views:

38

answers:

4

Hi There, I am a bit of a PHP newb I have developed a multi-page form which works fine at the moment - each stage is on another page (I use the session to retain the data). However I know that users don't always use these forms the way you want!

I want to control the flow of the form.

  • I would like the user to be able to use the browser back & forward button for ease of use.
  • They should not be able to skip a part of the form by entering a form stage URL directly into the address bar to get the a later stage in the form (essentially skipping a part of the form).

  • The form also does not flow the same path every time, it is dependant on the users choices what stage is displayed next.

I was wondering if anyone had any ideas of ways to control the flow of this multi-page form thank you!

+1  A: 

store form results in SESSIONS (encrypt them if sensitive)

then just check on each form if the value is set and show it as necessary.

use another session to check the "progress" of the form, to prevent the user from skipping ahead. for example...

<?php
  /* on form 3 */
    if(isset($_SESSION['progress'] && $_SESSION['progress']==2)
    {
       //the second form has been filled out and validates
    }
    else
    {
      // the 2nd form hasn't been finished, redirect
    }
?>

you could also use like a percentage based system in the session - a value of 90 means that 90% of the form fields have been completed - for displaying "progress" in a visual means to the user.

basically on every form submission, check whats been submitted, if its expected, then set appropiate sessions to redirect to the next stage.

check every set session on every form to determine if the user should be here yet.

Ross
This is a really bad idea. The session should only ever hold session data - storing transaction data is just asking for trouble. You'll get yourself tied in knots trying to deal with virtual sessions / multiple browsers.
symcbean
I hadn't thought of this (evidently!). Point taken
Ross
@symcbean such a forms **supposed** to be of single instance only. Nothing bad in storing such a transactions in a session.
Col. Shrapnel
"users don't always use these forms the way you want"
symcbean
A: 

Push the data for the non-current fields into a hidden field in the browser (to save time and effort - just serialize an array/object).

symcbean
Not sure if I should up or downvote this, so I'll just pass. Using hidden fields is a viable option. Serializing stuff and putting there is a bad idea though.
troelskn
@troelskn the OP have said `users don't always use these forms the way you want` - that's clear enough. silly hidden fields is not an option
Col. Shrapnel
@shrapnel I'm not sure in which way that makes hidden fields silly?
troelskn
I'm only suggesting serializing user submitted data - which should still be validated before it's used for anything. Using a serialized value just saves the effort of writing lots of hidden fields when its not data the user will be interacting with directly.
symcbean
if you're suggesting this compromises the integrity of the application then please explain how.
symcbean
A: 

I would like the user to be able to use the browser back & forward button

If users are allowed to re-enter previous stages, just let them and rewrite current stage in the session.
If not, make form fields read-only and do not process submitted forms for the previous stages.

That's the only problem I can see here.

Col. Shrapnel
A: 

You can either use session data to retain the state between multiple pages, or you can transfer all data on each page. Typically you would do the latter with hidden fields or you will create one humonguous form, and use javascript to make it appear as if it was multiple pages, when - in fact - it's not.

There are pros and cons to each solution.

troelskn