开发者

Variable losing its value

问答 作者:

I looked through the stack questions and answers, but didn't see anything I could directly apply here. Maybe I'm just missing something.

The code below works fine, except when I include my where statement which refers to the value of the $wp_user_id variable.

I've checked that the variable IS actually being populated with a $user_id when the script is loaded. It appears that the value of this variable is lost right after the call to the conManager function, but I don't understand why. There doesn't appear to be anything within the ConnectionManager.php file (which defines the conManager function) which would touch this variable, so I'm at a loss.

I'm a PHP hack, so go easy on me, but what is causing me to lose the value of my variable, and how do I address it? Here's the code:

<?php
include_once("/home/evaluate/public_html/admin/php/ConnectionManager.php");
header('Content-type:text/javascript;charset=UTF-8');

$wp_user_id = $_GET["user"];

$json1=json_decode(stripslashes($_POST["_gt_json"]));
$pageNo = $json1->{'pageInfo'}->{'pageNum'};
$pageSize = $json1->{'pageInfo'}->{'pageSize'};


if(isset($json1->{'sortInfo'}[0]->{'columnId'})){
    $sortField = $json1->{'sortInfo'}[0]->{'columnId'};
}
else{
    $sortField = "miles_on_oil";
}    

if(isset($json1->{'sortInfo'}[0]->{'sortOrder'})){
    $sortOrder = $json1->{'sortInfo'}[0]->{'sortOrder'};
}
else{
    $sortOrder = "ASC";
}    

if($json1->{'sortInfo'}[0]->{'sortOrder'} == "defaultsort"){
    $sortField = "miles_on_oil";
    $sortOrder = "ASC";
}


 if($json1->{'filterInfo'}[0]->{'value'} != "") {

for ($i = 0; $i < count($json1->{'filterInfo'}); $i++) {
    if($json1->{'filterInfo'}[$i]->{'logic'} == "equal"){
        $filter .= $json1->{'filterInfo'}[$i]->{'columnId'} . "='" . $json1->{'filterInfo'}[$i]->{'value'} . "' ";
    }elseif($json1->{'filterInfo'}[$i]->{'logic'} == "notEqual"){
        $filter .= $json1->{'filterInfo'}[$i]->{'columnId'} . "!='" . $json1->{'filterInfo'}[$i]->{'value'} . "' ";    
    }elseif($json1->{'filterInfo'}[$i]->{'logic'} == "less"){
        $filte开发者_如何转开发r .= $json1->{'filterInfo'}[$i]->{'columnId'} . "<" . $json1->{'filterInfo'}[$i]->{'value'} . " ";
    }elseif($json1->{'filterInfo'}[$i]->{'logic'} == "lessEqual"){
        $filter .= $json1->{'filterInfo'}[$i]->{'columnId'} . "<=" . $json1->{'filterInfo'}[$i]->{'value'} . " ";    
    }elseif($json1->{'filterInfo'}[$i]->{'logic'} == "great"){
        $filter .= $json1->{'filterInfo'}[$i]->{'columnId'} . ">" . $json1->{'filterInfo'}[$i]->{'value'} . " ";
    }elseif($json1->{'filterInfo'}[$i]->{'logic'} == "greatEqual"){
        $filter .= $json1->{'filterInfo'}[$i]->{'columnId'} . ">=" . $json1->{'filterInfo'}[$i]->{'value'} . " ";        
    }elseif($json1->{'filterInfo'}[$i]->{'logic'} == "like"){
        $filter .= $json1->{'filterInfo'}[$i]->{'columnId'} . " LIKE '%" . $json1->{'filterInfo'}[$i]->{'value'} . "%' ";        
    }elseif($json1->{'filterInfo'}[$i]->{'logic'} == "startWith"){
        $filter .= $json1->{'filterInfo'}[$i]->{'columnId'} . " LIKE '" . $json1->{'filterInfo'}[$i]->{'value'} . "%' ";        
    }elseif($json1->{'filterInfo'}[$i]->{'logic'} == "endWith"){
        $filter .= $json1->{'filterInfo'}[$i]->{'columnId'} . " LIKE '%" . $json1->{'filterInfo'}[$i]->{'value'} . "' ";                
    }elseif($json1->{'filterInfo'}[$i]->{'logic'} == ""){
        $filter .= $json1->{'filterInfo'}[$i]->{'columnId'} . " LIKE '%" . $json1->{'filterInfo'}[$i]->{'value'} . "' ";    
        }            
    $filter .= " AND ";

