Question about using confirmation before from submit

miraclewhipkey

In my forms, I have tried to include a confirmation screen after the user submits the form, displaying the info they entered, and asking if it is correct. When they submit again, the form actually processes the transaction.

Does anyone have any opinions on which method would be best to handle this and why? For example, is it better to:

submit the first form and then load all the inputted info into hidden fields of a new form which submits to the transaction script.

or:

use a multi-page form encoding kind of thing.

Any opinions?

Hiccup

I'd just use hidden fields and ask them if everything's right. If it isn't, let them go back and correct whatever they like.

There's no right answer to this, just personal preferences.

mykg4orce

You may want to consider using SESSION Vars. Anyone can save your page to their harddrive and change the hiddenfield data, always best to use server side storage for data compared to client side hidden field...etc... just a thought.

If you used SESSION vars you could also set your input fields to automatically read from the session vars if they are set ( isset() ). Incase the user has to go back and correct something.

Weedpacket

Originally posted by mykg4orce
You may want to consider using SESSION Vars. Anyone can save your page to their harddrive and change the hiddenfield data, always best to use server side storage for data compared to client side hidden field...etc... just a thought.

If you used SESSION vars you could also set your input fields to automatically read from the session vars if they are set ( isset() ). Incase the user has to go back and correct something.

On top of that, it also reduces slightly the amount of bandwidth involved (no need to shuffle all those hidden form fields back and forth), and also a bit more secure (because the already-submitted data is sitting on the server, there's less chance for it to get mangled out in the big bad world).

miraclewhipkey

Thanks for the responses.

Wouldn't using session vars just be a trade-off of bandwidth for server memory? Does anyone know if there is a significant differnence (performance and pageload-wise) between the two?

I'm not really worried about the security issue. One way to secure a form is to run a small check at the top that checks the refferer, and if it is among your list of acceptable "submitters", process the page, otherwise die().

I am mainly looking for the differences in performance, from the user's perspective. Like, how long will it take for the script to run AND the HTML to be fully rendered? Not down to milliseconds per se, I just want to avoid doing it in a way that is clumsy and bloated. BTW, the forms are object-oriented and submit to themselves.

cheers,
Clay

Weedpacket

Originally posted by miraclewhipkey
Wouldn't using session vars just be a trade-off of bandwidth for server memory? Does anyone know if there is a significant differnence (performance and pageload-wise) between the two?

There are always space/time tradeoffs - it's mathematically unavoidable. With present-day technology space is a lot cheaper than time. You can buy more memory or disk space, but there are no more than 90001 seconds in a day.