Session variables to store form processing information

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
Cogs
Forum Newbie
Posts: 17
Joined: Thu Mar 27, 2003 4:57 pm

Session variables to store form processing information

Post by Cogs »

Hi,

I've been playing with an idea for a while now and would like to know of any problems you can see with the following design:
  1. A form is generated from a template-like file
  2. In the template, processing information for each field, such as database column which to store the input and the filter/validate functions, are set
  3. When the template is parsed, the process information for each field is stored in session variables
  4. When the form is submitted it will be handled according to the stored information
Now, what issues might arise from this design? Could the session time out too quickly if the user is editing a particularly long form? What are the security concerns?

Any Constructive feedback would be appreciated :D
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

I think my approach would be to skip session and just have a separate form processing script.

Anything you do store in sessions ought to be safe - but read up about session hijacking.
Post Reply