Forum Moderators: coopster
However, when they do that the data that was entered is gone, so thay have to start again. A bad thing, cause there are a couple of hundred fields.
The problem appears to be that I begin an included file with session_start();. If I remove the line that includes the file (which tests that the user is logged in) then the data is preserved. If not - poof! If I put the code from the included file into the main file (rather than "including" it), it still clears the form.
Here is the code from the included file:
<?php
session_start();
if(!isset($_SESSION['username'])) {
echo'<html>
<head>
<meta http-equiv="Refresh" content="0; URL=Login.htm">
</head>
</html>';
}
?>
Anyone know a way around this little glitch?
Tom
If you are reposting, the problem is here:
<meta http-equiv="Refresh" content="0; URL=Login.htm">
You are refreshing, but losing the post information. If you don't include this info and go straight to the login, and you have
if (isset($_POST['var1']) && $_POST['var1'] )
This will work, but after the refresh, the var is no longer set.
Two ways to get around it.
1. before refresh, say
$_SESSION['post_vars'] = $_POST;
and then use that array to refill the form.
2. Have the "action" of the form, be the form itself. If it passes the validation test, *then* redirect to the success page.
I almost always use option 2.
BTW, you should probably redirect not by echoing a refresh, but with a simple
header("Location: success.php");
Tom
The way to solve this in a foolproof is to fill in a new form with all the values. I don't redirect the user back to the first form. Just keep them on that page with a form that they can edit on that web page.
Every time someone presses submit (or "next" or "back"), have the following page perform this process, whether the data is validated or not:
foreach($_POST as $k=>$v){
$_SESSION[$k]=$v;
}
Then if you go back to any step in the process, populate the form with the Session value in the HTML:
<input type="text" name="phonenumber" value="<?php print($_SESSION['phonenumber'])?>">
Where browsers can choose whether or not to "remember" form contents when you go back, forth, or navigate, your server can do the work by remembering those values in a session.
I would also suggest that in your login authentication (where you are checking for the $_SESSION['username']), use a header() redirection instead of writing a <meta> redirection.
<?php
session_start();
if(!isset($_SESSION['username'])){
header("Location:Login.htm");
}
?>
I don't redirect the user back to the first form.
They don't need to be sent back to the first FORM necessarily. I just meant send them to the FILE that will create the form you want now (which is likely to be the file that created the first form, but not necessarily). IF IT VALIDATES, then redirect, rather than doing the validation and if it fails, redirect.
I suspect I'll be trying httpwebwitch's suggestion first. I should set everything as session variables.
Responses to some of the responses:
I am not refreshing. The code I posted will not be run because the user has logged in, so the "if" is false. It should test if he is logged in, return true and move onto the rest of the file that includes this. I only posted it to show the "session_start()".
Also, two of you mentioned that I should use 'header("Location:Login.htm");' instead of echoing a refresh. Why is that?
Thanks again all
Tom
As for the "header" versus refresh
- header is server side and does not depend on the client and therefore is more reliable.
- it does not require anything to be sent to the client before refreshing, so it's faster/lower bandwidth
- header potentially lets you set any http header you want and send a redirect code or not, etc etc etc
There are probably additional reasons.
I suspect I'll be trying httpwebwitch's suggestion first.
It should work fine.
The reason I suggested assigning
$_SESSION['post_vars'] = $_POST;
is because I don't know if there might be collisions between the post vars from the form and already existing session vars. You will need to watch for that if you use httpwebwitch's method. If there are no such collisions possible, it will be a much more convenient way (less typing).
Second, make sure you unset the session vars when you are done with them. Remember, they are persistent by nature, so you will have to make sure they go away when you want them too. That's one other advantage of assigning everything to $_SESSION['post_vars'].
Once the form is repopulated, you can just say
unset $_SESSION['post_vars'];
Tom
And BTW, httpwebwitch's code is working beautifully - at least on the type="text" fields. Now I have to do the checkboxes and radio buttons... a little more complicated. I think.
Thanks again all
Tom
Since you're using sessions for login/authentication, you're opening up a security gap by throwing all the POST variables in there indiscriminately. It's the same problem as having register_globals turned on - someone could throw a POST value into your page called "username", and that would trickle into your sessions and allow them access without ever having entered a valid password.
condition?true:falsecheckboxes:
<input type="checkbox" name="signup" value="1"<?php print($_SESSION['signup']?'CHECKED':'')?>>
radios:
<input type="radio" name="gender" value="male"<?php print($SESSION['gender']=='male'?'CHECKED':'')?>>Male
<input type="radio" name="gender" value="female"<?php print($SESSION['gender']=='female'?'CHECKED':'')?>>Female
It's the same problem as having register_globals turned on - someone could throw a POST value into your page called "username",
That is, in fact, the specific collision I was thinking of.
