Value of Session changes without input

Greetings,

I have this very strange and unexpected problem. I am currently building a website (store like website, however it makes use of content from affiliates, so no own check-out) and at one category it seems to be changing the value of my session.

In fact two session it changes.

[php]
$id = $_SESSION[“product”][“id”] = $mysqli->real_escape_string($_GET[“id”]);
$SQL_filter = $_SESSION[“product”][“sql”] = “SELECT DISTINCT c.* FROM m4n_content c, category_link link, m4n_sub2category sub WHERE link.sub2catergory_id = sub.id AND sub.subcategory_id = '”.$id."’ AND c.ownCatogoryString = link.cat_stringId AND NOT c.id IN (SELECT item_id FROM shops_store WHERE shop_id = ‘$shopId’) AND c.price != ‘NULL’ AND c.price !=’’ ";[/php]

Both of the session are good and ok when first getting on the page, at the end of the script id = 1 and in the sql the id also shows 1. However When I make an ajax call (going to the next page for example) the session $_SESSION[“product”][“id”] changes to 0810890000116 and the value in $SQL_filter = $_SESSION[“product”][“sql”] where you see $id also change to 0810890000116 and that is what makes it so strange to me.

At the end of the script it work fine, but at the beginnen (before doing anything else beside the AJAX call) of the PHP script with is called with AJAX has changed the value. While typing this I figure to search for 0810890000116 at google and what I saw was that this is the EAN code of a product that is loaded, however I do not believe I have this EAN code even in my own database. It’s also the only product that seems to be doing this.

How is this even possible?

End of the first script (regular non ajax call php page) this page that is loaded contains this product. However doing this the values are still good.
[php]

After pressing an other page or sorting the page differently the following code might happen (although they slightly differ, however all are JQUERY ajax call expecting JSON)

$('#content').on("click", "#pages span div", function(event){ $.ajax({ url: directUrl+"js/ajax/filter.php", dataType: 'json', data: "page="+$(this).html(), success: function(data){ $("#products").html(data.products); $("#pages span").html(data.numbers); $("#pagesB span").html(data.numbers); }, complete: function() { currentItem = ""; wait(); }, }); });

and after loading the filter.php file (I only echo the Session values, so this page does nothing more then that) suddenly the ID has been replace by the EAN code that is not in my database even:

[php]<?php

session_start();
echo $_SESSION[“product”][“sql”];
echo $_SESSION[“product”][“id”];
?>[/php]

I hope my problem is clear and someone might be able to help me. This is the first problem I simply do not even get close to understanding.

Well, Jkwakkel,

First, SESSION is a single array. You set it with $_SESSION[‘nameOfSessionVariable’] = “whatever”;
You read it with variableXYZ = $_SESSION[‘nameOfSessionVariable’];

There is NO second dimension to the $_SESSION array.

If in this line: $id = $_SESSION[“product”][“id”] = $mysqli->real_escape_string($_GET[“id”]); , you are trying to set both the product and id to the db-value, you should do this by:
$id = $_SESSION[“product”] = $_SESSION[“id”] = $mysqli->real_escape_string($_GET[“id”]);

Perhaps I may be missing something, but, I checked various sites including PHP.net (home of PHP) and I can not find any reference to a multidimensional array for $_SESSION’s…

Here is a reference for it’s use: http://www.w3schools.com/php/php_sessions.asp
More info: http://www.php.net/manual/en/book.session.php

Good luck, let us know if you figure it out…

Thanks for your answer. $_SESSION is a array this should work and does on other pages on the website. It only does not work when this certain product has been shown. I shall put it in a regular array like your suggested and see it is still change.

No edit option for you post?

Anyhow tried the following

[php]$_SESSION[“id”] = $mysqli->real_escape_string($_GET[“id”]);[/php]

and echo it and the result is the same and (for now) it only happend after this one product has been shown.

I think you can only edit your own messages when you are a new member.

Have you logged into your database and looked at the actual data stored in the database?
It could be some odd code that is causing the assign to a variable to fail. Usually if you assign a database item to a session variable and then echo it, the results is displayed.

