I don't know how to actually call session variables using PHP. However, if it's anything like ASP then you should have a session variable for each option.

Chris

Why use sessions at all?

You could use this system...

Page1.php POSTs the information to page2.php

then page2.php creates <input hidden> for the information from page1 and displays the next section of the form.

then page3.php does the same..

etc..

until page5.php has all the information from the form.

But what happens then if they do not visit the pages in order?

Shouldn't really matter - you just take all the POST data given to the page and turn it into <input type="hidden"> tags.

But I usually recommend forcing users to do things in order. That way you can hold their hand through the process and keep it simple for them.

I have never used hidden tags before. Hows does this work?
eg say I have

Page 1:
<form action = "page5.php" method = "post">
<INPUT TYPE = "checkbox" NAME="1" value = "1">
<INPUT TYPE = "checkbox" NAME="2" value = "2">
<INPUT TYPE = "SUBMIT" value= "Submit">
</form>

Page 2:
<form action = "page5.php" method = "post">
<INPUT TYPE = "checkbox" NAME="3" value = "3">
<INPUT TYPE = "checkbox" NAME="4" value = "4">
<INPUT TYPE = "SUBMIT" value= "Submit">
</form>

Page 3:
<form action = "page5.php" method = "post">
<INPUT TYPE = "checkbox" NAME="5" value = "5">
<INPUT TYPE = "checkbox" NAME="6" value = "6">
<INPUT TYPE = "SUBMIT" value= "Submit">
</form>

Then on page5.php I check if they are set (isset etc). Where and how do I put hidden tags. Btw, I definitely can't have them going in order because it doesn't fit in with the site.

thanks

Hidden input works like this..

<input type="hidden" name="eyes" value="blue">

Include it in your form and you'll be able to access it from scripts just as if someone had typed the data into a text field or selected a check box.

I definitely can't have them going in order because it doesn't fit in with the site.

Okay, so how do you see your forms working?

At the moment when the users presses the submit button they will be taken to page 5. There won't be a chance for them to fill in any of the other pages.

they can only submit from page 1, ie, they go to page 2, tick stuff then click link to go back to page1. Then go to page 4 (eg) then click link to go back to page1 etc. The submit button is on page 1

Form values (states of checkboxes, etc) are only passed when you submit. If you just click a link, they're lost. You can get around this to an extent by using JavaScript to set cookies whenever checkboxes are clicked, but this is neither reliable. not intuitive for users. I would think on reorganizing pages to unify the forms, in the first place.

right, so what I should do is on page2, page3 etc, is submit the choices to page1. On page1 they will be hidden inputs. I can then submit these inputs to page5 as planned. But how do I do this? This goes back to not understanding how to use hidden inputs!

>> Why use sessions at all?

Graham - why not use sessions? Any particular reason?

I would think that sessions would be an easier way, or writing rows to a db/flatfile then gathering it all up on page5

Cool! So that goes back to my original question! How do I do that! Please someone help!

here is the link to read through

Session handling functions [php.net]

practical application.

on the very first page the session will need to be created, it can be just session_start [php.net] or you could use a named session by calling session_name [php.net] after starting it.

It is important to remember that

If you are using cookie-based sessions, you must call session_start() before anything is output to the browser.

You must call session_start on each individual page, keeping in mind the above quote.

You can then use session_register [php.net] to register variables with the current session.

You can also create a session variable by simply setting the appropriate member of the $_SESSION [php.net] or $HTTP_SESSION_VARS (PHP < 4.1.0) array.

example

session_start();
session_register("question1");
$question1 = "some answer";
$_SESSION['question1'] = $question1;

something like that, as it says in the manual you can skip session_registre too. Just use session_start and then keeping doing things like

$_SESSION['question1'] = $question1;
$_SESSION['question2'] = $question2;
$_SESSION['question3'] = $question3;

or whatever your varnames from your form are.

hey, Im really sorry but I am a total lamen!
If I have:

Page 1:
sessionstart();
<form action = "page5.php" method = "post">
<INPUT TYPE = "checkbox" NAME="1" value = "1">
<INPUT TYPE = "checkbox" NAME="2" value = "2">
<INPUT TYPE = "SUBMIT" value= "Submit">
</form>

Page 2:
sessionstart();
<form action = "page5.php" method = "post">
<INPUT TYPE = "checkbox" NAME="3" value = "3">
<INPUT TYPE = "checkbox" NAME="4" value = "4">
<INPUT TYPE = "SUBMIT" value= "Submit">
</form>

Where do I put the session registering stuff in this example? I now assume that each checkbox has a session var? And what do I put on page5.php to check if the session has been registered! I have tried looking at the manual before, but I think I am a stage behind it ;)

You won't have a var until the form is submitted so you'd need to use session_register() on the receiving page.

<form action = "page5.php" method = "post">
<INPUT TYPE = "checkbox" NAME="A" value = "1">
<INPUT TYPE = "checkbox" NAME="B" value = "2">
<INPUT TYPE = "SUBMIT" value= "Submit">
</form>

In page5.php I would use:

if(isset($A))
session_register('A');

Remember to check that it exists. The value of a check box only gets passed if it is checked - otherwise it doesn't exist.

