ansaurus

Question

Answer 1

A:

Sessions is what you need. Please don't hesitate to read the fine manual :)

codeholic 2010-04-26 21:54:03

so extract posts and set all to session variables? :)

Pete Herbert Penito 2010-04-26 21:56:57

Yes. Or you can just store the whole `$_POST` into a session variable. But as a better alternative, I can suggest you to use the same script for displaying the form and processing the form data. It's a generally accepted approach, that simplifies things in several times. If you have good understanding of the code and little time to refactor, I'd recommend you doing this. The general pattern is `if (isset($_POST['submit'])) { $error = validate($_POST); if ($error == false) { process_form(); redirect($done_page); /* 303 See Other */ } } display_form($error);`

codeholic 2010-04-26 22:08:52

Answer 2

+2 A:

You should use sessions to handle this. In your form processing code, set each element (that you recognise) from the $_POST array, into a session variable eg:

session_start();

$_SESSION["myField"] = $_POST["myField"];
$_SESSION["myField2"] = $_POST["myField2"];

Now, if you redirect back to the initial form page (eg if there is an error), you can use eg:

<input type="text" name="myField" value="<?php echo $_SESSION["myField"]; ?>" />

to pre-populate the field. You'll need to add <?php session_start(); ?> to the top of your form page to make sure that the session variables that you set are available to the form.

richsage 2010-04-26 22:09:37

this could work thank you sir, what if we did $_POST = $_SESSION ? could that be a security risk? I do have "only logged in" situations else where on the site which are triggered by if($_SESSION["username"]). On the page in question theres a login box which is manipulated by $_SESSION["username"]

Pete Herbert Penito 2010-04-26 22:31:10

SESSIONS arent major security risks because they are stored on the server side.

ggfan 2010-04-26 22:39:40

Answer 3

+1 A:

Sessions are useful if you need to redirect the user back to the form page instead of just displaying it again. It'd probably be better just not to redirect the user if possible. POST requests usually have less problems than GET requests do when it comes to caches. Some browsers are guilty of being a little to optimistic in their cache's and then you'd have to add cache information to your page if you haven't done so already.

It'd also be better to not disrupt their mentality of what the refresh button will do. As a user, I expect the page to give me the same output if refresh the page 99% of the time. (notable exceptions are forms with CAPTCHA and registration forms, both of which should still respond well to a resubmission). Most browsers will ask the user are they sure they want to resubmit the form.

If you want to use sessions, you're going to need to use the session_start() function on both pages. On the form page to get the session information, and on the submission page to save it to a session. I wouldn't recommend storing the entire $_POST array into a session variable, you don't know what's in there or how much space it'll take. You can look at richsage's answer for how to store the $_POST informtion in $_SESSION. You might also want to consider storing the fields you want in an array and using the array to save the information like so:

$allowed_fields = array('name', 'company', 'email');
foreach($allowed_fields as $field) {
  if(isset($_POST[$field])) {
    $_SESSION[$field] = $_POST[$field];
  }
}

When outputing back on the form, be sure to escape the output with something like htmlspecialchars() or htmlentities()">htmlentities() like so:

<input type="text" name="myField" value="<?php echo htmlspecialchars($_SESSION['myField']); ?>" />

Otherwise you're code will be suspectable to XSS (Cross Side Scripting).

AlReece45 2010-04-26 22:31:59

ansaurus

tags:

views:

answers:

Remembering Form information

related questions