<?
session_start();
$_SESSION['name'] = "$_GET["name"]";
$_SESSION['email'] = "$_GET["email"]";
$session_id=session_id();
echo"$session_id <br> $_SESSION['name'] <br> $_SESSION['email']";
?>
I am trying to create a session to store visitor input form with GET method, I cant use POST because the form is handled by wordpress plugins and the client only gave me the GET option. The problem is:
On page #1, this is the page after we submit the form, the echo is shown complete.
At page #2, I already add session_start(); at top but $_SESSION['name'] and $_SESSION['email'] keep empty (change page) but $session_id is stored and show same.
What am I missing? or maybe $_SESSION is cant store $_GET?
So on the first page you save the values from the user input and it works as expected.
However, when you go to the second page, your code is overriding the session with new variables, which are empty in this case. Before assigning anything to the session, you should check whether it is not empty / valid.
For this simple code I would recommend checking via isset / array_key_exists functions.
Related
I currently have some php code on a form action, and it is being updated to the form's next page with
<?php echo $_POST['var here']; ?>
and it is working, but I noticed when Im trying to refresh the page it asks to confirm resubmission. When I resubmit it works in that tab in which it was sumbitted, but in another new tab it does not show the displayed php post variables. I even took it the next step by seeing that when I open the 2nd page after the form action has been submitted the php post variables are gone...
Help!
Thanks!
When you submit a form with <form method="post" /> it does a post request to the server, thus populating $_POST. When you open the link in a new tab it is no longer a post request but a get request. That is why you'll see nothing in $_POST.
$_POST — usually from forms
$_GET - from values on the URL (the query string myscript.php?myvar=Joe)
You can find plenty of resource about it. You can start here
If you want to keep the values you can save them to the session:
<?php
session_start(); // should be at the top of your php
if (isset($_POST['var'])) {
$_SESSION['var'] = $_POST['var'];
}
$myvar = isset($_SESSION['var']) ? $_SESSION['var'] : "no var";
echo $myvar;
Now the value is stored in the session so you can visit the page in a new tab and it will still be there.
This sounds like desired behavior. The $_POST variable should only be filled when the post action is created. If you're looking to store variables across pages you could store it in either the $_SESSION var in PHP or deal with the front end $_COOKIE business. If you're always going to be rendering pages from the backend then $_SESSION is the way to go. It's never too late to read up on cookies and sessions.
The skinny of it is that you're going to want to do something like this:
<?php
session_start();
if ($_POST['var']) {
$_SESSION['var'] = $_POST['var'];
}
echo $_SESSION['var'] ?: $defaultValue;
Then you'll notice that the message changes only when you post and won't exist before then.
I have three forms - payment.php , payment1.php and paydb.php . payment.php contains the front end form.payment1.php contains the back end of the form of payment.php. whereas we are shifting to paydb.php from payment1.php. Now I'm filling the form by entering member number in payment.php which is retrieved in a variable $member_no in payment1.php .Now I want to get the value of member_no in paydb.php . How to do that ?
After receiving $member_no in payment1.php redirect to paybd.php with a get array
using
header('Location: http://www.example.com/paydb.php?member_no=$member_no');
then receive $_GET['member_no'] number and assign to a variable
example:
$member_no = $_GET['member_no']
The first thing is make sure you are not passing sensitive information where the public can see it. Such as in a URL.
As soon as you get the member's number... store it in a session variable.
You can probably do this when they log in.
session_start();
$_SESSION['member_no'] = $member_no;
OR on the first payment page (assuming 'member_no' is the name of the form element being passed) like this...
$_SESSION['member_no'] = $_POST['member_no'];
Now that session will persist as long as the visitor has their browser open and you don't have to worry about passing it from page to page.
You can use that session on any subsequent page simply by calling it.
<?php echo $_SESSION['member_no'] ?>
Without showing this information to the public.
ALWAYS make sure you place this at the top of any page where you want to use session variables.
if (!isset($_SESSION)) {
session_start();
}
For a website, I need to route users to their own page. I have a login form, which sends data to a PHP file to check if the user's information is correct, and if so, forwarding the user to their page. The only problem is that I need to validate the user on arrival, to check if they logged in or just typed out the URL. I plan to use this with a POST, but how can I auto-send the constant (i.e. "logged-in")? Is there a way to do that through an HTML form (outputted from an echo) and sending it when the page loads? Thanks in advance!
EDIT 1: I understand that I must use Sessions, but whenever the page redirects it clears the session. The whole reason I was asking this was because I needed a way to keep the session active. How do I redirect in a way that doesn't clear the session?
In the PHP file that validates their credentials, start a "session". You can then apply session variables that can be called at any time while the session is valid. You can do this with POST, which is sounds like you're using, or by querying a database upon validation.
For example, upon validation:
session_start();
$_SESSION['username'] = $_POST['username'];
$security_check = mysql_query("SELECT * FROM userList WHERE username = '$username'");
$row = mysql_fetch_assoc($security_check);
$_SESSION['userId'] = $row['userId'];
$_SESSION['userFullName'] = $row['userFullName'];
On subsequent pages, you can put the following code at the top to check if the user logged in. If not, it will kick them back to the index page; otherwise the $_SESSION variables will be maintained.
