Page 1 of 1

problem using unserialize and array_merge_recursive

Posted: Wed Feb 02, 2005 11:20 am
by mcog_esteban
hi all.
i'm trying to do a multi page form, and i'm having problems keeping the the $_POST content over the forms(i don't want to use sessions on this)

i have this:

Code: Select all

<?php

if(!$action) $action = "page1";
else $action = $_POST&#1111;'action'];

function unhtmlspecialchars( $string )
   &#123;
       $string = str_replace ( '&', '&', $string );
       $string = str_replace ( ''', '''', $string );
       $string = str_replace ( '"', '"', $string );
       $string = str_replace ( '<', '<', $string );
       $string = str_replace ( '>', '>', $string );
       
       return $string;
   &#125;


if($action == "page1")
&#123;
	//Form page 1
	?>
	<table cellspacing="2" cellpadding="2" align="center">
	<th colspan="3" align="center">Form Page 1</th>
	<form action="<?=$_PHP_SERVER&#1111;'PHP_SELF'];?>" method="post">
	<tr><td>Elem 1</td><td>*</td><td><input type="text" name="elem1" size="50"></td></tr>
	<tr><td>Elem 1</td><td>*</td><td><input type="text" name="elem2" size="50"></td></tr>
	<tr><td>Elem 1</td><td>&nbsp;</td><td><input type="text" name="elem3" size="50"></td></tr>
	<tr><td>Elem 1</td><td>&nbsp;</td><td><input type="text" name="elem4" size="50"></td></tr>
	<tr><td colspan="3"><input type="submit" name="submit" value="enviar informação"></td></tr>
	<input type="hidden" name="action" value="page2">
	</form>
	</table>
	<?
&#125;

if($action == "page2")
&#123;
	if(empty($_POST&#1111;'passed'])) $arr = array();	

	$_POST=array_merge_recursive($arr,$_POST);
	$_passed=htmlspecialchars(serialize($_POST));

	//Form page 2
	?>
	<table cellspacing="2" cellpadding="2" align="center">
	<th colspan="3" align="center">Form Page 2</th>
	<form action="<?=$_PHP_SERVER&#1111;'PHP_SELF'];?>" method="post">
	<tr><td>Elem 5</td><td>*</td><td><input type="text" name="elem5" size="50"></td></tr>
	<tr><td>Elem 6</td><td>*</td><td><input type="text" name="elem6" size="50"></td></tr>
	<tr><td>Elem 7</td><td>&nbsp;</td><td><input type="text" name="elem7" size="50"></td></tr>
	<tr><td>Elem 8</td><td>&nbsp;</td><td><input type="text" name="elem8" size="50"></td></tr>
	<tr><td colspan="3"><input type="submit" name="submit" value="enviar informação"></td></tr>
	<input type="hidden" name="action" value="page3">
	<input type="hidden" name="_passed" value="<?=$_passed;?>">
	</form>
	</table>
	<?
&#125; 

if($action == "page3")
&#123;	
	$_POST=array_merge_recursive(unserialize($_POST&#1111;'_passed']),$_POST);
	$_passed=htmlspecialchars(serialize($_POST));

	//Form page 3
	?>
	<table cellspacing="2" cellpadding="2" align="center">
	<th colspan="3" align="center">Form Page 3</th>
	<form action="<?=$_PHP_SERVER&#1111;'PHP_SELF'];?>" method="post">
	<tr><td>Elem 9</td><td>*</td><td><input type="text" name="elem9" size="50"></td></tr>
	<tr><td>Elem 10</td><td>*</td><td><input type="text" name="elem10" size="50"></td></tr>
	<tr><td>Elem 11</td><td>&nbsp;</td><td><input type="text" name="elem11" size="50"></td></tr>
	<tr><td>Elem 12</td><td>&nbsp;</td><td><input type="text" name="elem12" size="50"></td></tr>
	<tr><td colspan="3"><input type="submit" name="submit" value="enviar informação"></td></tr>
	<input type="hidden" name="action" value="page4">
	<input type="hidden" name="_passed" value="<?=$_passed;?>">
	</form>
	</table>
	<?

&#125;

if($action == "page4")
&#123;
	$_POST=array_merge_recursive(unserialize($_POST&#1111;'_passed']),$_POST);
	$_passed=htmlspecialchars(serialize($_POST));

	//Form page 4
	?>
	<table cellspacing="2" cellpadding="2" align="center">
	<th colspan="3" align="center">Form Page 4</th>
	<form action="<?=$_PHP_SERVER&#1111;'PHP_SELF'];?>" method="post">
	<tr><td>Elem 13</td><td>*</td><td><input type="text" name="elem13" size="50"></td></tr>
	<tr><td>Elem 14</td><td>*</td><td><input type="text" name="elem14" size="50"></td></tr>
	<tr><td>Elem 15</td><td>&nbsp;</td><td><input type="text" name="elem15" size="50"></td></tr>
	<tr><td>Elem 16</td><td>&nbsp;</td><td><input type="text" name="elem16" size="50"></td></tr>
	<tr><td colspan="3"><input type="submit" name="submit" value="enviar informação"></td></tr>
	<input type="hidden" name="action" value="final">
	<input type="hidden" name="_passed" value="<?=$_passed;?>">
	</form>
	</table>
	<?

&#125;

if($action == "final")
&#123;
	$_POST=array_merge_recursive(unserialize($_POST&#1111;'_passed']),$_POST);
	foreach($_POST as $key => $value)
		echo $key.' -----> '.$value.'<br>';
&#125;
?>
but i keep getting errors on unserialize function, and later it says that the first argument of array_merge_recursive is not an array.

can someone take a look?
thanks.

Posted: Wed Feb 02, 2005 1:56 pm
by rehfeld
first thoughts


if magic_quotes_gpc() is on, you need to run stripslashes on your _POST data before passing it to unserialize.

you will also have a problem with quotes in your html. serialized data has quotes in it, and if you passing that data via a form field delimited by quotes, the browser might incorrectly interpret where the end of the data is.

i would use urlencode() on the serialized data before passing it into the form field as that will get rid of the quotes problem. you wont need to use urldecode when receiving it, as php will do that for you.


why dont you want to use sessions?
if your worried about users not having cookies turned on, you can just pass the sessionid in a hidden form fieild, or just have php pass the sid through the url for you, automatically....





also, are you relying on register globals? this makes me think you are...

Code: Select all

if(!$action) $action = "page1";
else $action = $_POST&#1111;'action'];
i would think you want

Code: Select all

if (!empty($_POST&#1111;'action'])) $action = $_POST&#1111;'action']
else $action = "page1";