0

I've got a PHP page with 2 MySQL statements in various parts of the code. I'm using the generated result sets to set cookie values then call it later. Yet, when I call the cookie data, it does not update the display of the cookie values until after a 2nd refresh. To Better understand, Here's the 3 sections of code:

<?php
include 'functions.php';
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    $SqlStatement = "SELECT Deceased.PK_Deceased, Deceased.Date_Death, Personal_Info.First_Name, Personal_Info.Last_Name FROM Deceased INNER JOIN Personal_Info ON Personal_Info.PK_Personal_Info = Deceased.FK_Personal_Info WHERE Deceased.FK_Personal_Info = '".$_POST['cboDeceased']."'";

    $result = ExecuteSql($SqlStatement);
    if(mysqli_num_rows($result) == 1)
    {
        $row = mysqli_fetch_array($result);
        setcookie('deceasedID', $row['PK_Deceased'], time()+360000, '/');
        setcookie('deceasedName', ($row['First_Name']." ".$row['Last_Name']), time()+360000, '/');
        setcookie('deceasedDoD', $row['Date_Death'], time()+360000, '/');
    }
}
?>

This is the code that pulls the data from the postback. I think that this is the part that is incorrect, but I'm not sure.

<tr>
<td width="25%" rowspan="2" align="center">Current User: <?php echo $_COOKIE['username']; ?> </td>
<td width="25%" rowspan="2" align="center">Current Deceased: <?php if(isset($_COOKIE['deceasedName']))echo $_COOKIE['deceasedName']; ?></td>
<td width="50%" rowspan="2" align="center">Deceased Date of Death: <?php if(isset($_COOKIE['deceasedDoD']))echo $_COOKIE['deceasedDoD']; ?></td>

This is the code to load the cookie data into fields and the part that takes the 2nd refresh to display properly.

<form action="<?php $_SERVER['PHP_SELF'];?>" method="post">
<table align="center" width="500" border="0.5">
<tr>
<td width="176" align="right" style="font-weight:bold;">Please select deceased:</td>
<td width="214">
  <select name="cboDeceased" id="cboDeceased">
    <option>Select...</option>
    <?php
    $SqlStatement = "SELECT Deceased.PK_Deceased , Personal_Info.First_Name, Personal_Info.Last_Name FROM Deceased INNER JOIN Personal_Info ON Personal_Info.PK_Personal_Info = Deceased.FK_Personal_Info";

    $res = ExecuteSQL($SqlStatement);

    while($row = mysqli_fetch_array($res))
    {
        echo "<option value='".$row['PK_Deceased']."'>".$row['First_Name']." ".$row['Last_Name']."</option>";
    }
?>

This is the code that passes a variable based on ID to the 1st code block. This part works fine.

function ExecuteSQL($SQL)
{
$con = mysqli_connect("localhost", "root", "", "exec_support_db");
$res = mysqli_query($con, $SQL);
mysqli_close($con);
return $res;
}

Here's the code for the ExecuteSQL function. I know that this isn't the problem.

I think the problem is up above in the 1st code block, but I'm not sure. I've tried everything I can and am now out of ideas. Any help would be appreciated.

BlazeHeroic
  • 3
  • 3
  • 5
    You have an enormous SQL injection hole in this code. Please learn about SQL injection, escaping user input and prepared statements. [Here is a good reference question](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php). Please also note that cookie data will not be available in the `$_COOKIE` array until after the page has been refreshed, because this is the nature of cookies. It may be that [sessions](http://www.php.net/manual/en/book.session.php) would be more suited to your needs. – DaveRandom Mar 08 '13 at 23:21
  • I'm not worried about injection, I just want this to reload the cookies on the first postback. I had it working once before, then either changed or added something and now it isn't working that way anymore. Any help you can give to have this happen would be appreciated. – BlazeHeroic Mar 08 '13 at 23:24
  • You also don't need to create a new connection for every query. Just need to bootstrap it once. – datasage Mar 08 '13 at 23:24

1 Answers1

0

Beyond the SQL injection mentioned above by DaveRandom take a look at the php manual on how setcookie works:

http://php.net/manual/en/function.setcookie.php

It mentions specifically the info is injected into the headers, and therefor not available until your next page load. You probably want to do something like

if(isset($_COOKIE['deceasedID']))
{
    $deceasedID = $_COOKIE['deceasedID'];
}
else
{
    setcookie('deceasedID', $row['PK_Deceased'], time()+360000, '/');
    $deceasedId = $row['PK_Deceased'];
}
DaOgre
  • 2,080
  • 16
  • 25
  • Thank you so much!! It works perfectly. I think that must have been what I did is pull the row data, then changed it to use cookies afterwards. Thanks again very much. – BlazeHeroic Mar 08 '13 at 23:37
  • No problem, you may want to consider marking the question as answered if this accomplished what you were looking for. – DaOgre Mar 11 '13 at 18:57
  • Except now that I've gone back to it, it isn't working. I've even reverted and tried again and it still isn't working, so I don't know what I did to botch this but its not working again. – BlazeHeroic Mar 13 '13 at 00:43
  • Unfortunately "it isn't working" isn't sufficient information to try to help you with your problem. Why don't you edit the above with what you've changed and how your code looks now? – DaOgre Mar 14 '13 at 22:07