PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I was wondering whether anyone can help a php newbie.
I have a number of forms that the user has to fill out for a project i've done. The user has to fill out personal details, address details and various other bits so i've split the forms over a number of pages.
Each time the user submits a form that info is inserted into a particular table in my db. The user is then sent to the next form with the url appended with variables that i need to collate infomation on that user over the pages. However I know that security wise this is not particularly good as people could just mess around with the url string.
Can anyone tell me a better way of collecting variables that i need over a number of pages, rather than appending the url everytime. I have started looking into session vars. Would this be a better way?
ruud wrote:Can anyone tell me a better way of collecting variables that i need over a number of pages, rather than appending the url everytime. I have started looking into session vars. Would this be a better way?
<form>
<input type=hidden name="hiddenValue1" value="YouCanStill see it by viewing the source">
But that's not 100% protection, since they can save the HTML to their drive, change it, and resubmit it. For total protection from that, you need to save state on the server (perhaps through sessions) and pass something back and forth to connect a given user to a given state. Sessions use cookies, I think. Or you could pass an id value in a hidden field that would be less attractive to tamper with.
set a cookie that will expire in like 5 mins (enough to confirm the info before it sends to the DB) and combine the cookie info with the isset() function.
if (isset($_COOKIE["cookiename"])) {
echo "<input type=text value=$variable_from_cookie> // and so forth
}
maybe this is what TheBentinel was suggesting, but if not, it is another possible way. another good deal out of this way is you can prolong the time() in the actual setcookie and have the users username stored, so on your main page you might have like: