0

There is a problem with session variables in my web-application. I have several types of documents, when user want to edit it, he pushes a button and php record number of document to $_SESSION['patent_number'] via GET method. All fine when launch application. I test it with 2 documents with 2 different numbers. In the begining all works fine, but then it seems that session variable is not changed and i see document with another number.

When user click "Edit" button, he sends a document number to patent_load.php, and it's always correct loading:

var patent_number=$(this).val();
$('#user_input_text').load('pages/patent/patent_load.php?section=patent_claims&patent_number='+patent_number);

But when i click to the section of document from menu, there appears old session number:

$('#user_input_text').load('pages/patent/patent_load.php?section=patent_claims');

Here is a patent_load.php:

session_start();
session_regenerate_id();

if (isset($_SESSION['id'])){

    $db=new mysqli('X','X','X','X');    
    $db->set_charset("utf8");

    $section=$_GET['section'];
    if(isset($_GET['patent_number'])){
        $number=$_GET['patent_number'];
        $_SESSION['patent_number']=$number;
        echo 'get is set';
    }
    $patent_number=$_SESSION['patent_number'];

        $query="select $section from new_patent_document where patent_number='$patent_number'";
        $result=$db->query($query);
        $row=$result->fetch_assoc();
        echo $patent_number.', ';
        echo $row[$section];

Any ideas how can i solve it and why session variable isn't updated. Thanks in advance.

Improve this question
4
  • Your code is very vulnerable to SQL injection! Take a look at PHPs PDO and its prepared statements. Commented Sep 27, 2010 at 9:51
  • @elusive Thanks for comment. When i solve this problem, i will implement prepared statements Commented Sep 27, 2010 at 9:56
  • What do you mean by, "there appears old session number". Does it get set once and then never again? Always show the previous to correct id? And are you referring to the patent_number of the actual SESSION number? Commented Sep 27, 2010 at 10:14
  • 1
    Try a var_dump( $_SESSION ) to see what you have at each point Commented Sep 27, 2010 at 10:16

2 Answers 2

Reset to default
2

Check if the browser caches the requests you make via GET. I don't know how your app is designed, but if you use the "back" button from the browser(or via javascript) you will encounter this situation.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It's a good point. When I had a similar issue in the past, I ended up adding a random element to the query string to make sure it didn't trigger any caches. A bit of a crude method, but it worked when I needed a quick-n-easy fix.
you may use POST instead of GET if you dont want to add random value to the query... but using random values is the way to go as far as i know.
0

are you sure patent_number is a real number? have you tried

$query="select $section from new_patent_document where patent_number='$patent_number'";

die($query);

Improve this answer

1 Comment

Yea, here is output: select patent_claims from new_patent_document where patent_number='5'

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.