I'm not sure what the best way of populating a notification page is. I've been using sessions to populate it with information, but this falls short if the user is blocking cookies. I've considered passing it in HTTP GET variables, but I'm unsure whether it's a good alternative since its length is limited by some browsers.
Which method do you prefer?
You could try using an indexed list of error messages, then simply pass the error ID as a GET parameter to the page. You can't really use POST, since I imagine you will be redirecting to the error page and therefore GET requests are pretty much your best option.
Another way of doing it is having the error page in-situ - i.e. the user stays on the same URL, but gets a modified HTTP status code (i.e. a 404 for 'not found', 500 in the event of a server error and so on) along with the error message. This way you don't have to worry about populating the page through a HTTP request, you can simply do it from within the page encountering the error.
I prefer the 2nd method, even if it is harder to implement. With it, you can then use error and exception handlers to automatically trap any error situations and then fire off your error output code.
There are some notifications that belong to the page that generates them, such as errors in form fields. These are easy to handle. I normally create an array to hold them in HTML format and use a function to display them as HTML list:
<?php
$errors = array();
function print_errors($errors){
if( !empty($errors) ){
echo '<ul><li>' . implode('</li><li>', $errors) . '</ul>';
}
}
# ...
if($foo<=0){
$errors[] = '<label for="foo">Foo</label> is <strong>' . htmlspecialchars($foo) . '</strong> but it must be greater than zero.';
}
if(empty($errors)){
save_stuff();
header('Location: http://example.com/somewhere/else/');
exit;
}
# ...
print_errors($errors);
echo '<form action="" method="post">';
echo '<input type="text" name="foo" value="' . htmlspecialchars($foo) . '" id="foo">';
echo '</form>';
# ...
?>
Then there is the case you describe: after a successful (or impossible) action, the user is redirected somewhere else (e.g., main section page) where he gets an explanation. For short messages, I tend to use a GET variables that hold the messages in plain text:
<?php
if( isset($_GET['error']) ){
echo '<p class="error">' . htmlspecialchars($_GET['error']) . '</p>';
}
if( isset($_GET['message']) ){
echo '<p class="message">' . htmlspecialchars($_GET['message']) . '</p>';
}
?>
This is quite fine for intranets, but it has two drawbacks:
If you have some storage available (files, databases, whatever) you can keep full HTML messages and assign them a random ID:
ID: 4a0a19218e082a343a1b17e5333409af9d98f0f5
Date: 2010-05-25 11:24:30
Type: message
HTML: <a href="/item/25">Item #25</a> was modified successfully.
http://example.com/?msg=4a0a19218e082a343a1b17e5333409af9d98f0f5
Make sure you save the date so you can clean up old data now and then.
My two cents.
There's also the possibility of appending the PHP session id to every link on the page, so you could fall back to that if cookies fail.
If that's not possible, I'd also go with saving the messages to database and passing the unique id with $_GET.