ansaurus

Question

Answer 1

+3 A:

That's perfectly fine and will work. But to use sessions you have to put session_start(); on the first line of the php code. So basically

<?php
session_start();

//rest of stuff

?>

kizzie33 2010-09-24 22:25:22

Oh yeah thank you! Forgot to put that in. What would I put for the form action? Just leave it blank?

Kevin Johnson 2010-09-24 22:45:21

Answer 2

+1 A:

Yes this is possible. kizzie is correct with the session_start(); having to go first.

another observation I made is that you need to filter your form data using:

strip_tags($value);

and/or

stripslashes($value);

Todd Moses 2010-09-24 22:29:22

So basically this just sanitizes the data?

Kevin Johnson 2010-09-24 22:45:37

-1 This is a totally useless answer. `stripslashes()` is useless now that magic quotes are off by default (and also this would "de-sanitize" your data if anything). Also why would you want to do `strip_tags()` (or `stripslashes()`) on information you save to sessions?

NullUserException 2010-09-25 02:16:36

You cannot be guaranteed that magic quotes are off. I have worked with too many clients who used hosting they had no control over and magic quotes was on. It is a best practice to assume nothing. What if the code is moved or the host changes the settings, etc...

Todd Moses 2010-09-25 04:35:46

If the data is coming from the user then you want to treat it as dangerous. Where is that data going to go - maybe the DB, etc... The point is to protect your site. Because down the road another developer may be working on the site and use the user data for something else without checking for filtering.

Todd Moses 2010-09-25 04:44:18

Answer 3

+1 A:

Hi

To use session variables it's necessary to start the session by using the session_start function, this will allowed you to store your data in the global variable $_SESSION in a persistent way.

so you code will finally looks like this :

<strong>Test Form</strong>
<form action="" method"post">
<input type="text" name="picturenum"/>
<input type="submit" name="Submit" value="Submit!" />
</form>

<?php 

 // starting the session
 session_start();


 if (isset($_POST['Submit'])) { 
 $_SESSION['picturenum'] = $_POST['picturenum'];
 } 
?> 

<strong><?php echo $_SESSION['picturenum'];?></strong>

to make it easy to use and to avoid forgetting it again, you can create a session_file.php which will be include in all your codes and will start the session for you

session_start.php

 <?php
   session_start();
 ?>

and then include it wherever you like :

<strong>Test Form</strong>
<form action="" method"post">
<input type="text" name="picturenum"/>
<input type="submit" name="Submit" value="Submit!" />
</form>

<?php 

 // including the session file
 require_once("session_start.php");


 if (isset($_POST['Submit'])) { 
 $_SESSION['picturenum'] = $_POST['picturenum'];
 } 
?>

that's is the more portable and easy way to maintain in the future.

other remarks

if you are using Apache version 2 or more, be carefull instead of
< ?
to open php's tags, use < ?php, otherwise your code will not be interpreted
variables names in php are case-sensitives instead of write $_session, write $_SESSION in capital letters

good work !

Leonzo Constantini 2010-09-24 23:10:17

ansaurus

tags:

views:

answers:

Storing Form Data as a Session Variable

related questions