0

I have a drop down list on page one with select code:

print "Select week for season 1:  <select name='Week_select'> <br>";

On page 2 I have 

$varWeek=$_POST['Week_select'];

Then another drop down list:

print "Select a team that played season 1and week $varWeek:  <select name='Team_select'><br>";

So far so good and many thanks to all who have gotten me this far.

Now when I go to page 3, I lose $varWeek

I see that I should either use a $_GET or pass it as hidden. I tried $varWeek=$_GET['Week_select']; but that didn't work.

I am unsure how to pass it hidden. Please help me understand a little more. Many thanks in advance

Bill Flippen
  • 453
  • 1
  • 4
  • 19

2 Answers2

0

Add the variable into the form, like you said, as a hidden field, like so:

print '<input type="hidden" name="Week_select" value="'. $_GET['Week_select'] .'" />';

Then on the page which handles the form, the variable will be available in $_POST['Week_select']

Adam Moore
  • 665
  • 6
  • 12
  • this is vulnerable to HTML injection (XSS). – Eevee Apr 04 '13 at 00:07
  • This is true. A good idea would be to pass the Week value as an integer and pass the variable to intval: `intval($_GET['Week_select'])` – Adam Moore Apr 04 '13 at 18:47
  • or use a templating system that lets you not have to worry about this problem – Eevee Apr 04 '13 at 23:54
  • Also true, but using a Framework is a bit out of scope for a beginners PHP question. CakePHP would be my suggestion if you're interested Bill – Adam Moore Apr 05 '13 at 13:39
  • what are HTML injection (XSS) and should I even worry about them if this is a private page that only a few people are going to use? – Bill Flippen Apr 12 '13 at 03:18
0

A better approach would be to register those variables as session variables. This way they won't show up in the URL and you will be able to access them across several pages. Have a read here:

http://www.php.net/manual/en/intro.session.php

You can access/store a session variable like this:

$_SESSION['varname'] = 'value';

and on another page

var_dump($_SESSION['varname']);
Michael Thessel
  • 706
  • 5
  • 20
  • This session thing seems good. So do I just do Session_start() anywhere on page 1? then before the submit button tell it $_SESSION['varWeek']='week_select'. Do I need to register each page to the session somehow? how do I add additional variables to carry other inputs forward such as team, player. – Bill Flippen Apr 04 '13 at 20:02
  • Nice read, still having trouble getting what I want. I have posted another question [HERE](http://stackoverflow.com/questions/15962443/need-more-detail-tying-in-session-start-to-a-select-statement) as a follow up – Bill Flippen Apr 12 '13 at 03:26