Oh, one other thing, did you use"
[php]

[/php]
at the top of every PHP page? Hmmm, you said it was with only one ID… I would look at the database, browse it and see what is stored in that one. Or, display it before setting the session variable to make sure it is a valid input. Perhaps it is NULL. Let us know if you are still stuck…

Well that is what is so strange and makes me wonder if I am mad. It is a EAN code of that product (googled it), but it not in my database, not even in the URL of the product or the discription. I do not enter it anywhere either.

Now there is a EAN table in my database by this provider does not provide it in there XML, so the actualy EAN code is not in my own database. So I checked and checked and checked, because I doubt it possible some external website changes my session values and then even something that specific as a value in the middle of a string. Yet even if I close the session first it still changes, this should not happen.

The session does work. I have pages who work the same, but simply a different category, but uses the same code and they work and I can Print_r the session the resulst are good, only not when that one product had appeared before. Then these two values change int he script called upon with AJAX.

Hmmm, well, EAN is really a barcode and is sometimes stored in an odd format.

Sometimes where you create the string that hold is ( like $_SESSION[“id”] = $mysqli ) can be fixed by forcing it to be a string. ( Like $_SESSION[“id”] = (string)$mysqli… )… or ( like $_SESSION[“id”] = (int)$mysqli… )…

So maybe that might help. Also, you could trap the error by using a try…catch… That way you could get more info on the data. Or, at the least, check the variable type of the item before setting it to the session.

I will look a bit more later tonight. Let me know if any of these experiments helps…

I tried what you said and nothing really changes also tried to create a new session variable and added the $mysqli->real_escape_string($_GET[“id”]); and echo’d it and against it changes. I did not use the session variable anywhere else clearly then how would it be posible to change?

How exectly do pointers and the like work in PHP? It is possible something actually changes the value in the memory itself without my input? How it it possible it changes it in the middle of a string? It’s really driving me absolutly nuts.

I mean how it is possible that at one point when I write this

[php]$_SESSION[“product”][“testing”] = “When I use this id: " . $mysqli->real_escape_string($_GET[“id”]) . " it will somehow change”;[/php]

the result is after an echo “When I use this id: 1 it will somehow change”

and after the ajax call in with I simply echo $_SESSION[“product”][“testing”] the result would be “When I use this id: 0810890000116 it will somehow change”. I do not change this string in between infact the only PHP code between the first echo and the second is a session_start!

Same thing happens when going a different page without using AJAX, is there a way to properly debug this?

Maybe I was not clear. You can NOT add a second array or a second multidimensional array to $_SESSION!!!

There is NO $_SESSION[][] There is all you want of $_SESSION[‘anyvariablenameyou want’], but NEVER any $_SESSION['anything][???] There is no possible second level… Only one-dimension…

If you add a second dimension to to a one-only-dimension, you can pick up some strange crap from memory!

Hope that makes sense! $_SESSION[] variables are not “standard” variables! Not second dimension allowed.

Well never had any problems with it, but regardless I made them all one-dimension and the problem is the same.

Hmmm, I’m stumped! I will do some experiments tonight and see if I can find some more info on the EAN…
Not sure why one would cause that issue and others not…

Sorry, another quick question… Or, two…

Are you using your code locally or testing online? And, either way, are you using PHP5.0?

Lastly, is there any special reason you are using “$mysqli->” to use the newer MySQLimproved interface?
(The reason I ask, is most places say not to use it as it slows down connection speeds.)

Just attempting to sort this out. My tests so far do not cause any issues… Hmmm…

Oh, I also saw some posts that say there IS no problem using multidimensional session arrays.
They did say there were serialization issues and the encoding used with these arrays can sometimes cause problems especially when a posting form page expires.
This was on http://php.net/manual/en/function.serialize.php So, your session may be timing out. I am not sure if that means anything. I have done some further tests and can not duplicate your problem. I would still guess it has to do with the database or the array not decoding correctly.

well I decided to use mysqli because from what I was reading it was suppose to be faster and I will have to handle a lot of data so speed is essential for me. Also I am testing online and yes it has PHP 5. I doubt your be able to reproduce the problem. I am not on my whole website with function the way I want it to function. Only not when this one product has shown up.

