No matter how the user gets from one page to the next, you may need information from the first page to be available on the next page.
Adding information to the URL
A simple way to move any information from one page to the next is to add the information to the URL you’re linking to. To do so, you put the information in the following format:
variable=value
In this case, the variable is a variable name, but you do not use a dollar sign ($) in it. The value is the value to be stored in the variable. You can add the variable=value pairs anywhere you use a URL. You signal the start of the information with a question mark (?). The following statements are all valid ways of passing information in the URL:
<a href="nextpage.php?age=14">go to next page</a>
header("Location: nextpage.php?age=14");
<form action="nextpage.php?age=14" method="POST">
These examples all send the variable $age with the value 14 assigned to it. The variable/value pair is sent to nextpage.php by adding the pair to the end of the URL.
You can add several variable=value pairs, separating each pair with an ampersand (&) as follows:
<form action="nextpage.php?state=CA&city=Mall" method="POST">
Any information passed into a URL is available in the built-in array $_GET. In the preceding example, the script nextpage.php could use the following statements to display the information passed to it:
echo “{$_GET['city']}, {$_GET['state']};
The output is as follows:
Mall, CA
The information is also available in the built-in array $_REQUEST. You can use the following statements to get the same result:
echo “{$_REQUEST['city']}, {$_REQUEST['state']};
Passing information in the URL is easy, especially for small amounts of information. However, this method has some disadvantages, including some important security issues. Here are some reasons you may not want to pass information in the URL:
- The whole world can see it. The URL is shown in the address line of the browser, which means that the information you attach to the URL is also shown. If the information needs to be secure, you don’t want it shown so publicly. For example, if you’re moving a password from one page to the next, you probably don’t want to pass it in the URL.
- A user can send information in the URL, just as easily as you can. For example, suppose that after a user logs into your restricted Web site, you add auth=yes to the URL. On each Web page, you check to see if $_GET [‘auth’] = yes. If so, you let the user see the Web page. However, any user can type http://www.yoursite.com/page.php?auth=yes into his browser and be allowed to enter without logging in.
- The user can bookmark the URL. You may not want your users to save the information you add to the URL.
- The length of the URL is limited. The limit differs for various browsers and browser versions, but a limit always exists. Therefore, if you’re passing a lot of information, the URL may not have room for it.
Passing information using HTML forms
The most common way to pass information from one page to another is by using HTML forms. An HTML form is displayed with a submit button. When the user clicks the submit button, the information in the form fields is passed to the script included in the form tag. The general format is as follows:
<form action="processform.php" method="POST"> tags for one or more fields <input type="submit" value="string"> </form>
The most common use of a form is to collect information from users and pass it to the next page. However, forms can also be used to pass other types of information.
Hidden fields are fields in forms that send information to the next page without appearing in the form on the Web page. Hidden fields can be included in the form along with other types of fields, or can be the only type of field in the form. When the user clicks the submit button, the information in the hidden field is sent to the next page. For example, the following statements pass the user’s account type to the next page when the user clicks a button that says Next Page:
<?php $acct = "admin"; echo "<form action=’nextpage.php’ method=’POST’> <input type=’hidden’ name=’acct’ value=’$acct’> <input type=’submit’ value=’Next Page’> </form>n"; ?>
The Web page shows a submit button that says Next Page, but it doesn’t ask the user for any information. When the user clicks the button, nextpage.php runs, and the account type is available in $_POST[‘acct’]. In this way, you can pass information that you need to use other places in the Web site from page to page. In this example, you could use this code as part of a script that displays some products. When the user clicks the Next Page button, the account type is sent to the new page for use in that script.
Using PHP sessions
A session is the time that a user spends at your Web site. Users may view many Web pages between the time they enter your site and leave it. Often you want information to be available for a complete session.
Understanding how PHP sessions work
PHP allows you to set up a session and store session variables. After you create a session, the session variables are available for your use on any other Web page. To make session information available, PHP does the following:
1. PHP assigns a session ID number.
The number is a really long nonsense number that is unique for the user and that no one could possibly guess. The session ID is stored in a PHP system variable named PHPSESSID.
2. PHP stores the variables that you want saved for the session in a file on the server.
The file is named with the session ID number. It’s stored in a directory specified by session.save_path in the php.ini file. The session directory must exist before session files can be saved in it.
3. PHP passes the session ID number to every page.
If the user has cookies turned on, PHP passes the session ID by using cookies. If the user has cookies turned off, PHP behavior depends on whether trans-sid is turned on in php.ini.
4. PHP gets the variables from the session file for each new session page.
Whenever a user opens a new page that is part of the session, PHP gets the variables from the file by using the session ID number that was passed from the previous page. The variables are available in the $_SESSION array.
Opening sessions
You should open a session at the beginning of each Web page. Open the session with the session_start function, as follows:
session_start();
The function first checks for an existing session ID number. If it finds one, it sets up the session variables. If it doesn’t find one, it starts a new session by creating a new session ID number.
Because sessions use cookies, if the user has them turned on, session_start is subject to the same limitation as cookies. That is, to avoid an error, the session_start function must be called before any output is sent.
Using PHP session variables
To save a variable in a session so that it’s available on later Web pages, store the value in the $_SESSION array, as follows:
$_SESSION['varname'] ="John Smith";
When you open a session on any subsequent Web page, the values stored in the $_SESSION array are available.
Watch out though!
Some online servers (eg. hostgator), set the register_globals as true in their php.ini. This means that we can access the environment variables using it's variable name. In our example:
$varname ="John Smith";