Scope of the "Post" method

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
twilightman
Forum Newbie
Posts: 2
Joined: Sat Jun 12, 2010 11:55 pm

Scope of the "Post" method

Post by twilightman »

Ok imagine this
I have 3 files
File 1 is a html form which uses the post method
File 2 is a php script which processes file 1's form results
File 3 is called by file 2 using header("Location: File3.php");

Ok imagine if the user typed "chocolate" into one of the field's in the form
in file 2 the value "chocolate" and can be accessed by referencing $_POST["food"]
File 2 calls file 3 and file 3 references $_POST["food"] but in file 3 $_POST["food"] is NULL

So I ask the question :?:
How can I pass the value of "chocolate" to file 3 using $_POST["food"] in a secure way?
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Scope of the "Post" method

Post by cpetercarter »

Several possibilities:

- set a session variable "food" with the value "chocolate" in File2.php and read it in File3,php
- redirect to File3.php?food=chocolate and retrieve the value of $_GET['food'] in File3.php
- by far the best solution is not to use location headers in your programming at all. They are slow (as they involve an extra round trip between your server and the browser) and clumsy. It is much better to use constructions like:

Code: Select all

if ($some_condition) {
       require "File3.php";
}
Incidentally, you should use the full uri (http://www.mysite.com/File3.php) in a location header, not a relative path like File3.php which may be misinterpreted by the browser.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Scope of the "Post" method

Post by requinix »

I'd have to disagree that including is the best option. There are definite uses for redirection - especially after form submissions.

Should you want that, use sessions instead of POST. Dump everything into someplace in $_SESSION and then you can access it anyplace, anytime (after the form has been submitted, of course).
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Scope of the "Post" method

Post by cpetercarter »

It is sometimes argued that a redirect following submission of $_POST data prevents the user from using the "back" button to resubmit the data (intentionally or otherwise). However, there are better ways of achieving this, such as including a one-time token as a hidden field in the form. The "location" header is intended for situations where a website or a page has moved, not for routine programming tasks. See this.
twilightman
Forum Newbie
Posts: 2
Joined: Sat Jun 12, 2010 11:55 pm

Re: Scope of the "Post" method

Post by twilightman »

I am going for option 1 "Use session variables"
When I took all things into account this is the BEST way
any other way just makes my code more complicated than it needs to be
Thanks all
:D
Oh I forgot to mention it works fine
Post Reply