Jump to content

Recommended Posts

I have a multi part form on my site called signup.php. It is one file that has 3 forms in total and each part of the form is in its own FUNCTION, as follows:

 

$errors=array();

if($_SERVER['REQUEST_METHOD'] != 'POST') { //upon page load
form1($_POST);
}

else if($_POST['process'] == 1) {
if(strlen($_POST['name']) < 3) { //form validation
$errors[]='name';
}

if(!empty($errors)) {
form1($errors);
}
else {
form2($_POST); //POST the values to form2
}

else if($_POST['process'] == 2) {
if(strlen($_POST['selection']) < 3) {
$errors[]='selection';
}

if(!empty($errors)) {
form2($errors);
}
else {
form3($_POST);
}

else if($_POST['process'] == 3) {
conf_form($_POST);
}

 

Each part of the form has a hidden varaible called "process" and also contains hidden variable of the POST values from the previous part of the form.

 

I was wondering is there another (better) way of doing this, without using functions? The problem iwth using functions is I have to declare stuff globally, etc. I beleive it can be done using sessions, if so how can I modify my script to use sessions?

Link to comment
https://forums.phpfreaks.com/topic/167114-solved-multi-part-form/
Share on other sites

page1.php

<?php
  session_start(); 

  // display page 1 of form, submit to page2
?>

 

page2.php

<?php
  session_start();
  $_SESSION['page1'] = $_POST;

  // display page 2 of form, submit to page3
?>

 

page3.php

<?php
  session_start();
  $_SESSION['page2'] = $_POST;

  // display page 3 of form, submit to processing script
?>

 

processingScript.php

<?php
  session_start();

  // example: dump all info to see where they are
  echo "<pre>";
  
  // page 1
  print_r($_SESSION['page1']);

  // page 2
  print_r($_SESSION['page2']);

  // page 3
  print_r($_POST);

?>

Cool, that looks good, I'll give it a bash tonight.

 

BTW do you know how I can seperate pieces of code within the same file, without having to put them in to a function?

 

I.e. organising the code on the page into their own "sections" and then "including" them when/where required.

Sessions are hacked because people do not use them properly, or else they are using them on a server that is not set up properly, or else they are using them on a shared server, where it's not as secure in general.

 

If you really feel nervous about it, you can do things like create your own session ids, store them in a database, pass tokens to the users on the forms to validate and make sure data is coming from them, etc..

 

But considering your previous method involved just passing stuff in hidden fields... I do not think you really need to be worrying about whether these session variables will be hacked or not.  Whatever level of secure sessions are, it's a lot more secure than what you're doing right now. 

 

Personally, I would just focus on validating the submitted information in your process script.  If the data being submitted is sensitive enough to warrant it, consider getting a certificate to have your pages be https (ssl).

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.