Also the value is initially is right and changes along the way without me changing it. Now if it was one value that changes the ok, but if I use that value in the middle of a string then later on that value changes in the string, with I really find odd. I figured one it in a string the value I used to make the string out from does not matter. I hope that makes sense. So the string it complete own variable.

Jkwakkel,

Check your “register_globals” directive. I found this link doing some more research for you.
It seems there is a PHP setting that can make all session variables act like regular ones. So your
session variable “id” can be accessed as $id. Hopefully, this is your problem. If so, let us know…

Here is the link where it talks about it:

http://bytes.com/topic/php/answers/387-variables-change-session-variables

I check the phpinfo and it’s off

Hmmm, there may be some setting in your PHP server that is cause this.
To test that, change on of the variables so they are not exactly the same as the SESSION variable.
So, try changing the $id in the PHP code to $idx or $idy or $id1 whatever… Just something other than $id.
And, see if it clears up the issue. If so, then it is your PHP server setting the SESSION variables to same as the regular variables. I have not see that happen before, but, the above will at least test if that IS happening.

If it doesn’t change anything, then we would have to see more code and see if you have another routine hiding that interferes with the $id variable. I have seen odd Javascript routines that have altered form fields and in turn cause PHP variables to get flakey when reading the posted values. I doubt this is it. Hmmm, get’n a bit frustrated with this one… Try the $idz whatever and let us know…

Change it. I just realised that I am using a .htaccess using the follow RewriteRules

RewriteRule ^([^/\.]+)/([^/\.]+)/([^/\.]+)/([^/\.]+)?$ index.php?page=product&cat=$1&cat2=$2&cat3=$3&xid=$4 [L] RewriteRule ^([^/\.]+)/([^/\.]+)/([^/\.]+)?$ index.php?page=product&cat=$1&cat2=$2&xid=$3 [L] RewriteRule ^([^/\.]+)/([^/\.]+)?$ index.php?page=product&cat=$1&xid=$2 [L]

Might be there is something wrong here? Considering I hardly understand it myself it might be there is something wrong there. Completly forgot about this, untill I had to change the name of the id, changing it did not work though.

Hmmm, another new part of the puzzle…

.htaccess rewriterules are usually used to rewrite the “prefix” of the URL so that it goes to a differrent folder. This can be used for redirecting a page to get the files from a hidden folder instead of where it currently is.
Mostly used for extra security, but a pain to decode sometimes.

Here is a comment from the explanation :
This module operates on the full URLs (including the path-info part) both in per-server context (httpd.conf) and per-directory context (.htaccess) and can generate query-string parts on result. The rewritten result can lead to internal sub-processing, external request redirection or even to an internal proxy throughput.

As it says it can redirect through proxy’s. But, these can cause major issues with debugging and usually are added after the project is working correctly. Glancing quickly at your rewriterules, my quick guess is that your rules alter the result to add cat2,cat3 under certain conditions. I do not understand what that means.
The output goes to the same folder and goes to the index.php page. So, if I had to guess, you were trying to change the results that is sent depending on the depth of the condition. This makes no sense to me as it should really be done in the page itself with PHP, not in a server-wide rewriterule. That is not what they are really for. Later on if you have a page that has nothing to do with this page, it could mess up your page and add cat3 to a page you dont need it in… Not correct…

Please explain why you would want this in place.

Well my website has three level of product for example

• Girls
  • Pants
    • Short

so poeple can go to kleding www.kledinggericht.nl/Girls/1 or www.kledinggericht.nl/Dames/Pants/1 or www.kledinggericht.nl/Dames/Pants/Short/1. You would get a nice readable and search engine optimised name. Instead of www.kledinggericht.nl/index.php?page=product&cat=Girls&cat2=Pants&xid=1.

HOWEVER! Reading this I decided to test it by just going the regular way, thus skipping the rewrite rule and it works then. Clearly this makes me happy, very much so because finially the problem has been found (thanks!), but how do I get a rewrite rule that works the way I like it to work? Because I would really hate for consumer to go to a webpage looking like “www.kledinggericht.nl/index.php?page=product&cat=Girls&cat2=Pants&xid=1”