PHP referral code - weird issue

Hi everyone,
here what i've been trying to figure out,
i use referral program if someone signing up on my website with their referral code, and below the code i use:
on the homepage (index.php) at the beginning i put this code to catch the upline username
Quote:


<?
session_start();
if(!empty($ref))
$_SESSION['referral_uid'] = $ref;
?>


and this what i put on the register page:
Quote:


<?
session_start();
if(!empty($_SESSION['referral_uid']))
$ref = $_SESSION['referral_uid'];
else
$ref = "";
?>


and i use below code to show the referral username when signing up:
Quote:


<input value="<? echo $ref; ?>" name="referral">


and when someone signing up on my website, it will show the upline username..
everything was fine until i moved my website to new hosting,
on referral field which supposed to show the upline username doesn't work anymore,
and i didn't change anything on all the code
i see nothing different from my old hosting and current one,
except the old one use PHP 5.2.5, and my current hosting use PHP 5.2.6.. anybody could help?
thanks in advance

Ask your webhost to enable sessions support for PHP. PHP needs to be compiled with --enable-sessions parameter.





__________________Bouncing Cube: Professional, Reliable, Affordable Hosting.

Where does $ref come from? Unless this isn't all of the code, I'm thinking the issue might be globals related. How exactly are you passing the ref id? index.php?ref=xxx?





__________________ProgrammingTalk.com - For all your programming questions!Have YOU read the rules lately?

Arbet:
i've sent support ticket about this to my host, will update if it work out
Christian:
thats all the code actually,
yes, "index.php?ref=xxx" is the referral links
thanks for replying guys, appreciate it
any other input?

Try doing something like:Index.php
PHP Code:



<?
session_start();
if(!empty($_GET['ref']))
$_SESSION['referral_uid'] = $_GET['ref'];
?>





Register.php
PHP Code:



<?
session_start();
if(!empty($_SESSION['referral_uid']))
$ref = $_SESSION['referral_uid'];
else
$ref = "";
?>




See if that does the trick. On a further note, you really should look into a form of sanitation, you don't want any HTML or potential SQL injections. Given the input will be a number, look into the function intval.





__________________ProgrammingTalk.com - For all your programming questions!Have YOU read the rules lately?

Quote:



Originally Posted by Christian


Try doing something like:


Surely it'd be easier and quicker to simply add the top line;
$ref = $_GET['ref'];?
That would remove the need to modify the rest of the working code.





__________________
I love to make websites. I love to program. I'm hosted by downtownhost and they're brilliant!

Christian:
works perfectly! thanks a bunch for that
hm not sure with "form of sanitation", and i never know about html injection before you mention that, i guess need to learn more about this sooner or later
by the way, are you the admin of programmingtalk.com?
looks very cool forum, just join up and chilling there
citricsquid:
yeap, both works find, thanks for your help
this is really cool forum, problem solved within 24 hours!!!
i have to wait more than that to get a reply from my programmer
thanks for everyone whose been helping, much appreciate!!

Quote:



Originally Posted by damian1


Christian:
works perfectly! thanks a bunch for that
hm not sure with "form of sanitation", and i never know about html injection before you mention that, i guess need to learn more about this sooner or later


Sooner, rather than later
If the data is being inserted into a database, you'll need to remove any chance of SQL injections, which is basically commands in fields.
So, if you have a query
"INSERT into SOMETHING VALUES(NULL, '$name'...etc
and $name is user defined, a user could enter a mysql command and then that would be executed, they could easily delete your whole database, to disallow this you use commands such as mysql_real_escape_string.
There is also functions to stop html functioning, so when the data is displayed it doesn't mess up your layout, spawn popups etc.http://phpsec.org/projects/guide/2.html
Nice article





__________________
I love to make websites. I love to program. I'm hosted by downtownhost and they're brilliant!

Quote:



Originally Posted by citricsquid


Surely it'd be easier and quicker to simply add the top line;
$ref = $_GET['ref'];?
That would remove the need to modify the rest of the working code.


If that's what floats your boat then yeah, but it's just two instances so it's not like it's that big of a deal.
Quote:



Originally Posted by damian1


Christian:
works perfectly! thanks a bunch for that
hm not sure with "form of sanitation", and i never know about html injection before you mention that, i guess need to learn more about this sooner or later


Like citricsquid said, sooner rather than later. Bottomline with coding is, never trust the user. You have to expect they will try to do things they aren't suppose to.
Quote:



Originally Posted by damian1


by the way, are you the admin of programmingtalk.com?
looks very cool forum, just join up and chilling there


I am, looking forward to seeing you there.





__________________ProgrammingTalk.com - For all your programming questions!Have YOU read the rules lately?

Quote:



Originally Posted by Christian


If that's what floats your boat then yeah, but it's just two instances so it's not like it's that big of a deal.


Yep
I thought it'd be easier for him though, but yeah, it's down to personal preference... Unless you're desperate to save a few bytes





__________________
I love to make websites. I love to program. I'm hosted by downtownhost and they're brilliant!