I want to create two different form. In the first form the users can enter the data.
Depending on the data given in the first step, i want to prepare some prefilled data in the second form.
It is possible to do so ?
Sorry for my English.
Thanks
Yes, this is totally possible.
Once the first form has been sent you validate and check the data. If your condition is met you'll store the data within the session and then redirect the user to the second form.
Once the second form has been validated correctly you can use the data from the session and the current forms data to do whatever you want to do.
Related
I have a form which is not based on a entity class. It is a filter form, so whenever a user selects/enters a value and then hits 'go', I want the user's values to pre populate the form when the page is refreshed.
I'm using Symfony.
Appreciate any advice.
To example, store values in session and pass data to form. On reset form - clear session.
I have a form that the user will submit multiple values to PHP via POST.
The PHP takes the input and if the data entered is valid, it will display a second form for the user to fill out.
After the user has filled out the second form, I need to process the data that was entered in the first form again as well as the data entered in the second form.
What is the best way to access the form data from the first PHP form?
Should I put each value into its own SESSION variable and access it when I need it again later?
I just wasn't sure if this is the best/cleanest way to accomplish this task.
Thanks!
I like the idea of sticking it in the $_SESSION, but depending on your validation needs, it might be better for you to simply use client-side (javascript) validation and some conditional logic to reveal additional form fields. Then you only have one efficient post to the server with all necessary information.
I think it should go without saying, but nevertheless, once it does post to the server you want to re-validate and sanitize the data.
I'm trying to write an app that basically is a frontend for editing database records. I have heard that a way to ensure the right row in the DB is being updated is to include a hidden form field on the update form with the row unique ID in it, and use this to add a conditional to the backend update statement.
However, this seems insecure. Anybody could edit the HTML on the page pre-submit and change the record being updated, no? What is the proper way to pass the unique ID of the row the user is editing along with their edits? I would imagine this may be done with cookies/session tracking, but couldn't this be edited client side prior to submitting as well?
Thanks!
If a client is allowed to modify the record in question anyway, it doesn't matter whether he does so by modifying the id in a hidden field or by going to the correct page and submitting the form from there.
When any client submits any form, the server needs to a) make sure the client has the right to modify the record he attempts to modify and b) validate that the submitted data is allowable for the record. Then all your business rules are being protected and taken care of, whether the user uses the proper forms or not.
You can also save a hash of all hidden fields in the session server-side and check that on submission to catch hidden field-manipulation attempts, if that's still in your interest.
You may create a field with default value TIMESTAMP.
Also you may pass this data from one page to another using php sessions
More details here
Hope this helps.. :)
When you load the form page, store the id in the session however you want to.
When they submit, on the post page, grab the id from the session.
The insecure part is, how are you letting people decide which id they want to edit? Where is the input for that?
I wanted to know what is the best way to stop multiple form submissions using PHP, can you please give an example.
On the client side you can simply disable the form button after its clicked. However, this provides a very basic level of security.
Your next step would be to prevent it via PHP. In which case, it is best to have a hidden field within your form which consists of a unique and identifiable token. In order to perform your check, you will have to keep a list of tokens that have been used in the past and check if it has been submitted before.
<?php
//do stuff with the form input
//do not display anything
header('Location: ready.php');
?>
eaysiest and fastest way is to redirect the user to another page so if he relodes after redirection no input will be sent a second time.
You can use $_SESSION to store the users state, i.e. if he already sent the form or not.
I am a bit of a PHP newb
I have developed a multi-page form which works fine at the moment - each stage is on another page (I use the session to retain the data).
However I know that users don't always use these forms the way you want!
I want to control the flow of the form.
I would like the user to be able to use the browser back & forward button for ease of use.
They should not be able to skip a part of the form by entering a form stage URL directly into the address bar to get the a later stage in the form (essentially skipping a part of the form).
The form also does not flow the same path every time, it is dependant on the users choices what stage is displayed next.
I was wondering if anyone had any ideas of ways to control the flow of this multi-page form thank you!
store form results in SESSIONS (encrypt them if sensitive)
then just check on each form if the value is set and show it as necessary.
use another session to check the "progress" of the form, to prevent the user from skipping ahead.
for example...
<?php
/* on form 3 */
if(isset($_SESSION['progress'] && $_SESSION['progress']==2)
{
//the second form has been filled out and validates
}
else
{
// the 2nd form hasn't been finished, redirect
}
?>
you could also use like a percentage based system in the session - a value of 90 means that 90% of the form fields have been completed - for displaying "progress" in a visual means to the user.
basically on every form submission, check whats been submitted, if its expected, then set appropiate sessions to redirect to the next stage.
check every set session on every form to determine if the user should be here yet.
Push the data for the non-current fields into a hidden field in the browser (to save time and effort - just serialize an array/object).
I would like the user to be able to use the browser back & forward button
If users are allowed to re-enter previous stages, just let them and rewrite current stage in the session.
If not, make form fields read-only and do not process submitted forms for the previous stages.
That's the only problem I can see here.
You can either use session data to retain the state between multiple pages, or you can transfer all data on each page. Typically you would do the latter with hidden fields or you will create one humonguous form, and use javascript to make it appear as if it was multiple pages, when - in fact - it's not.
There are pros and cons to each solution.