Best way to pass between scripts?!

[doubledee]

What is the best way to pass data between scripts?

 

Here is my current problem...

 

- User is reading Comments under Article (1234) on "article.php"

- User spots a questionable post

- User clicks "Report Comment" icon

- User is taken to "report_comment.php?comment=1234"

 

(Everything is okay so far.)

 

- User is not logged in, and is re-routed FROM "report_comment?comment=1234" TO "error_page.php"

- Error Page display "You must be logged in to report a comment"

- User clicks on Log In button and is taken FROM "error_page.php" TO "log_in.php"

- User logs in

- User to taken FROM "log_in.php" TO "report_comment.php" where we were originally?!

 

The problem is that by default, "report_comment.php" now has no idea which Comment we want to report, and so it says "Comment not found"?!

 

Based on the flow above, I need to keep track of the Comment ID.

 

As I see it, there are a few ways to handle this...

 

1.) I could pass the CommentID in the query string from script to script like this...

 

"report_comment?comment=1234"

"error_page.php?comment=1234"

"log_in.php?comment=1234"

"report_comment?comment=1234"

 

But that seems sloppy and like a lot of extra work.  (Especially because *everytime* you pass something in the URL it has to be checked again.  And me being thorough, that means checking it against the database, which is an extra 60-70 lines of code in my Prepared Statement with Error-Handling?!)

 

 

2.) I could store the CommentID in the $_SESSION and then just refer to it as needed

 

 

3.) Maybe there is another, more efficient way?!

 

 

I guess #2 seems the best, but I am also no sure about this...

 

When I eventually come back to "report_comment.php", do I have to RE-validate the CommentID, even if it comes from my $_SESSION??

 

 

Debbie

 

 

[scootstah]

Sessions is usually how you pass data between scripts.

 

When I eventually come back to "report_comment.php", do I have to RE-validate the CommentID, even if it comes from my $_SESSION??

 

Why wouldn't you? Treat it as a new request.

 

 

[requinix]

3. Whatever page does the redirecting sticks in the new URL the one the user was trying to visit.

log_in.php?return=report_comment.php%3Fcomment%3D1234

Note how the old URL was urlencoded before it went into the new URL.

 

When they log in correctly you check if that return URL was passed (and if not you go to the homepage or something). If it was and is appropriate to redirect to then you redirect to it. The key part there is "is appropriate": you don't want to redirect to just anyplace.

[scootstah]

3. Whatever page does the redirecting sticks in the new URL the one the user was trying to visit.

log_in.php?return=report_comment.php%3Fcomment%3D1234

Note how the old URL was urlencoded before it went into the new URL.

 

When they log in correctly you check if that return URL was passed (and if not you go to the homepage or something). If it was and is appropriate to redirect to then you redirect to it. The key part there is "is appropriate": you don't want to redirect to just anyplace.

 

Normally I would agree, but in her example the user has to manually click "login" and is not redirected there. They are redirected to an error page.

[jcanker]

The main question you have to answer first is, do you want to require that your user has cookies turned on?  (Since they're logging in, I would guess so since tossing login credentials around via URL is bad...)  If so, storing in the SESSION is quick and easy and you can access it from any page without having to throw around GET vars in your URL.  Via URL you're passing it around to a bunch of pages that don't need to know about it other than to pass it along to the next step.  With SESSION it's there when you need to use it, stays out of the way when you don't.  This scenario is the type of thing SESSION is used for