PHP rather then Post Input

[TRI0N]

Still catching up on more secure ways to do things via PHP 5 and want to start implimenting them into structures I have created in the past on older PHP systems for clients as I begin to upgrade them to PHP 5.

 

Most important is the POST method using Input fields or hidden Input to pass thru to another step or portion of a website that forms use.

 

My question would be is there now a safer way to post data using PHP when a form is submitted or is there atleast a way to pass thru that data without use of Input Hidden using PHP for multi stepped forms?

 

Example would be lets say:

 

Step 1: Asks for the users credit information

Step 2: Asks for Personal Information and also continues to pass thru Credit Information

Step 3: Custimize Options /collects information that is passed thru.

 

Now I would not use this structure myself but as an example as to what I mean by not having the data be pass thru with Input Hidden in Step 2.  I wouldn't ask for Credit Info until the last step before being processed but there are other senstive data in steps that I would rather not be passed thru via Input Hidden.

 

Any suggestions would be great since I have a few ideas but want all aspects of possible solutions presented before I start making a new standard in scripting such.

[john010117]

If I get what you mean, put the form(s) and the PHP processing script in a same file (like I do for my admin panel). So, in the PHP script, check to make sure that the form was submitted before processing it.

[TRI0N]

No I was refering to more of what is passed thru using the Input Hidden.  Bacause you can always view source of a setp to obtain the field names to possible get the values.  I want to avoid that since the php code is not passive and will not give them the pleasure of seeing what is being passed thru.

[john010117]

If you want to do it like that, use sessions. Start a session at the form, and check to see if the session's there on the processing page.