Using $_SESSION to carry data

Question

I have attempted to use $_SESSION in a form input I am creating however I cannot get it to work and do not know what I am doing wrong, it works with my previous part of the form when carrying data over to the next page - however the code does not seem to work for the main part of the form.

    <?php

//This includes the variables, adjusted within the 'config.php file' and the functions from the 'functions.php' - the config variables are adjusted prior to anything else.
require('configs/config.php');
require('configs/functions.php');

//Check to see if the form has been submited, if it has we continue with the script.
if(isset($_POST['confirmation']) && isset($_POST['name']) && isset($_POST['email']) && isset($_POST['address1']) && isset($_POST['city']) && isset($_POST['postcode']) and $_POST['confirmation']=='true')
{
    //Slashes are removed, depending on whether magic_quotes_gpc is on.
    if(get_magic_quotes_gpc())
    {
        $_POST['name'] = stripslashes($_POST['name']);
        $_POST['email'] = stripslashes($_POST['email']);
        $_POST['address1'] = stripslashes($_POST['address1']);
        $_POST['address2'] = stripslashes($_POST['address2']);
        $_POST['city'] = stripslashes($_POST['city']);
        $_POST['postcode'] = stripslashes($_POST['postcode']);
        $_POST['phonenum'] = stripslashes($_POST['phonenum']);
    }

    //Create the future reference number of the repair.
    $maxid = mysql_fetch_array(mysql_query('select max(id) as id from repairs'));
    $id = intval($maxid['id'])+1;

    //Create the future reference number of the repair.
    $maxref = mysql_fetch_array(mysql_query('select max(reference) as reference from repairs'));
    $reference = intval($maxref['reference'])+8;

    //Here the session variables are converted back into standard variables.
    $model = $_SESSION['model'];
    $problem = $_SESSION['problem'];
    $info = $_SESSION['info'];
    $device = $_SESSION['device'];
    $price = $_SESSION['price'];
    $image = $_SESSION['image']; 

    //Here the variables are protected using mysql_real_escape_string.
    $name = mysql_real_escape_string(substr($_POST['name'],0,150));
    $email = mysql_real_escape_string(substr($_POST['email'],0,255));
    $address1 = mysql_real_escape_string(substr($_POST['address1'],0,255));
    $address2 = mysql_real_escape_string(substr($_POST['address2'],0,255));
    $city = mysql_real_escape_string(substr($_POST['city'],0,100));
    $postcode = mysql_real_escape_string(substr($_POST['postcode'],0,9));
    $phonenum = mysql_real_escape_string(substr($_POST['phonenum'],0,11));
    $date = date("r");

    //Here the variables are protected using trim.
    $name = trim($name);
    $email = trim($email);
    $address1 = trim($address1);
    $address2 = trim($address2);
    $city = trim($city);
    $postcode = trim($postcode);
    $phonenum = trim($phonenum);

    //Here the variables are protected using htmlspecialchars.
    $name = htmlspecialchars($name);
    $email = htmlspecialchars($email);
    $address1 = htmlspecialchars($address1);
    $address2 = htmlspecialchars($address2);
    $city = htmlspecialchars($city);
    $postcode = htmlspecialchars($postcode);
    $phonenum = htmlspecialchars($phonenum);

    //Here the variables are protected using strip_tags.
    $name = strip_tags($name);
    $email = strip_tags($email);
    $address1 = strip_tags($address1);
    $address2 = strip_tags($address2);
    $city = strip_tags($city);
    $postcode = strip_tags($postcode);
    $phonenum = strip_tags($phonenum);

    //The details about the repair are entered into the database
    $query = mysql_query("insert into repairs (id, model, problem, info, name, email, address1, address2, city, postcode, phonenum, price, date, reference) values ('$id', '$model', '$problem', '$info', '$name', '$email', '$address1', '$address2', '$city', '$postcode', '$phonenum', '$price', '$date', '$reference')") or die(header('Location: 404.php'));
?>

Some HTML is here.

<?  
  }
  else {
     header('Location: 404.php');
  }
?>

Can anyone help me to get this to work?

Answer 1

set your error logging to the most verbose level. If your Paste is exact, you have some spaces in the beginning which cause, that you cant send headers anymore and so you cant initiate the session.

Answer 2

You have to initiate your session in the beginning of your script with session_start()