getting post data from previous page

Question

I have two pages page one and page_two, in page_one the user enter some information which will be inserted in the database and when the he press enter he should be directed to page_two and inside this page there are the same information that he entered in page_one. and the problem is every time the user refresh page_two the data is inserted in the database again. I tried to fix this issue by using header to a new page, it worked but in page_two the information that was entered in page_one is lost.

page_one

<form action="page_one.php" method="post" name="info" >
<input name="userName" type="text"   />
<input name="userEmail" type="text"   />
<input name="userPass" type="text"   />
<input name="submit" type="submit"   />
</form>

<?php

 include('db.php');

if(isset($_POST['Login']))
{
$user_name = $_POST['userName']; 
$user_email = $_POST['userEmail'];  
$password = $_POST['userPass'];


mysql_query("INSERT INTO users VALUES ('$user_name',' $user_email',' $password')");


 header("Location:page_two.php.php");
 exit;

}
?>

page_two

 <?php
 $user_name = $_POST['userName']; 
 $user_email = $_POST['userEmail'];  
 $password = $_POST['userPass'];

 echo 'your user name: '.$user_name;
 echo 'your email:  '.$user_email;
 echo 'your password: '.$password; 




<input name="userName" type="hidden" value="<?php echo $user_name; ?>" />          
<input name="userEmail" type="hidden" value="<?php echo$user_email; ?>" />
<input name="userPass" type="hidden" value="<?php echo $password; ?>" />

when I try this code it gives me this error message from page_two:

notice undefined index userName
notice undefined index userEmail
notice undefined index userPass

**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Aug 01 '14 at 06:33
**Danger**: This code is [vulnerable to XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)). User input needs escaping before being inserted into an HTML document!. — Quentin, Aug 01 '14 at 06:34

Pankaj Sharma · Answer 1 · 2014-08-01T06:31:32.680

0

Redirect using header to some safe page after inserting the data. You can rather use id of the inserted row to get data on page_2.

Hope this helps.

edited Aug 01 '14 at 06:31

answered Aug 01 '14 at 06:23

Pankaj Sharma

669
5
12

I did this in the code above but I try to keep post data from the previous page – user3891365 Aug 01 '14 at 06:29
1

Your title of the question is confusing. Checkout edits. – Pankaj Sharma Aug 01 '14 at 06:30

score 0 · Answer 2 · answered Aug 01 '14 at 06:28

0

You have the correct approach, but on page_2, instead of retrieving the values from the $_POST array, you should retrieve them from the database, as they now exist there. This will remove your undefined index problem.

answered Aug 01 '14 at 06:28

Alex

1,565
2
9
13

but in page_two I will need the user id from page_one using method post to get from db the information of the exact user – user3891365 Aug 01 '14 at 06:34
Pass it as a query string in the url to page two – Alex Aug 01 '14 at 06:36

score 0 · Accepted Answer · answered Aug 01 '14 at 06:33

0

Pass the variables via url to page_two.

So your header will be

header("Location:page_two.php.php?userName=user_name&userEmail=user_email&userPass=password");

Now catch these variables using $_GET on page_two

<?php
 $user_name = $_GET ['userName']; 
 $user_email = $_GET ['userEmail'];  
 $password = $_GET ['userPass'];

 echo 'your user name: '.$user_name;
 echo 'your email:  '.$user_email;
 echo 'your password: '.$password;

answered Aug 01 '14 at 06:33

rack_nilesh

553
5
18

Do not pass this sensitive data in the url. Pass the id of the newly created user instead, and retrieve the data from the database on page 2 – Alex Aug 01 '14 at 06:39

score 0 · Answer 4 · answered Aug 01 '14 at 06:42

Since you're building a multi-page web-app. I suggest you have to use SESSION to save the posted information of the 1st page, then use the SESSION variable for the 2nd page. I hope the link below helps.

http://www.html-form-guide.com/php-form/php-order-form.html

score -1 · Answer 5 · answered Aug 01 '14 at 06:35

-1

On page two you should include a Select statement which will select all the values that are stored in your table.

mysql_query("SELECT * FROM users ");

answered Aug 01 '14 at 06:35

user3811714

286
2
8
21

This will not help retrieving the specific details of the new user. And the use of mysql_query is out of date and insecure. – Alex Aug 01 '14 at 06:41
But in order for you to get data that is saved in a specific table you use the select statement right? – user3811714 Aug 01 '14 at 06:51
Yes. But you add `WHERE id = 3`, where three is the value sent in the url, to specifically get that user – Alex Aug 01 '14 at 06:56

getting post data from previous page

5 Answers5