Tucker wrote:Two options:
a) Store the Data in $_SESSION[' '] arrays from page to page with session_start() at the top of each page before any output
b) Set the form's action as the write page and access the input with $_POST[' ']
This is incorrect.
Option A opens a huge can of worms that you do not want to deal with.
- What happens if a piece of form data has the same name as a piece of data that legitimately belongs in the session, such as Username? Suppose you are writing an admin application, and the admin is editing a user's privileges. When the changes are displayed back at the admin (before making them permanent, as in your situation), the Username from the form will overwrite the Username from the session. Likely, this will actually prevent the admin from committing the changes (because the system will think he/she is a regular user). Super-bad.
- Also, assuming you take great care to prevent that from happening, that means that every time a user steps through your pages, their session will assume the work of managing all that data. This data will accumulate in the session, with each form that each user visits adding more useless junk that the server must track in memory. If you have many users, this will bog down your server with information it should have forgotten about several pages ago.
Option B obviously doesn't satisfy your need to have an intermediate "verification" page.
The correct procedure is to pass all the data from the verification page to the save page via hidden fields on the verification page. This process is most easily done by combining all three chunks of code in a single file, like so.
edituser.php
Code: Select all
// determine which part of the process to execute based on the buttons that have been pushed (if any)
if(isset($_POST['save']))
{
// save to the database
pg_query($db, $SQL);
print('<p>Great news, ' . $_POST['username'] . ' – your account has been created.</p>');
}
else
if(isset($_POST['preview']))
{
print('<p>Your username will be <strong>' . $_POST['username'] . '</strong>. Is this correct?</p>');
print <<<END
<form action="{$PHP_SELF}" method="post">
<input type="hidden" name="username" value="
END;
print(htmlspecialchars($_POST['username']));
print <<<END
" />
<input type="submit" name="back" value="< Edit" />
<input type="submit" name="save" value="Save" />
</form>
END;
}
else
{
print <<<END
<form action="{$PHP_SELF}" method="post">
<input type="text" name="username" value="{$_POST['username']}" />
<input type="submit" name="preview" value="Next >" />
</form>
END;
}
If you
need this process to span multiple files, you can have them all post to the same "hub" file, and use the same if/elseif/else structure to include the appropriate file for each page view, but a single file is easier to manage, especially since you have high coupling between the three.[/list]