View Full Version : sending variable across pages

01-04-2008, 01:52 AM
hi ,

currently i am changing the credit card payment process for my company.

In the old code there are 6-7 hidden variables which are across 4 checkout pages

Now these hidden variables are being passed across the pages untill the payment has been made.

Now is there any easy way to get those variables where needed by using sessions or any other method

on every pages there is array like below

$hidden[] = "<input name=\"amt\" type=\"hidden\" value=\"{$amt}\"/>\n";
$hidden[] = "<input name=\"f\" type=\"hidden\" value=\"CONFIRM\"/>\n";
$hidden[] = "<input name=\"userid\" type=\"hidden\" value=\"$userid\"/>\n";

which is passed again and again across pages.

Any other idea to make the process simple

01-04-2008, 01:59 AM
Sessions would be easiest. Store the data in the session when it is retrieved and then access the session on any page that you need to retrieve the data again.

01-04-2008, 02:12 AM
i have four pages 1,2,3,4

It means i can put variables (from previous page) in session on page 1 e.g

$_SESSION['userid'] = $_REQUEST['userid'];
$_SESSION['amount'] = $_REQUEST['amt'];

on page 2 i can access like

Amount: $_SESSION['amount'];

so i can go to page 3,4,5 and no need to declare anything on those pages , just use it
and if i want anything extra i can put

$_SESSION['new'] = $id;

and on final page i can access all previous variables.

Is this correct, because this is the payment process and i need to amke sure everything works fine

01-04-2008, 02:17 AM

Add some debug code and print out those vars to make sure they are correct on the final processing page.

01-04-2008, 04:32 AM
Is it safe to put creditcard no and details in session variables?

01-04-2008, 07:13 AM
No, you should never store a user's credit card details. Especially if your site is on a shared server.

01-07-2008, 12:13 AM
I am not storing Credit card information in the database but can i store CC information in session variables so that i can process across pages rather than storing in hidden variables and then POST THEM?

01-07-2008, 12:15 AM

01-07-2008, 12:39 AM
the contents of $_SESSION get written to disk (with the default settings at least, this will be what's happening unless you've explicitly changed it yourself...) and on a shared server this can potentially be read by any other user of the server. On a dedicated server it's still not the best idea, better is to make the card details the very last step, such that there is no need to store them, they can passed straight off to the gateway.

01-07-2008, 01:40 AM
thanks for your help , i will keep these things in mind