PHP – passing variables across pages Feb19 '05
Feedback
# (2 of 22): Dale » bluetrait.com
12 hours, 30 minutes after the fact. (Sat 19 Feb 2005, 9:29 PM CST)
Passing variables with $_GET and $_POST is good but only for certain things.
I use $_COOKIE for storing details such as Name, Email, WWW in the comment area. This is good because you don't need to store anything on the server side.
Where as $_SESSION is good for storing more secure data. It's like a cookie on the server side.
Remember to ALWAYS check data coming from a user, you may need to filter it etc to stop people from hacking or breaking things.
# (3 of 22): Peter R.
6 months after the fact. (Mon 22 Aug 2005, 7:57 PM CST)
Questions from a novice PHP user:
Why is it that I can access values of variables on the page referred to in "action" on the form without making reference to $_POST? In other words, if my form has:
<form action="results.php" method="post">
.. and selected "region" has a value of "6"..
Why is it that on results.php I can simply:
echo $region;
without using $_POST['region'] ? In fact, $_POST['region'] does not seem to be carrying a value.
Also, is there a way to combine this method of posting values AND having PHP code verify form data? The forms that I have seen with verification of data have an action which refers - not to the results page - but back to the page containing the form.
Thanks for any help you can offer.
Best regards, Peter
# (4 of 22): Matthom
6 months after the fact. (Tue 23 Aug 2005, 7:26 AM CST)
In fact, $_POST['region'] does not seem to be carrying a value.
If 'region' is the NAME ('name' attribute) of one of your form elements, it should be accessible via $_POST['region'] - without a problem. The only thing that could prevent that (that I know of) is an older version of PHP - which only accepted $HTTP_POST_VARS['region']. Notice the difference in the variable names.
I think PHP 4 (I could be wrong) started supporting the "short" format - $_POST['region'].
But... if you CAN access the form values by just using the variable - $region - that should be the easiest way, anyway.
The forms that I have seen with verification of data have an action which refers - not to the results page - but back to the page containing the form.
The action attribute for the <form> element can request any file - including itself.
Either way, to verify the form data with PHP, simple write some if statements, which test to see if a certain value ($_POST['region']) is not set, IE: == ""... or you could do: if ( isset($_POST['region']) ) { code }
# (5 of 22): Peter
7 months, 3 weeks after the fact. (Tue 11 Oct 2005, 4:57 PM CST)
Also a novice PHP user.
I am trying to store an SQL statement across pages so I can reuse it at a later stage.
I use this
<INPUT TYPE=HIDDEN NAME=originalquery value="<? echo $originalquery ?>">
However since the statement usually contains single or double quotes so after a few pages the statment appears
SELECT * FROM `products` WHERE `name` like \\\\\\\'%l%\\\\\\\'
Originally it was
SELECT * FROM `products` WHERE `name` like '%l%'
How do I avoid this alteration? Obviously the SQL statment cannot be run in this format.
# (6 of 22): Marty
1 year, 6 months after the fact. (Wed 30 Aug 2006, 3:03 AM CST)
what i’m trying to do is send a variable accross pages that can change values depending on some input like: link
where "variable" is a variable that can take any value. Is it possible in php? I will appreciate your help.
# (7 of 22): Jack Soul
1 year, 6 months after the fact. (Sat 02 Sep 2006, 7:50 PM CST)
There is also another way to pass data through pages. You do this by using sessions.
# (8 of 22): Lokos » kovacexpress.com/application1.htm
1 year, 7 months after the fact. (Fri 22 Sep 2006, 9:09 PM CST)
I might seam unrelated but you are my best option...
I’m trying to create an online job application, using
FormMail 5.2 php script, and HTML page for the txt
input.
I got it to work just fine, with one page. Now since
the application is realy long, i would like to split
it into lets just say 4 .htm pages. The formhandler
in Front page lets me screate 4 different forms
ofcourse on 4 pages seperately, and I also know
how to link them... the only missing peace is the
hiden "stored" data from previous pages.
How can I access the already typed info, and send it
all through the form submit button together.
I have read about the sessions, GET vs. PUT.
Get would be insane to use for this long as appl.
Any clues on 4 .php pages instead,
where this code sounds promissing...
Please help.
