Forum Moderators: coopster
at the top I then grab them and give them over to my $_SESSION with a line like
$_SESSION['fname']=$_POST['fname'];
Having so many of these just seems silly. can I do this in a loop that would just do something like
$_SESSION['$x']=$_POST['$x'];
then just cycle the entire $_POST[]?
Sarah
foreach ($_POST as $key => $val) {
$_SESSION[$key] = $val;
}
$_SESSION = array_merge($_SESSION, $_POST);
I keep seeing people use => but I just don't get it.
Sarah
foreach( array as itemkey => itemvalue ) {
do something with key and value
} or, a shorter version:
foreach( array as itemvalue ) {
do something with the value
}
$post = array("name", "surname", "email");
foreach($post as $value){
$_SESSION[$value] = $_POST[$value];}
This way you renew only the values that you want to renew, nothing else
Best regards
Michal Cibor
I would suggest leaving all those lines. I would also suggest you validate all of that data before putting it into the SESSION directly.
I would suggest leaving all those lines.
I would also suggest you validate all of that data before putting it into the SESSION directly.
What I would do is make an array of values you want to pass from POST (you know those values, don't you?)
Michal you have somewhat lost me. I didn't know POST data could be preparated I though that was GET.
I will say one thing when it comes to security I am at a total loss.
also forms are not my forte... althought they seem to be all I have been doing lately.
Also let me explain what this form does.
It is a simple sign sheet /registration form.
Users input their name,address etc as well as what activities they want to register for. The form is is on two pages (I though breaking it up would make it less intimidating)
after the first form. the info is passed to PHP_SELF with POST then added to the SESSION. if a checkpoint(btw can I hide this checkpoint from the html file with php?) is set in the session then the second page of the form is displayed.
That is as far as I have gotten so far.
what happens next is I have to write code that takes the check events and calculates the registration fee (fees and events are linked to each other in a table)then figure out a way for the user to pay not exsactly sure how that will work.
And somewhere I need to have code that enters the user and selected events my db.
Ok Michal, after re-reading your posting serveral times I think I get where you are going with it. You are assuming that there is more data in the SESSION then is being passed(which is very good and I'm kicking myself for not thinking that far ahead)
This is almost my first time using SESSIONS I used them on another section of the site but its security resembles one of those little padlocks you put on luggage... but I'm the only one right now who should be there and I found the added security very annoying, so I wasn't overly concerned, if the area ever becomes important I will fix it, if it dies(it's currently in limbo) then nothing was missed.
Sarah
on any server:
<form action="your_server_here" method="POST">
<input type="text" name="username" value="me">
<input type="text" name="password" value="mypass">
<input type="text" name="valid" value="1">
submit...</form>
And voile! You've got yourself a preparated POST data (I'm sure you don't check SERVER_REFERER, but that's also possible to preparate).
If you by any chance use $_SESSION["valid"] to store users login, then you are already lost with your method.
Hope this gives you some insight.
PS. If you leave all those lines, then you're sure you get only data you want.
validation is checking if data is what it's supposed to be:
username and pass should be only alphanumeric, id should be only int, email should contain @, etc. You can read more here: [webmasterworld.com...]
With
you know those valuesI meant: send to SESSION only data you should have in your post (username, password, email, whatever else) and nothing more
Best regards in making your page more secure
Michal Cibor
