using session and uniqid for form

[turpentyne]

I have a form on page 1 that submits to page 2, then on to page 3, 4 and 5. On each page more data is collected, then page 5 puts it all into its respective place in the database.

 

I'm trying to prevent a duplicate entry from someone hitting the back button, and I've seen suggestions to do it with sessions and a uniqid.

 

I'm not versed in sessions, so my first question is, because I'm not submitting to the same page, where do I put the session? on page 2 or page one?

Right now, on page one, all I have is:

 

<?php session_start(); 

include("dbconnection.php"); 
?>

<!-- a bunch of  javascript form validation, html code and the form -->

<?php
  
$unique_id = uniqid (rand (),true);
  $_SESSION['unique_id']=$unique_id;
  ?>

<form name="register1" class="registration_form" method="post" action="register2test.php" target="_self" onsubmit="return myForm()">
<input type="hidden" name="unique_id"  id="unique_id_form" value="<?php echo $unique_id; ?>"  >
<input type="submit" value="Submit"  class="buttontype"/>
</form>

 

on page two, I'm assuming, it's something similar to...

 

<?php
session_start();

if (isset($_POST["submit"]))
{
    if ($_POST["unique_id_form"] == $_SESSION["unique_id"])
    {
        $_SESSION["unique_id"] = '';
       /*set variables here ? */    }
    else
        echo 'error';
}
else
{
    $_SESSION["unique_id"] = uniqid (rand (),true);
?>

[Muddy_Funster]

you need to include session_start() at the top of every page.  then you would be better using the session to force the person to not move back as long as you are moving your POST variables into the session at each submit you should maintain the data without needing to make multiple writes to the database.  This is a quick mock up of the simplest way I can think of just now (I've not had my coffee yet!) to force people out of accessing the previous pages, you would obviously need to edit the array values to your actual pages and have the $pageNum set from 1 - 4 on the respective form pages.

 

<?php session_start();
$pageList = array( 1 => 'http://page1.php', 2 => 'http://page2.php', 3 => 'http://page3.php', 4 => 'http://page4.php');

$pageNum = 1;

if (isset($_SESSION['page_num']){
  if($_SESSION['page_num'] < $pageNum){
  header("location: {pageList[$_SESSION['page_num']}");
}
else{
$_SESSION['page_num'] = $pageNum;
}
//rest of page

[turpentyne]

odd glitch... I put that script on page one, found a couple of brackets and such that weren't closed. no big deal. The form comes up without errors. I paste the same exact script on page two, and I get "Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/workshop/public_html/register2test.php on line 8"

 

I'm not seein' it.. but then, I'm just now starting my own cup of coffee!

 

<?php session_start();
$pageList = array( 1 => 'http://www.website.org/registertest.php', 2 => 'http://www.website.org/register2test.php', 3 => 'http://www.website.org/register3test.php', 4 => 'http://www.website.org/register4test.php');

$pageNum = 1;

if (isset($_SESSION['page_num'])){
  if($_SESSION['page_num'] < $pageNum){
  header('location: {pageList[$_SESSION["page_num"]]}');
}
else{
$_SESSION['page_num'] = $pageNum;
}
}
//rest of page
?>

[turpentyne]

aha! a dollar sign was missin!