# (9 of 22): Kitradin » kitradin.com
1 year, 7 months after the fact. (Sun 01 Oct 2006, 3:10 PM CST)
after grabing some string values with quotes(') and double quotes(") from a variable using POST, and put them inside another form, like:
<?php
$grab = $_REQUEST['variable'];
echo "<form method=\"post\" action=\"test.php\">";
echo "<input type=\"text\" name=\"variable\" value=\"$grab\">";
echo "<input type=\"submit\" name=\"next\" value=\"EDIT\"></form>";?>
if a user entered double quotes(") in the form and i need to repost the information into a new form with the quotes in it, the form will crop all information after the quote(") because the form would look like this:
text entered by user: bobby the "madman"
the browser will parse the input line and think that the quote(") before the word ’madman’ is the closing quote(") for the value field. As a result, the browser will not display the information after the quote(") before the word ’madman’.
the same problem happens when i use a single quote(’) to enclose the value field. the browser ignores any information after it parses the next single quote(’) in the value of the variable.
is there a way to display the whole information in the form?
# (10 of 22): Matthom
1 year, 7 months after the fact. (Sun 01 Oct 2006, 3:51 PM CST)
Kitradin, you have to use the "opposite" quote-type (single or double), when using quotes in attribute values:
<input type="text" value="bobby the 'madman'" />
<input type='text' value='bobby the "madman"' />
# (11 of 22): Kitradin » kitradin.com
1 year, 7 months after the fact. (Sun 01 Oct 2006, 6:25 PM CST)
what if they both have a single and double quotes? like
bobby’s website: "the madman"
# (12 of 22): Matthom
1 year, 7 months after the fact. (Sun 01 Oct 2006, 6:43 PM CST)
You have to escape either the single or double quotes, depending on what your default is:
<input type="text" value="bobby's website: "the madman"" />
Above, the default is double-quotes, as you can see the attribute values are in double quotes. Therefore, the double quotes around "the madman" have to be escaped.
" escapes to "
' escapes to '
Does that help? Let me know...
# (13 of 22): Brajendra Kunar Mishra
1 year, 7 months after the fact. (Tue 03 Oct 2006, 7:12 AM CST)
we are linked with other websites. Clicking on the link user starting our registration form. On thrid page of our registration form we have an option to know about the refency of our site how can i do that
# (14 of 22): Dacia » atlantahomeindustries.com
2 years, 2 months after the fact. (Fri 20 Apr 2007, 2:02 PM CST)
This is great feedback. Simple and to the point. It helped me fix a break in my PHP which calls a variable from a db. It was the only line missing. check it out: www.atlantahomeindustries.com Click on properties. It shows the variable being passed.
# (15 of 22): Jon Gibbins
2 years, 2 months after the fact. (Mon 23 Apr 2007, 5:17 AM CST)
From a learning amateur PHP coder ... thank you! Your step by step guide explains everything nicely.
# (16 of 22): Shakil Ahamad
2 years, 5 months after the fact. (Fri 10 Aug 2007, 6:15 AM CST)
I would like pass the value without using post,session,through URL also to other pages. Can you give me idead about above criteria
# (17 of 22): Steve » stevenswallow.com
2 years, 5 months after the fact. (Thu 16 Aug 2007, 3:49 AM CST)
Helping against injection - $id = (int)$GET['id']; cast value to int. $name = stripslashes($GET['name']); strip slashes placed there by magic quotes if they're on. (They normally are)
then when adding - mysqlrealescape_string($name)
# (18 of 22): James
2 years, 10 months after the fact. (Thu 27 Dec 2007, 1:34 PM CST)
for security reasons, can a variable be passed on to a different page without using the GET method or a form or a cookie? cookies can be dangerous and sometimes turned off in some browsers, with the GET method data is exposed, with the form posting method it can be limited eg. having variables located in links..
# (19 of 22): Dale » bluetrait.com
2 years, 10 months after the fact. (Thu 03 Jan 2008, 8:34 PM CST)
Yes you can use PHP sessions (like server side cookies).
# (20 of 22): Addeasy
3 years, 4 months after the fact. (Mon 30 Jun 2008, 2:12 AM CST)
This helped me solve a problem I was struggling with. Thanks a ton.
# (21 of 22): Aw
3 years, 4 months after the fact. (Fri 18 Jul 2008, 9:24 AM CST)
Thank you! I couldn't remember how to pass the form value into a php file.
# (22 of 22): Albert Cano
3 years, 6 months after the fact. (Wed 20 Aug 2008, 10:20 AM CST)
Thank you for your help!
RSS feed for comments on this post
Leave feedback
While working in PHP, eventually you’ll want to be able to pass a variable, or piece of data, from one page... to another page.
You are at the feedback permalink page for: PHP – passing variables across pages
# (1 of 22): Josh » joahua.com
11 hours, 10 minutes after the fact. (Sat 19 Feb 2005, 8:09 PM CST)
Good article, but one clarification: there is a limitation on how many characters you can include when using POST (or there generally is), dictated by the webserver (or by PHP). From memory PHP has a 2MB limit by default? although it's possible to increase this.