views:

2271

answers:

3

Hello, it seems pretty simple but I can't find a good way to do it.

Say in the first page I create a variable

$myVariable = "Some text";

And the form's action for that page is "Page2.php". So in Page2.php, how can I have access to that variable? I know I can do it with sessions but I think it's too much for a simple string, and I do only need to pass a simple string (a file name).

How can I achieve this?

Thanks!

+2  A: 

Passing data in the request

You could either embed it as a hidden field in your form, or add it your forms action URL

 echo '<input type="hidden" name="myVariable" value="'.
     htmlentities($myVariable).'">';

or

echo '<form method="POST" action="Page2.php?myVariable='.
    urlencode($myVariable).'">";

Note this also illustrates the use of htmlentities and urlencode when passing data around.

Passing data in the session

If the data doesn't need to be passed to the client side, then sessions may be more appropriate. Simply call session_start() at the start of each page, and you can get and set data into the $_SESSION array.

Security

Since you state your value is actually a filename, you need to be aware of the security ramifications. If the filename has arrived from the client side, assume the user has tampered with the value. Check it for validity! What happens when the user passes the path to an important system file, or a file under their control? Can your script be used to "probe" the server for files that do or do not exist?

As you are clearly just getting started here, its worth reminding that this goes for any data which arrives in $_GET, $_POST or $_COOKIE - assume your worst enemy crafted the contents of those arrays, and code accordingly!

Paul Dixon
+2  A: 

Sessions would be the only good way, you could also use GET/POST but that would be potentially insecure.

Alo
+16  A: 

HTML / HTTP is stateless, in other words, what you did / saw on the previous page, is completely disconnected with the current page. Except if you use something like sessions, cookies or GET / POST variables. Sessions and cookies are quite easy to use, with session being by far more secure than cookies. More secure, but not completely secure.

Session:

//On page 1
$_SESSION['varname'] = $var_value;

//On page 2
$var_value = $_SESSION['varname'];

Remember to run the session_start() statement on both these pages before you try to access the $_SESSION array, and also before any output is sent to the browser.

Cookie:

//One page 1
$_COOKIE['varname'] = $var_value;

//On page 2
$var_value = $_COOKIE['varname'];

The big difference between sessions and cookies are that the value of the variable will be stored on the server if you're using sessions, and on the client if you're using cookies. I can't think of any good reason to use cookies instead of sessions, except if you want data to persist between sessions, but even then it's perhaps better to store it in a DB, and retrieve it based on a username or id.

GET and POST

You can either add the variable in the link to the next page:

<a href="page2.php?varname=<?php echo $var_value ?>">Page2</a>

This will create a GET variable, or include a hidden field in a form that submits to page two:

<form method="get" action="page2.php">
    <input type="hidden" name="varname" value="var_value">
    <input type="submit">
</form>

And then on page two

//Using GET
$var_value = $_GET['varname'];

//Using POST
$var_value = $_POST['varname'];

//Using GET, POST or COOKIE.
$var_value = $_REQUEST['varname'];

Just change the method for the form to post if you want to do it via post. Both are equally insecure, although GET is easier to hack.

The fact that each new request is, except for session data, a totally new instance of the script caught me when I first started coding in PHP. Once you get used to it, it's quite simple though.

Jrgns
Thanks this helped, the problem was that I had a bunch of variables in the first page, so what I did was create an array with all those variables and send it to the next page using sessions.
Carlo
Schweet :) Glad I could help.
Jrgns
Nitpick: sessions in PHP generally are handled by cookies too. The session cookie is not a persistent cookie and usually simply only holds the session id. But it is still a cookie.
fireeyedboy
God, good effing answer!
danieltalsky
To elaborate on my own comment. The reason is that, because, as you said, HTTP is stateless. Therefor PHP still needs a way to identify the session. This is done by storing a cookie on the client with a session id. If cookies are disabled clientside, PHP sometimes utilizes $_GET vars to append the session id to links between pages. But this is generally considered insecure, and is therefor generally disabled of most webservers (php.ini).
fireeyedboy