0

Suppose I have 2 forms which will be submitted step by step. In first page, I have

Page1 :

<form action='page2.php' method='post'>
    <input type='email' name='email'>
    <input type='submit' name='submit' value='Submit'>
</form>

Page2 : In this page, I'll check if the email is available in my website or not. If available, then the email will be showed and the user will be asked for his/her phone number.

if(isset($_POST['submit'])){

    echo $_POST['email'];
    ?>

<form action='page3.php' method='post'>
    <input type='number' name='number'>
    <input type='submit' name='submit' value='Submit'>
</form>

    <?php

}

Page3 : When the phone number is given, it will be validated here and the user will be redirected to 'somepage.html'.

Now, my question is, I'll take care of the form resubmission problems. But I don't want users to see the 'Form resubmission' dialogue box in there browsers every time they refresh Page2. And this process has to be done in two steps. In Page2, it is necessary to show the posted email in Page1. How can this whole process be done? It'll be helpful to me if the code is written from beginning to end (from Page1 to Page3).

John Wink
  • 95
  • 1
  • 2
  • 11
  • I have never done this manually, usually frameworks do it for you. If i am not mistaking, the data you submit is saved in the session rather than $_POST (refreshing the page wont ask you to resubmit this way) http://stackoverflow.com/questions/14465464/storing-all-post-data-in-session – Nodir Rashidov Mar 28 '17 at 05:49
  • please correct me if am giving false instructions, this may have security flaws – Nodir Rashidov Mar 28 '17 at 05:51
  • 1
    If your only goal is to ask for the phone number on the condition the client gave you his e-mail address, then there is no need to have two forms or two pages. – Kobbe Mar 28 '17 at 05:52
  • why dont you use ajax? – Aravindh Gopi Mar 28 '17 at 05:52

1 Answers1

1

Try this:

Page1.php

<?php
    session_start();
    if(isset($_POST['submit'])){
        $_SESSION['email'] = $_POST['email'];
        header('Location:page2.php');
        exit;
    }
?>

<form action='' method='post'>
    <input type='email' name='email'>
    <input type='submit' name='submit' value='Submit'>
</form>

This should remove the "Form Resubmission" in "Page 2" while keeping the email

Carl Binalla
  • 5,393
  • 5
  • 27
  • 46
  • and in your query to check if email exists use `$_SESSION['email']` instead of `$_POST['email']` – Nodir Rashidov Mar 28 '17 at 05:59
  • 1
    @JapanGuy I didn't bother to check anything, I just addressed the "Form Resubmission" issue – Carl Binalla Mar 28 '17 at 06:00
  • oh yeah I was referring to the OP in my comment. But can I ask you how to make it safer? Want to know for myself. after escaping special chars, htmlentities, quotes and stuff, after you ve done all the checking is just assigning like `$_SESSION["var"]=$_POST["var"]` secure enough? – Nodir Rashidov Mar 28 '17 at 06:06
  • @JapanGuy Oh sorry, I thought you are referring to me. For the safety of sessions, check [here](http://stackoverflow.com/questions/1181105/how-safe-are-php-session-variables). And try not to store important data to the sessions as much as possible – Carl Binalla Mar 28 '17 at 06:08