Form post to a session...how?

[dwest]

Hi,
What is the technique to get all the values in a form post captured in as session variable?

Thanks!

[fert]

[code]
$_SESSION=$_POST; //or $_GET
[/code]

[Jessica]

To have all of them in one single var would be more like $_SESSION['post'] = $_POST;

[dwest]

So, I can't post directly to the session?  I must first capture the post on a php page and then assign the $_POST's to the session?

[Jessica]

Yes.

[dwest]

Say I have the following in a form:
[code]
<input type="text" name="text_name'.$r['item_id'].'[]" value="'.$r['name'].'" />
[/code]

When I post the form, what Am I posting to?  A form handler that then captures the posts and assigns them to the session?

[dwest]

Got it!  I replied while you replied. :)

[dwest]

Now, I'm a little confused still.

In previous posts here (or perhaps another forum), I was told that passing hidden fields back and forth between forms was insecure and that I should use sessions instead.

But in order to get the values into a session I have to pass the hidden fields anyway.

So how do sessions alleviate the security vulnerabilities?

[Jessica]

If you already have the value, instead of passing it via another form, simply keep it in the session and access it that way when you process the form.

[dwest]

I see that and thanks  :)

What I'm doing is creating a means for a user to build an invoice form and when satisfied, submit it to the database.

To do that, I have a submit button to add items and a submit button to save the invoice.

The user goes back and forth to the available items list by clicking the add items submit button.  She selects items from that list to add them to the invoice.  The values are posted back to the invoice as hidden fields.

Each click of the add items button, passes the items already selected, in hidden fields, to the items list form.  Clicking done on that form passes the new selections plus the existing selections, back to the invoice form.  All in hidden fields.

This goes on until the user is done and then all the items in the invoice form are posted to the invoice database.

So, is there any advantage gained from using sessions in this case?  Seems to clutter things up more unless I'm missing something. (which is highly probable I might add  ;) )

[dwest]

I need to add that in the invoice form, all visible fields are seen as text boxes.  Thus they can be edited at any time.  So, the state of a piece of data gets posted "as is" not "as was".  This allows user to tweak the name or description or price of an item in the invoice and still add more items, etc.