Page 1 of 1

sending/holding data

Posted: Thu Mar 16, 2006 7:41 pm
by calintuns
I have a problem ... :D
Basicaly, I am getting data from a form and I'm showing the user the data he/she has inputed. Now, the next step is to save that data into a MySql database. So, I have my FORM file -> my SHOW file(in PHP) -> WRITE to database file(also in PHP).

OK !!! My question : How do I get the data from the FORM file to the WRITE file?

Any answer will be greatly appreciated. Tks a lot...
cali

Posted: Thu Mar 16, 2006 7:53 pm
by LiveFree
Two options:

a) Store the Data in $_SESSION[' '] arrays from page to page with session_start() at the top of each page before any output

b) Set the form's action as the write page and access the input with $_POST[' ']

Posted: Thu Mar 16, 2006 8:05 pm
by a94060
second one seems more logical so because the same data is not going to multiple pages besides the action and form right?

Posted: Fri Mar 17, 2006 12:00 pm
by calintuns
thanks for your answers but let me put it in another way:

I have 1 HTML and 2 PHP files.

The form is in my HTML file and is processed by the first PHP files. The result of this file is an overview of the inputed data. In this file (the first PHP file) I have another form that consits of two buttons, an edit button if the user does not agree with what he/she inputed earlier and an OK button that should take the action to the third PHP file that writes the data to my database.

I've tried with both $_SESSION and $_POST arrays, but something is not right. Can't I read these arrays anywhere in my site once they are declared?


cali

Posted: Fri Mar 17, 2006 4:05 pm
by feyd
sessions and cookies are the only real ways of transmitting the same data across multiple pages. If you didn't call session_start() on all the pages where sessions would be used (and any inbetween) they may get lost. Even then, the data may be cleared by the server if it has an over zealous cleaning routine.

Proper Data Handling Across Multiple Pages

Posted: Fri Mar 17, 2006 5:54 pm
by tomprogers
Tucker wrote:Two options:

a) Store the Data in $_SESSION[' '] arrays from page to page with session_start() at the top of each page before any output

b) Set the form's action as the write page and access the input with $_POST[' ']
This is incorrect.

Option A opens a huge can of worms that you do not want to deal with.
  • What happens if a piece of form data has the same name as a piece of data that legitimately belongs in the session, such as Username? Suppose you are writing an admin application, and the admin is editing a user's privileges. When the changes are displayed back at the admin (before making them permanent, as in your situation), the Username from the form will overwrite the Username from the session. Likely, this will actually prevent the admin from committing the changes (because the system will think he/she is a regular user). Super-bad.
  • Also, assuming you take great care to prevent that from happening, that means that every time a user steps through your pages, their session will assume the work of managing all that data. This data will accumulate in the session, with each form that each user visits adding more useless junk that the server must track in memory. If you have many users, this will bog down your server with information it should have forgotten about several pages ago.
Option B obviously doesn't satisfy your need to have an intermediate "verification" page.

The correct procedure is to pass all the data from the verification page to the save page via hidden fields on the verification page. This process is most easily done by combining all three chunks of code in a single file, like so.

edituser.php

Code: Select all

// determine which part of the process to execute based on the buttons that have been pushed (if any)
if(isset($_POST['save']))
{
   // save to the database
   pg_query($db, $SQL);
   print('<p>Great news, ' . $_POST['username'] . ' &ndash; your account has been created.</p>');
}
else
if(isset($_POST['preview']))
{
   print('<p>Your username will be <strong>' . $_POST['username'] . '</strong>. Is this correct?</p>');
   
   print <<<END
<form action="{$PHP_SELF}" method="post">
<input type="hidden" name="username" value="
END;
   print(htmlspecialchars($_POST['username']));
   print <<<END
" />
<input type="submit" name="back" value="< Edit" />
<input type="submit" name="save" value="Save" />
</form>
END;
}
else
{
   print <<<END
<form action="{$PHP_SELF}" method="post">
<input type="text" name="username" value="{$_POST['username']}" />
<input type="submit" name="preview" value="Next >" />
</form>
END;
}
If you need this process to span multiple files, you can have them all post to the same "hub" file, and use the same if/elseif/else structure to include the appropriate file for each page view, but a single file is easier to manage, especially since you have high coupling between the three.[/list]

Posted: Fri Mar 17, 2006 7:04 pm
by calintuns
being new to PHP this is a little too mmuch, but i will try to understand it and i'll surelly put it to good use :)

Thanks my friends ;)

Re: Proper Data Handling Across Multiple Pages

Posted: Fri Mar 17, 2006 7:14 pm
by RobertGonzalez
tomprogers wrote:
Tucker wrote:a) Store the Data in $_SESSION[' '] arrays from page to page with session_start() at the top of each page before any output
This is incorrect.

Option A opens a huge can of worms that you do not want to deal with.
  • What happens if a piece of form data has the same name as a piece of data that legitimately belongs in the session, such as Username? Suppose you are writing an admin application, and the admin is editing a user's privileges. When the changes are displayed back at the admin (before making them permanent, as in your situation), the Username from the form will overwrite the Username from the session. Likely, this will actually prevent the admin from committing the changes (because the system will think he/she is a regular user). Super-bad.
How will a POST var overwrite a SESSION var without being told to do so? The session var doesn't exist until you tell it to be born. Then it stays the same (provided you use session_start() on each page) until you change it or unset it. The only time the two would conflict is if register globals is on, and if there is anything that this forum will teach you it is, TURN REGISTER GLOBALS OFF. That being said, $_SESSION['Username'] will not be the same as $_POST['Username'] until you set $_SESSION['Username'] equal to $_POST['Username'].

Correct me if I am wrong.

Re: Proper Data Handling Across Multiple Pages

Posted: Fri Mar 17, 2006 7:23 pm
by tomprogers
Everah wrote:That being said, $_SESSION['Username'] will not be the same as $_POST['Username'] until you set $_SESSION['Username'] equal to $_POST['Username'].

Correct me if I am wrong.
You are not wrong. My interpretation of Tucker's option A was that cal should, on each page load, run a loop that copies $_POST vars to the $_SESSION, to make it easier to pass data from page to page. Which is, as you mention, a bad idea.

Sorry for any ambiguity.