NYCPHP Meetup

[Daniel Convissor]

Hi Christina:

Before I get into specific code feedback, you REALLY need to get some 
coding standards in place.  Your nesting is a total mess.  Read and 
follow http://pear.php.net/manual/en/standards.php.


On Mon, Feb 09, 2009 at 10:08:30PM -0500, Christina Karlhoff wrote:
>         
>         setcookie("form", serialize($_POST), time()+300);

No.  Put that stuff in the session, not the cookie.


>                         header('Location:
> http://www.wll.com/thankyou.shtml');
>    $_POST['RemoteIP'] = $_SERVER['REMOTE_ADDR'];
... snip ...
>             header('Location: ' . $_SERVER['HTTP_REFERER']);
... snip ...

Ouch.  Security vulnerability.  You can not trust user input.  Unescaped 
user input must not be put directly into databases, HTML, shell execution 
commands or header calls (among other things).  Read 
http://phpsec.org/projects/guide/.


>    if ($HTTP_COOKIE_VARS['form']) {

When you want to access cookies, use $_COOKIE.  That may be the reason 
you're loosing data.  But as mentioned before, you should put this in the 
session.


> So i understand that session error shows which required field was not
> entered by the user... but, what happens to the session vars with the
> form data?

It's not in the session.  It's in a cookie.

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409