarks, tblfile.ownerID, tblusers.username, tblfileAccess.fileViewID FROM (tblOwner INNER JOIN tblFile ON tblowner.ownerID = tblFile.ownerID) INNER JOIN (tblFileAccess INNER JOIN tblUsers ON tblFileAccess.fileViewID = tblUsers.fileViewID) ON tblOwner.ownerID = tblFileAccess.OwnerID WHERE tblUsers.username=%s and tblfile.fileHeader like %s or tblfile.fileName like %s", GetSQLValueString($colname_Recordset2, "text"),GetSQLValueString("%" . $enq_Recordset2 . "%", "text"),GetSQLValueString("%" . $enq_Recordset2 . "%", "text"));
$query_limit_Recordset2 = sprintf("%s LIMIT %d, %d", $query_Recordset2, $startRow_Recordset2, $maxRows_Recordset2);
$Recordset2 = mysql_query($query_limit_Recordset2, $filesDatabase_Connection) or die(mysql_error());
$row_Recordset2 = mysql_fetch_assoc($Recordset2);

if (isset($_GET['totalRows_Recordset2'])) {
$totalRows_Recordset2 = $_GET['totalRows_Recordset2'];
} else {
$all_Recordset2 = mysql_query($query_Recordset2);
$totalRows_Recordset2 = mysql_num_rows($all_Recordset2);
}
$totalPages_Recordset2 = ceil($totalRows_Recordset2/$maxRows_Recordset2)-1;


$queryString_Recordset1 = "";
if (!empty($_SERVER['QUERY_STRING'])) {
$params = explode("&", $_SERVER['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_Recordset1") == false &&
stristr($param, "totalRows_Recordset1") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_Recordset1 = "&" . htmlentities(implode("&", $newParams));
}
}
$queryString_Recordset1 = sprintf("&totalRows_Recordset1=%d%s", $totalRows_Recordset1, $queryString_Recordset1);
?>

<?php

session_start();
//ob_start();


if (!isset($_SESSION['logged-in']))
{

die('Incorrect password, please try again.<a href=login2.php> Back to Login Screen</a>');
//header("Location: noAccess.php");
exit;
}


$myusername = $_SESSION['username'];
echo "session variable is ". $_SESSION['username'];

?>




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AFM File Database - List of Files</title>
<style type="text/css">
<!--
h1 {
font-size: xx-large;
color: #03F;
}
body {
background-color: #FFF;
}
#apDiv1 {
position:absolute;
left:758px;
top:6px;
width:138px;
height:29px;
z-index:1;
}
#apDiv2 {
position:absolute;
left:737px;
top:16px;
width:205px;
height:89px;
z-index:2;
}
-->
</style></head>

<body>

<?php


//if (isset($_COOKIE['ID_my_site']))
// {

// }

//else
// {
// header("Location: noAccess.php");
// exit();

//die('Incorrect password, please try again.<a href=login2.php> Back to Login Screen</a>');

// }

?>




<div id="apDiv2">
<table width="200" border="0">
<tr>
<td><a href="insert.php">Insert New File</a></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td><a href="logout.php">Logout</a></td>
</tr>
</table>
</div>
<h1>File Display Page</h1>
<form id="form1" name="form1" method="get">
<label>Search by File Header e.g. 5204/000 or by File Name</label>
<input type="text" name="txtSearch" id="txtSearch" />
<input type="submit" name="button" id="button" value="Submit" />
</form>
<p><strong>Records to <?php echo min($startRow_Recordset1 + $maxRows_Recordset1, $totalRows_Recordset1) ?> of <?php echo $totalRows_Recordset1 ?> </strong></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<table border="0">
<tr>
<td>indexNo</td>
<td>fileHeader</td>
<td>fileName</td>
<td>remarks</td>
<td>ownerID</td>
<td>username</td>
<td>fileViewID</td>
</tr>
<?php do { ?>
<tr>
<td><?php echo $row_Recordset2['indexNo']; ?></td>
<td><?php echo $row_Recordset2['fileHeader']; ?></td>
<td><?php echo $row_Recordset2['fileName']; ?></td>
<td><?php echo $row_Recordset2['remarks']; ?></td>
<td><?php echo $row_Recordset2['ownerID']; ?></td>
<td><?php echo $row_Recordset2['username']; ?></td>
<td><?php echo $row_Recordset2['fileViewID']; ?></td>
</tr>
<?php } while ($row_Recordset2 = mysql_fetch_assoc($Recordset2)); ?>
</table>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</body>
</html>
<?php
mysql_free_result($Recordset1);

mysql_free_result($Recordset2);
?>

Sign in to reply to this post

Jason ByrnesWebAssist

add the following code at line 1:

php:
<?php @session_start(); ?>
Sign in to reply to this post

kas444899

thanks very much for you help but there is already a <?php @session_start(); ?> in line 153

Sign in to reply to this post

Jason ByrnesWebAssist

but that comes _after_ the recordset.


you are trying to use the session in the recordset...

so the session start command needs to come _before_ the code for the recordset.

if you add it at line 1 like i suggested, it will come before any possible place where the session can be referenced

Sign in to reply to this post

kas444899

dear jason, I moved the whole session_start at the very beginning of the code and it WORKED. I cannot thank you enough!!

Sign in to reply to this post

kas444899

if the user leaves the txtSearch field empty, the parameters $_SESSION['username'] is not being called and all the records are viewed.
On the other hand, if a search parameter is entered in the txtSearch field, the SQL query works perfectly showing only the records that the user is permitted to see.
What shall I do to make the SQL query run correctly by displaying only the permitted records if the txtSearch is left blank?
THanks

Sign in to reply to this post

Jason ByrnesWebAssist

set the default value for the parameter that uses the txtSearch field to "-1"

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...