For more info on session_register go here [php.net]

I think I have realised that I do need hidden values. I am having major problems with sessions. I keep losing them.... Could anyone help me with hidden values? :( Sorry-I am so stuck

Graham - why not use sessions? Any particular reason?

No major reason, but I like to keep things simple. Sessions need cookies or URL rewriting, both of which can be a pain. This solution doesn't need to use sessions so why bother?

k8tie:

Okay this it totally off the top of my head so forgive any mistakes, but I'd do something like..

<body> 
<?php 
 $thisPage = ( isset($_POST['showpage']) and ctype_digit($_POST['showpage'])? $_POST['showpage'] : '1' ); 
   
if ( $thisPage == '5' ) { 
  // This is the last page - show/process results here 
  foreach( $_POST as $name => $value ) { 
    print "$name - $value<br>"; 
} 
  
else { 
  // Other page - Create form and hidden inputs 
  print '<form method="post" action="'.$_SERVER['PHP_SELF'].'">'; 
  
  foreach ( $_POST as $name => $value ) { 
    print '<input type="hidden" name="'.$name.'" value="'.$value.'">'; 
  
  switch ( $thisPage ) { 
  
  case '4': 
    print '<input type="hidden" name="showpage" value="5">'; 
    // Put PAGE 4 inputs here 
    break; 
  
  case '3': 
    print '<input type="hidden" name="showpage" value="4">'; 
    // Put PAGE 3 inputs here 
    break; 
  
  case '2': 
    print '<input type="hidden" name="showpage" value="3">'; 
    // Put PAGE 2 inputs here 
    break; 
  
  case '1': 
  default: 
    print '<input type="hidden" name="showpage" value="2">'; 
    // Put PAGE 1 inputs here 
    break; 
  } 
  print '</form>'; 
} 
?> 
</body> 

Hope thats understandable. Basically we are using this one page to generate all five pages of your form. The code just decides which page to display by looking at the 'showpage' POST variable.

Apologies for any bugs, its untested but should work.
I'm off out but if you trouble with it then post here or drop me a stickymail.

Graham

just to add my tuppence worth, you shouldn't be using session_register anymore due to the new super globals settings.

the syntax would be something like:

session_start(); // This gives you $_SESSION super global

then $_SESSION[ "MyVariable" ] = whatever you want

If you find yourself storing wide arrays etc, a neat trick I use regularly because I'm lazy:

$MyVar3 = &$_SESSION[ "MyVar1" ][ "MyVar2" ][ "myVar3"];

Just like creating pointers in C, you can now refer to $MyVar3 directly. Just remember to declare it global if used in a function.

asp

>> shouldn't be using session_register anymore due to the new super globals settings.

Is this part of the latest PHP release?

I know this is probably not an option for you, but I'll suggest it anyway (I use this on sites that I own/work on).

I use a database backend, assign a unique ID to the user. When the user submits the first form the ID and values are inserted into the table, the id is passed via URL. The next page will submit those values and the ID to the next page and those values will be inserted under that ID in the table (did I lose you?)

This way I can avoid the cookie problem (does the client have cookies enabled?) and I can avoid the hidden field problem (i.e it gets messy if you view the source, and people can see it if they view the source - potential security problem?)

Scott

yep:

As of PHP 4.1.0, $_SESSION is available as a global variable just like $_POST, $_GET, $_REQUEST and so on. Unlike $HTTP_SESSION_VARS, $_SESSION is always global. Therefore, you do not need to use the global keyword for $_SESSION. Please note that this documentation has been changed to use $_SESSION everywhere. You can substitute $HTTP_SESSION_VARS for $_SESSION, if you prefer the former. Also note that you must start your session using session_start() before use of $_SESSION becomes available.

The keys in the $_SESSION associative array are subject to the same limitations as regular variable names in PHP, i.e. they cannot start with a number and must start with a letter or underscore. For more details see the section on variables in this manual.

If register_globals is disabled, only members of the global associative array $_SESSION can be registered as session variables. The restored session variables will only be available in the array $_SESSION.

Use of $_SESSION (or $HTTP_SESSION_VARS with PHP 4.0.6 or less) is recommended for improved security and code readablity. With $_SESSION, there is no need to use the session_register(), session_unregister(), session_is_registered() functions. Session variables are accessible like any other variables.

asp

I use a database backend, assign a unique ID to the user.... the id is passed via URL.

This can be handled by using PHP sessions with transparent sid enabled (which automatically adds the session id to all urls for you).

You can opt to write your session variable to the database by session_set_save_handler with your own save handler functions.

hidden field problem (i.e it gets messy if you view the source, and people can see it if they view the source - potential security problem?)

How 'messy' it makes the source just depends on how well your format the output. I don't think there is anything inherently messy about the <input type="hidden"> tag.

I agree it might not be best to carry a password around this way, but I doubt it causes any kind of a security problem here . Because in this instance you are simply keeping track of what options the user selected.

Passing session ids in the URL is a much bigger security risk as it becomes far easier to hijack other sessions, plus you have problems with users bookmarking pages or sending links to friends.

BTW: k8tie indicated to me via Sticky that she has finished her site - so I think this thread is probably closed anyway :)