-1

Possibly stupid question time:

On many websites, when a user submits a form, the information is checked, and if it is incorrect they are redirected back to the form, with all/most of the information still intact and entered into the form. E.g. they type in the wrong password, but after the redirect, their username is still intact in the form. I want to know the best method in which this can be done.

I did some testing:

post1.php:

<?php
$_POST['user']='name';
header('Location: post2.php');
?>

post2.php:

<?php
if(!empty($_POST['user'])){
    header('Location: post3.php');
    //echo 'post: '.$_POST['user'];
}
else{
    echo 'nope post2.';
}
?>

post3.php:

<?php
if(!empty($_POST['user'])){
    echo 'post: '.$_POST['user'];
}
else{
    echo 'nope post3.';
}
?>

When using a form on post1.php, I could get post3.php to echo 'nope post3.' which shows that post values don't stick around after a redirect. However, when using the current version of post1.php, I could only get post2.php to echo 'nope post2.', meaning that setting $_POST variables manually doesn't work, or I could on the validation page enter $_POST['var']=$_POST['var'] and it would save the post variable through one more redirect.

I know this could be done using SESSION variables, but I feel like that could get messy quickly.

and before you comment about security risks, I obviously wouldn't do this with any sensitive information.

tl:dr; How do I best send variables back to the page the form is on after form validation fails?

James G.
  • 2,852
  • 3
  • 28
  • 52
  • 1
    You are not POSTing **anything** on your first page, you are simply redirecting to post2.php without any post data. – Sébastien Oct 25 '13 at 19:28
  • You need to change this `$_POST['user']='name';` to `$name = $_POST['user'];` for one thing. – Funk Forty Niner Oct 25 '13 at 19:30
  • @Fred-ii- I was trying to define `$_POST['user']`, not get information from it. It isn't set at that point. – James G. Oct 25 '13 at 19:31
  • @JamesG. It (POST/variables) does'nt work that way. – Funk Forty Niner Oct 25 '13 at 19:32
  • 1
    Why would using session variables get messy? It is the obvious and usual way of doing what you want to do. – vascowhite Oct 25 '13 at 19:32
  • 2
    what @Fred-ii- said it you can't set the `$_POST` variable it is a global variable from PHP engine that you only can read. Only a http post protocol set its value. – Jorge Campos Oct 25 '13 at 19:34
  • @vascowhite several reasons. For starters session variables control a bunch of other aspects, and I would have to make sure I named each one of them completely uniquely. Secondly I would also have to unset each of them at the end, whereas POST variables unset themselves. So it could be done, but I was wondering if there was a cleaner method. – James G. Oct 25 '13 at 19:35
  • @JamesG. $_SESSION['post'] = $_POST; Doesn't look too messy to me. You're the programmer, things only get messy if you let them. – vascowhite Oct 25 '13 at 19:39
  • 1
    Weel as you wanna do a post here is a link how to do it: http://stackoverflow.com/questions/5647461/how-do-i-send-a-post-request-with-php – Jorge Campos Oct 25 '13 at 19:39
  • @JamesG. Usually when you want to do some matching, you need to do something to the affect of `if($_POST['password'] == "thepassword"){ // do something }; else{ // do something else }` - that's "one" way of doing it. Or `if ($username=="name1")` etc. – Funk Forty Niner Oct 25 '13 at 19:45

1 Answers1

3

I think as you mention using $_SESSION is more appropriate in this case. When You put something like:

$_SESSION['formVariables'] = $_POST;

then You can refer to these variables when you will be back on form1.php page.

The best solution would be to do validation on same page as the form by including validation script before the form and then if all is correct redirect to relevant page.

Is there any particular reson why you want to do validation on different page than form?

Mirosław Karczmarczyk
  • 227
  • 1
  • 11
  • If I were to do validation on the same page, how would my failure lines be any different? I currently set something like `SESSION['errormessage']= 'your password was wrong'` and then redirect to the original page. How could I kill the script and dynamically alter the page without a redirect? – James G. Oct 25 '13 at 19:41
  • When you do validation and set $_SESSION['errormessage'] then you can create form like:
    – Mirosław Karczmarczyk Oct 25 '13 at 19:43