Multiple Form POST

Anon

Hi, I'm sorry if this is a dumb question, but I'm pretty new to PHP.

I have a site where I have actions the user can take which are multiple pages long. The first page is a form which uses the POST method to send info to the second page. On the second page, the user selects some options. What I can't figure out how to do is have that second page somehow not clear the POST memory so that the third page has access to it. IE - the third page must have access to the $GLOBALS[HTTP_POST_VARS] of the second page.

So, basically, how does a php page post its own POST information to another page without dynamically building a dummy form and submitting it? Another option that would be possible would be to use a cookie, I know, but that doesn't work very well with the site I'm working on.

Thank you so much!

-Nate Walker

plutarck

When taking the POST data from the first page, take out the variables you want to keep and imbed them as "hidden" input fields in your second page form.

That's the unsafe way, as people can see and edit the hard-coded hidden variables on your page.

The other way is to use sessions, which is more or less the preferable way of doing it. If you know how, that is.

It's not hard to learn, but it takes a few hours of playing around to figure it all out.

The other way is to use cookies, of course.

kparker

So, basically, how does a php page post its own POST information to
another page without dynamically building a dummy form and submitting it?

You don't: dummy forms are one very viable way to do it, and they aren't hard at all. You do have another form on the second page anyway, don't you? Just add as many

lines as you need, and you're done!

Sessions are another alternative.

Anon

Could you elaborate on your comment that using hidden variables is unsafe? How could someone edit these variables and why would they want to do so?

Also, you mentioned "cookies" as an alternative way of passing variables. Meloni does not explain this very well in her book. Do you have a short example of how to do this? And is this a more secure way of doing things?

Thanks

Anon

Unsafe? No. I just didn't like hidden variables in principle. I wanted to be able to hide the stuff the user gave me in the first form and keep it, because it seems inefficient in my computer-science mind to accept the first form, spit it back out, and then accept it and the second one together.

In the end, I just used hidden variables, eloquence be damned.

As for cookies, there are 2 ways you can do this. The first, traditional way, the client-side cookie, is no more safe than the form. But in some cases, it's a lot more convenient. Basically, a client-side cookie is just a text file you can store and modify on the client's box. If you're interested, get a good book on Javascript (O'Reilly's is good).

The other cookie option is server-side cookies. In PHP, these are called sessions. You can check your php book, else here's a good simple example of using php sessions to store a username and password.

http://www.webmasterbase.com/article.php/319/95

Anon

By "unsafe", I mean the following:

"hidden" fields are easily readable by the user just by using View Source.

People may edit the hidden variables to be anything they want.

This means only that you can not ensure that the data the user submitted on the first form will be properly submitted on the second form.

What this means to you is let's say you validate the person's email address on the first page, then put it in a hidden field.

When the person submits that data again, you must revalidate that email address.

It's safe only if you do not trust the contents of any of the variables.