Tom
I'll try '$_SESSION['post_vars'] = $_POST;' and 'unset($_SESSION['post_vars'])'. It's not as clear how I'll access the individual values to refill the form, but that, too, I'll figure out.
Will that solve the security problem httpwebwitch mentioned?
And thank you httpwebwitch for the code for the checkboxes and radios. I had already figured it out, except I used if's instead of ternary. I always forget the ternary operator.
Tom
I'll try '$_SESSION['post_vars'] = $_POST;' and 'unset($_SESSION['post_vars'])'. It's not as clear how I'll access the individual values to refill the form, but that, too, I'll figure out.
Exactly the same way, but you're one more index down in your array. So instead of
$_SESSION['field1']
you use
$_SESSION['post']['field1']
This works in other contexts too
foreach ($_SESSION['post'] as $key=>$val)
is perfectly valid.
Will that solve the security problem httpwebwitch mentioned?
As long as you don't overwrite a session var that is used to check login, yes.
Will that solve the security problem httpwebwitch mentioned?
As long as you don't overwrite a session var that is used to check login, yes.
Ah, I see. So that:
$_SESSION['post_vars']['username']$_SESSION['username']Always learning, I am...
Tom
So
$_SESSION['post']['username'] = $_POST['username'];
will almost always be safe
$_SESSION['username'] = $_POST['username'];
might start causing problems and it might take you a long time to figure out the source when you change your code six months from now and erratic things start happening.
Tom
Cheers,
Tom
buildYearDD(1955,-20,"hdobyear");calls this function in an included file:
function buildYearDD($startYear,$endOffset,$elemName){
$i = $startYear;
$end = (date(Y)+$endOffset);
print "<select name=\"$elemName\">\n";
print "<option>----</option>\n";
while ($i <= $end){
print "<option";
if($_SESSION['post_vars']['$elemName'] == $i){print ' selected';};
print ">".$i;
print "</option>\n";
$i += 1;
}
print "</select>";
}and builds a drop down (selection list) listing years where $startYear is the lowest yaer in the list, $endOffset is where I want it to end relative to the current year (like -5 would end the list at 1999...),$elemName is the name of the html <select> element.
The "if" line is irrelevant unless you are going Back to the page and want to reload the data as it appeared before submitting.
The problem is that it doesn't work when I do click Back. And it has to do with the way I'm attempting to concatenate the variable, $elemName, in that line. When I hardcode the name of the element it works fine.
So it's a simple syntax problem. Right?
How should that be written? I've tried dots, quotes, double quotes, prints.
I hate asking such an elementary question, but I'm stumped.
humbly, Tom
Tom
You, httpwebwitch and I already resolved that part of this conversation in the earlier postings of the thread. It wasn't reloading the form when I hit Back until I did what you said and wrote all the $_POST variables into a $_SESSION variable, then read them out of it when I re-opened the form. That works great.
if($_SESSION['post_vars']['$elemName'] == $i){print ' selected';};if($_SESSION['post_vars']['hdobyear'] == $i){print ' selected';};So my question is, what's wrong with my syntax? How should the variable be concatenated into that line?
A little more detail:
The function call is in the .php page that renders the form (for the sake of this discussion, let's call it enterNewGuy.php). The function definition is in a separate "included" file called common.php along with some other functions.
Make sense?
Tom
if($_SESSION['post_vars']['$elemName'] == $i)What's wrong with my syntax?
Easy. You are using the index '$elemName' which is a STRING, you want the VARIABLE, so you need to lose the quotes, like so:
$_SESSION['post_vars'][$elemName]
Because
if $elemName = "hboday"
$_SESSION['post_vars']['$elemName']!= $_SESSION['post_vars']['hboday']
$_SESSION['post_vars'][$elemName] == $_SESSION['post_vars']['hboday']
Tom
Could you guess I do this for a living? I doubt it'll surprise you that it's working now.
D'ya ever have one of those... oh never mind. Thanks
Tom
Could you guess I do this for a living?
Well, I mostly don't do it for a living, but I consider myself fairly experienced. I have lost count of the number of times I have spent the better part of a day tracking down some PHP syntax error that I knew was wrong since my first day of learning PHP.... in fact, I think it happened a few days ago.
Tom
