sessions variables

pang

hi,
i have four php pages.
new.php, add.php, city.php and insert.php. In new.php i have a text field named numbo.
the new.php has a post action to add.php. the add.php has a post action to city.php and city.php had a post action to insert.php.

i need to conserve the value of text field numbo in city.php and insert.php, can anyone give me the right code using sessions?

jkurrle

PHP handles both GET and POST methods for handling information from page to page. Let me provide an example for you:

I create a form in a page called FOO, like this:

Upon pressing the submit button, all information in the form is passed to page BAR. Now let's see what BAR does:

<?php
$passed_variable=$_GET['passed_variable'];
echo "Passed variable is $passed_variable <br/>";
?>

This first section pulls the variable off of the URL line (You'll see it passed on the url at the end as "?passed_variable=something"). It then echos it, to show you that it was properly passed.

Now, let's go on to the form on BAR. You might actually create it like this:

<?php echo "
<form method='post' action='BAS.php'>
<input type='hidden' name='passed_variable' value='$passed_variable'>
<input type='submit' value='Press Me'>
</form>
"; ?>

Note that we used php's ECHO command to create the input line with the variable's value substituted for the text.

Upon pressing this button, the information is sent via POST to page BAS. If you look at the url, there is no information attached to the end. POST uses an internal server mechanism to send variables. How do we get it? Let's see:

<?php
$passed_variable=$_POST['passed_variable'];
echo "Passed variable is $passed_variable <br/>";
?>

Which is better GET or POST? It depends on your situation. POST is slower, but is more secure and allows you a much larger environment space to pass variables in. GET is faster, but all variables are on the url line and are prone to tampering. Also, it is easy to overrun the URL buffer by relying on GET too much. You'll then likely get some sort of mysterious browser message, that looks like someone's hacking your system. :-)

Still GET is very useful. You can add variables from page to page by simply adding ?var1=value1&var2=value2&var3=value3, etc. to your URL. Note the first variable you pass uses a question mark, the rest use ampersands.

One more thing I've run across. Passing a variable with spaces, via GET, gets tricky when you pass it on a second time. The spaces tend not to get converted properly. I wrote a small routine that simply EXPLODEed the passed parameter, with a space as the delimiter, and reconstructed the parameter substituting + signs in place of spaces. Hopefully, you won't have to go that far.

Hope this helps.

John K

pang

thanks for the explanations.

I did not want to use a hidden input to conserve the value of my variavle numbo because in the reality i have to conserve too many fields: 12 fields , and as i have four pages, i must rhigt hidden type in each page as much as fields i have, it will be too many codes, that's why i thougt of using sessions.

jkurrle

I don't know much about sessions, I'm afraid, but here's what I do know:

First, sessions work under some limited circumstances. Sessions don't work unless track_vars is enabled. As of PHP 4.0.3 track-vars is always turned on. for versions previous to 4.0.3 the option --enable-track-vars should be used when installing PHP.

If users have cookies turned off, sessions don't work unless trans-sid is turned on. Trans-sid often passes the session information right on the URL as you move from page to page - not a real secure way of doing things. If you have a web-based app that requires security (like shopping cart functions), you might want to reconsider this.

The session ID number is only added to the URLs for pages on your own web site. If the URL of the next page includes a server name, PHP assumes that the URL is on another web site and doesn't add the session ID number.

All that being said, here's an example of a Session ID:

Page one has this code:

<?php
session_start();

$_SESSION['session_var'] = "Session_Variable";

echo "
<form method='post' action='page2.php'>
<input type='hidden' name='form_var' value='Form_Variable'>
<input type='submit' value='Go to next page'>
</form>
";
?>

Page 2 has this code:
<?php
session_start();

echo "
Session variable is {$SESSION['session_var']}
<br/>
Form variable is {$POST['form_var']}
";
?>

The kicker is to try this example with both cookies turned on and cookies turned off. If it works both ways, great! If not, you have some work cut out for you.

Hope this helps.