I'm currently working on a web app that uses CodeIgniter, in specific, I'm building the signup forms.
This form consists out of 3 different steps, I'm just wondering what the best way would be in order to save information between 2 steps?
I only want to save all the information into the database once the final stap has been completed.
Should I just use native PHP session to do this? Or should I use CI flashdata?
I've used hidden fields and sessions. I tend to save all the form values to a text file at the end of each stage. Then if something happens at any given stage I can choose what to do with the data saved in the text file.
For instance, if you wished you could capture an email address on the first page. If the form doesn't get completed (as in all stages were successfully completed), then you could send an email to the prospective user with a link to the signup form at the appropriate stage. The prospective user would not have to re-fill any of the fields they've filled in and you get a chance to recapture them as a user.
I tend to use the text file as a default way to save all the data from any stage of a multi-stage form. At the end of the form I can process the data into the DB and delete the text file. To catch partially complete signups I can write a script that is executed via a cronjob that runs every minute. I always save a timestamp in the data file representing the last time the file was updated. If the timestamp is more than X minutes old you run your didn't finish signup script on it or just delete it.
Saving data at each stage is simple. After the first stage you create the $dataFile with $dataFile = file_put_contents(json_encode($data)); where $data = array('timestamp'=>...) + $_POST;. Each stage after the first I use $data = json_decode(file_get_contents($dataFile), TRUE) + $_POST;, and $data['timestamp'] = ...;. Then use file_put_contents to save it back to the file. Obviously, you will need to track the $dataFile variable but this is easily done via hidden fields or session data.
The file will only be out there for X minutes before being processed and deleted but if you wish to have security on the text file during that short time frame then I'd suggest looking up a cipher or creating your own variation on the simple Ceasar's cipher. Use the cipher on the field names as well as the values.
Back in Dec I was working through the issue of multi-stage forms in the latest CodeIgniter for myself. I can't say this is a generally accepted best practice but the text file has worked well for me in the past. I posted some sample code for a multi-stage form here: Multi-Stage Form Example.
You can post the values to the next form where you can use hidden fields to store these values so that when you post the last form you have all the values and you can process them at one time.
I faced this case in my latest project and I used the session of Codeigniter to save the data submitted after validation in userdata session as array in the last step I send data to the DB
Related
I am using the core PHP & Mysql to building a project and I have a registration form that is divided into multiforms (say 4 to 5 forms) and each form is getting user details from new users, and i want to save the users data to database tables at the final submission of form, so my question is where to save the data got from mutiforms?
situation: 1. if i use the session variable to store the forms data, then it will take too much server resources to store data to session or worse if i got many users at the same time of registration. so sessions can slow down the server.
Please suggest a solution for that.
Store all data in a database and just match data with user's session id.
you can get all fields in javascript and send to server with ajax. Other solution is request individual form and use SQL transactions.
I have to add the ability to upload files out of sync with the actual form post. So, the process will be:
User starts filling out the form
They select a file part way through the form and it will immediately start uploading
They continue filling out the form
Submit the form
Here's what I'm thinking: when the file upload completes, the server will return a unique string (maybe 20-30 chars long, maybe encrypted/decryptable data) which the form will store in a hidden field. The string will also be stored in the users session. When the form is submitted, the string must be in both the post and the session for the file to be attached to the record. Additionally, it will make sure it hasn't exceeded X time (probably 1 hour).
I'm wondering if there's anything else you can think that I need to do or are there any problems with this approach or a better one?
My one concern was that a "hacker" could try to inject the string into the session, but if I never set the key/value in the session from the post this shouldn't be a problem.
I'm trying to create a form with 3 steps:
fill the form
check if data is correct (show input)
thank you
With an advice of some people here (regarding my previous question) I've changed my way of doing it from mainly PHP + js-validation to mainly js + PHP process data.
I need an advice with how to deal with this now.
Previously I've had a PHP if/else that determined which step to show and kept data in $_SESSION for 2nd step and possible corrections back in 1st step.
Now I'm wondering if I really need two ajax calls (first to process data in order to show it - 2nd form step uses $_SESSION to display data input in 1st step; second to generate e-mail and pdf with given data - same $_SESSION as step2).
Maybe a good solution would be to put data with javascript into 2nd step aswell and use $_SESSION only in the final processing and generating.
What's the common/your approach to this problem?
Here's the normal flow:
User loads page with form on it. Fills it out. Submits it.
You can validate every field as they fill it out (instant feedback which is nice from a user's perspective) or validate using the onSubmit event (in jquery $('#formID').submit). You don't allow them to submit if it doesn't pass, return false from the submit function.