}
}

else {
    $filter = '';
    }


//print_r ($json1);
//die;



// Temp TEsting Values



// End Temp Testing Values



$conManager = new ConManager();
$conManager->getConnection();


 if($json1->{'action'} == 'load'){



//to get how many records totally.
$sql = "select count(*) as cnt from oil_analysis_data where $filter user_id = '".$wp_user_id."'";
$handle = mysql_query($sql);
$row = mysql_fetch_object($handle);
$totalRec = $row->cnt;



$sql2 = "select * from oil_analysis_data where $filter user_id = '".$wp_user_id."' ORDER BY " . $sortField . " " . $sortOrder . " limit " . ($pageNo - 1)*$pageSize . ", " . $pageSize;
  $handle2 = mysql_query($sql2);

  $retArray2 = array();

while($row2 = mysql_fetch_assoc($handle2)) {

//    Grab Vehicle Make, Model & Year "Names" from their respective tables & insert into the array

         $year = "select Name from vehicle_data_years where ID =  {$row2['list1']}";
         $year1 = mysql_query($year);
         $year2 = mysql_fetch_assoc($year1); 
         $year3 = $year2['Name'];

         $make = "select Name from vehicle_data_makes where ID =  {$row2['list2']}";
         $make1 = mysql_query($make);
         $make2 = mysql_fetch_assoc($make1); 
         $make3 = $make2['Name'];

         $model = "select Name from vehicle_data_all where ID =  {$row2['list3']}";
         $model1 = mysql_query($model);
         $model2 = mysql_fetch_assoc($model1); 
         $model3 = $model2['Name'];

    $row2['list1'] = $year3;
    $row2['list2'] = $make3; 
    $row2['list3'] = $model3; 

// Grab Motor oil Viscosity, Brand & Product "Names" from their respective tables & insert into the array

         $visc = "select name from viscosity where id =  {$row2['viscosity']}";
         $visc1 = mysql_query($visc);
         $visc2 = mysql_fetch_assoc($visc1); 
         $visc3 = $visc2['name'];

         $brand = "select brandname from oil_brand where brandid =  {$row2['brand']}";
         $brand1 = mysql_query($brand);
         $brand2 = mysql_fetch_assoc($brand1); 
         $brand3 = $brand2['brandname'];

         $product = "select product_name from oil_data where id =  {$row2['product']}";
         $product1 = mysql_query($product);
         $product2 = mysql_fetch_assoc($product1); 
         $product3 = $product2['product_name'];


    $row2['viscosity'] = $visc3;
    $row2['brand'] = $brand3; 
    $row2['product'] = $product3; 


    if($row2['bypass_filtration'] == 1) {

        $row2['bypass_filtration'] = "<img src='http://themotoroilevaluator.com/admin/php/crud/images/checkmark.png' style='border: 0px;'>";
        }

    else {$row2['bypass_filtration'] = "";
        }

    if($row2['oil_change'] == 1) {

        $row2['oil_change'] = "<img src='http://themotoroilevaluator.com/admin/php/crud/images/checkmark.png' style='border: 0px;'>";
        }

    else {$row2['oil_change'] = "";
        }

    $retArray[] = $row2;



    }

$analysis_data = json_encode($retArray);

$ret = "{data:" . $analysis_data .",\n";
$ret .= "pageInfo:{totalRowNum:" . $totalRec . "},\n";
$ret .= "recordType : 'object'}";
echo $ret;


}



?>

I'm curious, why do you add a semi colon after the $wp_user_id; ? I've noticed you doing this in more than one place. This may be the culprit.

$filter user_id = '".$wp_user_id;."'";

Nevermind. It would appear that my problem actually resulted from a change in my code that I had forgotten about. I changed $_REQUEST['user'] to $_GET['user'], thinking that, in this case, since the value was being passed as a URL query string, that wouldn't be a problem.

To be honest, I'm still not entirely sure why that made a difference - although I can research that on my own. But, at any rate, changing that back corrected my problem entirely.

Thanks to those who responded, though. Even if not solutions to my actual problem, the information from both turned out to be very useful.

Any hacker can severely screw up or delete your database because of the way you use direct user provided data to build up your SQL query. Please instead read up on SQL Injection, and the use of PHP prepared statements.

Relevant

继续阅读:phpvariables

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9