[nycphp-talk] handling forms (relative newbie)
Chris Shiflett
shiflett at php.net
Thu Oct 2 15:27:23 EDT 2003
--- Aaron Fischer <agfische at email.smith.edu> wrote:
> I am naming each form element/post variable individually to put the
> data into session_register, which could be a pain the longer the
> form gets!
[snip]
> session_start();
> session_register('first_name','last_name',etc.,etc.many more fields to
> follow...);
You can forget the session register and use $_SESSION instead:
session_start();
$_SESSION['foo'] = $_POST['foo'];
But, before I continue, I should point out that my example code here leaves out
the most important step:
Make sure $_POST['foo'] is exactly what you think it should be. Always filter
your data. You should validate $_POST['foo'] and then put it into
$_SESSION['foo'].
If security was absolutely no concern, you could throw everything from $_POST
into your session like this:
$_SESSION = $_POST
But that is very bad. So, don't let the inconvenience dissuade you from being
mindful about security.
> header ("Location: session_results.php");
The URL in a Location header should be absolute:
http://www.ietf.org/rfc/rfc2616.txt
In section 14.30, the syntax for the Location header is defined:
"The field value consists of a single absolute URI."
Hope that helps.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
More information about the talk
mailing list