In case they don't have JS enabled (you can try to prevent them from using it w/o JS but in reality they can just use curl -d "value1=foo&value2=foo2&value3=foo3" http://example.org/page/ to get around you) you have to validate the data on the server, too. JS isn't enough.
If it doesn't pass server validation, you can redirect them back to the form using the Location: http://example.org header or echo the form again in the server-side code. If it does pass, you can use it (insert it into db, echo it, email it, whatever).
You save the data in your database and add it to $_SESSION. You echo the data they just entered along with a button "Download PDF" or some such.
They click "Download PDF".
You have all the information you need to create and PDF. You don't have anything to validate but you need to use the $_SESSION information to create the PDF. You should test the $_SESSION to make sure they have valid input from the previous pages or else someone can mimic a post to the page and generate a PDF (perhaps blank though). I generally avoid using data from a $_SESSION as anything but state information -- I'll write to a db on post data (after scrubbing) but if it's in $_SESSION it usually is just stuff that tells me who they are and stores other information about configuration, etc. In your case, I'd have written to a DB in step one and now would use some ID from $_SESSION to pull that record and create the PDF to send it.
I think all of your validation can be easily done in step one and then you separate step 2 into delivery based on the validity of step one.
I had an upload form on my website, where users entered details about their upload file, selected the file and uploaded to the webserver.
The POST action of the form was to submit the file to a php page called upload_control.php, where the post details were validated, and if correct the file was stored on disk an entry was placed in the database. The file was renamed to ID_name before storing, where the ID was taken from the database, as the largest ID so far (just a counter).
Now things have changed and it makes more sense to upload the file to storage elsewhere. This is done straight by the user, the action of the form points to the other server which stores the file if the form was submitted correctly. [ I have no control over the processing done by the other server, it's a storage solution like amazon s3 ]
The problem is: How do I get the last used ID from my database, so that I rename the file to ID_filename with javascript before uploading? (I can store the filename on a hidden form field and the remote server will understand to rename it when it receives it).
Better yet: Is there a way to validate all the form details - using php. not javascript, before submiting the form to the storage solution?
My thoughts are towards sending the form details to a php script on my server with ajax, upon hitting the submit button but before posting, so that the php script can get the latest id from the database, validate the request, send back the new details or the new id, and then really submit the form. -- But how can this by done?
on button click call php function through ajax, and pass all the data collected from page to service as json, php is very strong at parsing json. and you can return result from that method to indicate whether to data is authenticated or not. A nice tutorial to hook you up is this.
http://www.queness.com/post/328/a-simple-ajax-driven-website-with-jqueryphp
I am a bit of a PHP newb
I have developed a multi-page form which works fine at the moment - each stage is on another page (I use the session to retain the data).
However I know that users don't always use these forms the way you want!
I want to control the flow of the form.
I would like the user to be able to use the browser back & forward button for ease of use.
They should not be able to skip a part of the form by entering a form stage URL directly into the address bar to get the a later stage in the form (essentially skipping a part of the form).
The form also does not flow the same path every time, it is dependant on the users choices what stage is displayed next.
I was wondering if anyone had any ideas of ways to control the flow of this multi-page form thank you!
store form results in SESSIONS (encrypt them if sensitive)
then just check on each form if the value is set and show it as necessary.
use another session to check the "progress" of the form, to prevent the user from skipping ahead.
for example...
<?php
/* on form 3 */
if(isset($_SESSION['progress'] && $_SESSION['progress']==2)
{
//the second form has been filled out and validates
}
else
{
// the 2nd form hasn't been finished, redirect
}
?>
you could also use like a percentage based system in the session - a value of 90 means that 90% of the form fields have been completed - for displaying "progress" in a visual means to the user.
basically on every form submission, check whats been submitted, if its expected, then set appropiate sessions to redirect to the next stage.
check every set session on every form to determine if the user should be here yet.
Push the data for the non-current fields into a hidden field in the browser (to save time and effort - just serialize an array/object).
I would like the user to be able to use the browser back & forward button
If users are allowed to re-enter previous stages, just let them and rewrite current stage in the session.
If not, make form fields read-only and do not process submitted forms for the previous stages.
That's the only problem I can see here.
You can either use session data to retain the state between multiple pages, or you can transfer all data on each page. Typically you would do the latter with hidden fields or you will create one humonguous form, and use javascript to make it appear as if it was multiple pages, when - in fact - it's not.
There are pros and cons to each solution.