LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   Javascript array to PHP using cookies problem (https://www.linuxquestions.org/questions/programming-9/javascript-array-to-php-using-cookies-problem-422494/)

climbingmerlin 03-07-2006 10:33 AM
Javascript array to PHP using cookies problem
 
Hi,

I am having a little nightmare with a small application that I am writing in PHP. One part of the site allows the user to click on check boxes to select users from a list. This includes a 'select all' option to check all the check boxes. Now this list can be any size in length, so I do not know the values of each box.

When the user submits the selection a javascript function is called that adds all the selected check boxes into an array and should be stored in a cookie. The next page should read this serialized array from the cookie to allow updates to a MySQL database.

The problem that I am having at the moment is that I am getting the following error.

Quote:
Notice: unserialize() [function.unserialize]: Error at offset 2441 of 2447 bytes in /opt/working/mailadmin/include/build_funcs.php on line 226
It appears to me that the cookie is not being sent, but looking at examples and google'ing like a mad man, I can not see why. Below is the javascript that is used for the above functionality:

Code:
var mailchk = null;

function chkAll(){
  mailchk = new Array(document.formbuild.mailshot.length);
  /*Check to see if the checkbox is ticked or not*/
  if(document.formbuild.selectall.checked == true){
    for(var i = 0; i <= document.formbuild.mailshot.length; i++){
      if(document.formbuild.mailshot[i].disabled != true){
        document.formbuild.mailshot[i].checked = true;
        mailchk[i] = document.formbuild.mailshot[i].value;
      }
     
    }
  }else{
    for(var i = 0; i <= document.formbuild.mailshot.length;i++){
     
      document.formbuild.mailshot[i].checked = false;
      mailchk[i] = null;
    }
  }
 
}

function setCookie(name,value,expire){
  document.cookie = name + "=" + escape(value) + ((expire==null) ? "" : (";expires=" + expire.toGMTString()));
}


function js_array_to_php_array(a){
  var a_php="";
  var total = 0;
  for(var key in a){
    ++total;
    a_php = a_php + "s:" +
        String(key).length + ":\"" + String(key) + "\";s:" +
        String(a[key]).length + ":\"" + String(a[key])+ "\";";
  }
 
  a_php = "a:" + total + ":{"+a_php+"}";
 
  return a_php;
 
}

function get_vals(){
 
  if(mailchk == null ){
    add_array();
  }

  var array = js_array_to_php_array(mailchk);
  setCookie("php_array",String(array),null);
 

}


function add_array(){
  mailchk = new Array(document.formbuild.mailshot.length);
 
  for(var i = 0; i <= document.formbuild.mailshot.length;i++){
    if(document.formbuild.mailshot[i].checked == true){
      mailchk[i] = document.formbuild.mailshot[i].value;
    }
  }
}
Here is the PHP code that should read the serialised array from the cookie

Code:
/*get javascript array from cookie.*/
  $chk_array = unserialize(urldecode(stripslashes($_COOKIE['php_array'])));
Any help on this would be really appreciated.

Thanks...

vharishankar 03-08-2006 03:02 AM
Quote:
When the user submits the selection a javascript function is called that adds all the selected check boxes into an array and should be stored in a cookie. The next page should read this serialized array from the cookie to allow updates to a MySQL database.
Not sure why you need to do this. Can you not simply read the form fields when they are submitted. I'm sure even with dynamically generated forms, it's possible to read the value from the check boxes provided you use PHP to generate their "value" as ids.

What I do is use an array to set the "name" attribute of the HTML checkbox element and then when the form is submitted, you just need to retrieve these.

For example: let's store each checkbox as "id1", "id2" etc. etc. using an array. All you need to do to populate the checkbox is run this through an array to get 1,2,3... etc.

climbingmerlin 03-08-2006 05:22 AM
Sadly not as the values of the check boxes are IDs in a database table, and depending on the search results might not be in a linear format.

That is why I am looking at storing the checkbox values in an array, which is in essence the user id's in the database.

I am interested in a better way of doing this, than using cookies as it does not seem to be the most reliable way of passing the data around the application.

Thanks again in advance.

vharishankar 03-08-2006 06:44 AM
Just retrieve the Ids from the database, use that in an array to set the "name" attribute of the checkboxes in the form field and when you retrieve form, you can access the elements using that ID.

If you set the id to each corresponding check item, it will work. No need for it to be in any order (asc or desc).

Spudley 03-08-2006 06:52 AM
You're right; cookies aren't that reliable -- users can easily turn them off or delete them. Users can also look at the values of their cookies, and they're transmitted as plain text, so they're not particularly secure, either.

Personally, I'd use PHP sessions rather than keeping everything in cookies. PHP Sessions also use cookies internally when they're available, but can work without them if needed. The great thing is it's all transparent; all you have to to is call session_start() at the beginning of your code on every page, and you get an array called $_SESSION that is persistent for a given user and reasonably secure.

Even better, you don't need to bother with that messy array serialising; just dump all your array values into $_SESSION[], and you've got them to hand whenever you need them.

Hope that helps :)

vharishankar 03-08-2006 07:06 AM
General advice: even if you use sessions, you should try to encrypt the data. Sessions are usually stored in cookies ;)...

Spudley 03-08-2006 07:30 AM
Quote:
Originally Posted by Harishankar
General advice: even if you use sessions, you should try to encrypt the data. Sessions are usually stored in cookies ;)...
No.... the data in the session array stays safely on the server: the only thing in the cookies is the session ID, and you can't encrypt that.

The only real potential security issue comes from someone trying to take over another user's session by using their session ID, but PHP uses a few other tricks internally (eg IP address) to make sure the session ID being used is legitimate, so it's not easy to hack.

vharishankar 03-08-2006 07:34 AM
Quote:
No.... the data in the session array stays safely on the server: the only thing in the cookies is the session ID, and you can't encrypt that.
That's true, but even then, if somebody could get the session ID (since it's transmitted unencrypted, they could still get the data. Besides if cookies aren't enabled, session Ids are transmitted using URLs and that renders it vulnerable to security problems. The point is that just as you cannot trust cookies, you shouldn't really trusts sessions either. I suggest using a combination of both and/or encrypting data across transfers if you're security conscious.

Besides, I still think that the original question can be solved without discussing either of these issues. The solution I mentioned in my previous post should help.

climbingmerlin 03-09-2006 06:44 AM
All working now, following your guidance... plus a few minor changes to the code.

Many thanks for your help it is very much appreciated.

vharishankar 03-09-2006 08:28 AM
Quote:
Many thanks for your help it is very much appreciated.
Thanks. Exactly which advice did you follow? It might be useful to know just for future reference?

climbingmerlin 03-09-2006 10:06 AM
I used the method described in post number 4.

Quote:
Just retrieve the Ids from the database, use that in an array to set the "name" attribute of the checkboxes in the form field and when you retrieve form, you can access the elements using that ID.
I was just making things difficult for myself.

Thanks again...


All times are GMT -5. The time now is 08:34 PM.