Question regarding sessions and formdata

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
effkay
Forum Newbie
Posts: 2
Joined: Sun Nov 11, 2007 9:12 pm

Question regarding sessions and formdata

Post by effkay »

Hi.

I'm running a questionnaire on the web which consists of a basic html form, a php-script for sending the information, and a mysql database to store the information. To ensure that not everyone can get access to the questionnaire, I added a simple login-script which registers a new session. All subsequent pages after the login-page have

Code: Select all

session_start(); if (!session_is_registered(username) ) { header("location:index.php"); }
. So thats working fine for now. However, I've been working on implementing serverside validation of the formdata and here's where the problem arise. Lets say someone tried to hack my database (using sql-injection) and typed an sql-command into a text-field, e.g. "?name=john'%20--" and submitted. This input would not validate with my current validation-script, since special characters like % and ' are banned. Ok... So the user now gets a html-page saying "Hey.. you used illegal characters. Go back and try again". When the user goes back, the questionnaire is blank, even though the user got it right on all other questions. Now I thought, since the user registers a new session when he logs in, that the form-data would be stored in that session, and that going back from the validation-error-page would display the questionnaire as the user tried to submit it. Has anyone got an idea as to what I should do?

I tested my current script in several browsers. Safari seems to be the only browser that stores the questionnaire, and displays it as it was prior to the error-page when going back.

Suggestions are appreciated!
-FK-
Post Reply