<?php
session_start();
if (!isset($_SESSION['userId'])) {
echo "<script> window.location.replace('index.php?login=no') </script>";
}
?>
As suggested in the comments, I would recommend doing some further research on sessions to get a full understanding of how they work.
I have a login form which sends 3 post values from username, password and submit button. But my form processor has 3 pages one is validation.php which validates the field second is read.php which checks the posted values against db and third is login.php which is a result of login success. All redirect to each other respectively on success. Problem here is that when I try to access the user posted values from form in read.php (redirected page) not validate.php (action page) I get an error of undefined index.
I really don't see why you are doing all those redirects, but if you want to make the data more persistent you could use a session variable, because the $_POST superglobal is only set for the current request.
firstfile.php
<?php
session_start();
$_SESSION['posted_data'] = $_POST;
other file
<?php
session_start();
var_dump($_SESSION['posted_data']);
However as already stated you may really want to reconsider doing all the requests.
UPDATE
Besides the fact that you will loose your data you are also doing multiple (unneeded) requests to simply sumbit the form. The only redirect that should happen is to the successpage when you have done all you work. See this for more information: http://en.wikipedia.org/wiki/Post/Redirect/Get
If you are look to keep you code clean you could always just include the other files or go for an OOP approach.
You should do one page only that will do all the work. That doesn't seem too complicated of a script, so I would advise putting everthing together on one page.
You did not provide any code so I'll show you a general example. I just typed it without rereading so it's not pure PHP syntax, just the spirit:
<?php
$login=$_POST['login'];
$pwd=$_POST['pwd'];
$dbcheck = mysql_fetch_array(mysql_query("SELECT COUNT(1) FROM table WHERE user =$login and pwd = $pwd"))
if($dbcheck[0] > 0) {
//Login success
//Setup your session variables, cookies, etc
//Then you can do your redirect here
} else {
//Page for wrong login
}
I have created a page with name edit.php. I have moved on this page from action.php using a edit button. I have successfully retrieved the values in the respective text boxes and other form items. I have problem that if by mistake this edit.php page is refreshed all values are gone. What is other way to maintain the values? Though thing are going well if page is not refreshed. If session variable is created than how values are retrieved of both that is of session variable and from database?
What I have did with problem.. I have requested "albumid" on action.php page..
session_start();
$aid = mysql_real_escape_string($_REQUEST['albumid']);
Now if action.php page is requested through edit.php page using edit button. than I have created a session variable. and destroyed it after successful update query.
if (isset($_POST["edit"])) {
$_SESSION["aid"]=$aid;
$result= mysql_query("SELECT * FROM table WHERE a_id =".$_SESSION["aid"]) or die(mysql_error());
$row=mysql_fetch_array($result); }
It means now session is created.. if page is refreshed than also session values remains and accordingly values are selected from this variable.
if($_POST['update']!="") {
Update query
session destroyed }
Than also my problem is not solved that is if page is refreshed before hitting update button I am loosing all values.
session variables are just data you put into the $_SESSION superglobal. Accessing them is no different than accessing any other array, except that the session array is saved for you automatically. All you need to remember is to do a session_start() before doing anything with the session.
$_SESSION['formfield1'] = $_POST['formfield1'];
$_SESSION['formfield2'] = $_POST['formfield2'];
etc...
<input type="text" name="formfield1" value="<?php echo htmlspecialchars($_SESSION['formfield1']) ?>" />
By default, PHP uses file-based sessions. To put it into a database, you'd have to write your own session handlers and point PHP to them using session_set_save_handler().
When you submit, save the values in appropriately named $_SESSION members. Then on your page, if you can't find the members in $_GET/$_POST, you can choose to look them up in $_SESSION. Or vice versa. Every time the user submits a form though, you should always update $_SESSION so that the values are the most current. (in case they backtrack, or resubmit, or whatnot).
session_start();
if (!empty($_POST)) {
$_SESSION['post'] = $_POST;
}
elseif (empty($_POST) && !empty($_SESSION['post'])) {
$_POST = $_SESSION['post'];
}
just don't forget to unset($_SESSION['post']); when you're done with it.
If I have understood your question correctly, I think you need some variables from database as well as from the session.
Simply put the key of your database tuple (or keys in case of multiple values) along with other stuff. Page, upon loading will check for the session variables and when it finds the key, it can use it to retrieve the data from the database.
In your previous page, the code will look like this :
$_SESSION["player_key"] = 56;
$_SESSION["tournament_key"] = 100;
And current page, start processing like this :
<?php
session_start();
$player = $_SESSION["player_key"];
$tournament = $_SESSION["tournament_key"];
/*
* your database connection steps
*/
$query = "select * from player where pid=".$player;
$res = mysql_query($query);
/*
Now assign values for your forms/components here or anywhere in the page. You don't have to read anything from the querystring.
*/
?>