View Full Version : Passing variables to pages

01-26-2010, 05:56 PM
Hello All

I am new to this forum and new to php. I am trying to pass variables from page to page in order to maintain a state so I can use information users entered to interact with them and send email as appropriate. Look out for my comments in the code below that explains what I am trying to achieve.

At the moment my first hurdle is getting all the values from the form in one variable and then trimming and cleaning it as necessary but having no luck.

This the contact.shtml form:

// (1)
// Contact page (shtml): Users input their info and the form goes to validate.php script
// CheckAll() is a javascript function and it works ok.

include ("cleaner.php);
<form action="php/validate.php" method="POST" NAME="contact" onSubmit="return checkAll()">
// usual form structure follows here no typos, all is ok :-)

//Now cleaner.php looks like this:
function clean_it_out($formVarariables)
$formVarariables = trim($formVarariables);
$formVariables = htmlentities($formVariables);
$formVarariables = strip_tags($formVariables);
return $formVarariables;

This to validate the form server side and clean out htm codes:

// (2)
// Validate page: This is where I am having problems :-(
// I am trying to grab all the user inputs over 15 in the form input fields and put them in one variabe and then strip out the dangerous stuff.

for ($_POST as $variable_name => $value)
$formVariables[$variable_names} = clean_it_out ($value, 50);
extract ($_POST, XTR_PREFIX_ALL, '$formVariables');

// Validate rest of form inputs as normal here ...

// Then at the bottom of the valaidate.php page, output what visitor entered to next php page:
Header ("Location: output.php");

This is to output what the user entered and email the form to a desired email address:

// (3)
//In the output.php I use the print command to output everything neatly in a table for the
// user to see, then when user press send, it emails the user inputs depending on which
// country they selected in the contact.shtml page:
print "<table cellpadding=0 blah blah">";
print "<tr><td>Blah blab blah</td></tr>";
// and so the print commands goes on...

// Then depending on what country the user selected send an email to the correct email address:
if ($formVariables[Option"] == "USA")
echo "<form action=\"email_usa.php\" method=\"post\"> ";
if ($formVariables["Option"] == "Canada")
echo "<form action=\"email_can.php\" method=\"post\"> ";
if ($formVariables["Option"] == "UK")
echo "<form action=\"email_uk.php\" method=\"post\"> ";


while (list($Firstname, $value) = each($_POST))
echo "<input type=\"hidden\" value=\"$value\" Name=\"$Firstname\">\n";

//Havent reached the thank_you.php page yet to output a confirmation that email sent
// successfull. That's a simple html page I guesse

01-26-2010, 06:00 PM
I noticed this typo in my post above but their are no typo in the original codes. I have checked and double checked. I typed it manually here and I am a bit exhausted.
Throughout the entire code it should say $formVariables on every php script that uses it.

function clean_it_out($formVarariables)

01-26-2010, 06:05 PM
This line has an extra quote (remove it):
print "<table cellpadding=0 blah blah">";

Once you leave this script and go to "output.php",
// Then at the bottom of the valaidate.php page, output what visitor entered to next php page:
Header ("Location: output.php");
you lose the variables. You are not passing them on.

You could fix that by putting the validate and clean-up code in the same
script as "output.php", and not have them separate.

The whole thing about passing variables to other scripts ...
Most webhosts will disable "register_globals", as a security measure.
I'm assuming register_globals is disabled for you too, and it should be.
You'll have to pass them on via cookies, sessions, or combine the scripts
in such a way that you are not passing them on.

01-26-2010, 06:46 PM
Sorry I got logged out as my internet connection just died on me????
That typo you spotted is not in the original code again I am tired so I am typing a few mistakes lol.
Ok you said I am not passing the variable to the next php script. I thought the session start function would take care of that along with the glabal variables.

Should I use like this instead?

Header("Location: valinput.php?Firstname=$FirstName&Surname=$Surname");

As for global variable, you maybe right the host server may have disabled it. Is there another way of achieving this since I didn't want to pass all 15 values to every php page by listing them out example.

$first_name0 = $_POST['first_name0'];

$first_name1 = $_POST['first_name1'];

$first_name2 = $_POST['first_name2'];

$first_name3 = $_POST['first_name3'];

$first_name4 = $_POST['first_name4'];

01-26-2010, 07:50 PM
doing it your first way would be horrible since you'd have to sanitize your inputs every time a page load occured, otherwise i can inject things into your $_GET params for output.php.

in your first page where the user enters data, the very first line in the php file add "session_start();" then after sanitizing each input var do $_SESSION['first_name0'] = $first_name_clean;


in output.php add "session_start();" as the first line, and then u can reference each variable as $_SESSION['first_name0'] and you know it's already sanitized.

01-26-2010, 08:15 PM
I see...

I guess the long way it is then. I already have session_start() at the top of all my php pages that need to access the variables concerned.

Btw, the user input page is not a php page but an shtml page. I will change it to php and then do as you suggest.

in your first page where the user enters data, the very first line in the php file add "session_start();"

Thank you very much for your help and patience. I will report back later. :thumbsup:

01-29-2010, 12:38 AM
I have tried what you suggest but maybe I am missing something because now every field is telling me I need to input data in the correct format so it seems something is defaulting to that elseif statement of the code.

This is the error message my php script is outputting about ALL the form input boxes???

The First name field cannot be blank.
The Surname field cannot be blank.

Page 1 input from user:

$_SESSION['FirstName'] = $_POST['FirstName'];

// Forms inoput:
<td align="left"><b>First Name:</b></td>
<td><INPUT NAME="FirstName" TYPE="text" size=35,1 MAXLENGTH=100>&nbsp;&nbsp;&nbsp;<b>*</b><br><br></td>

Page 2 validate input:

$_SESSION['FirstName']= $FirstName;

// validate inputs:
if (empty($_SESSION['FirstName']))
$errorString .=
"\n<br><br><div align='center'>The <b>Name</b> field cannot be blank.</div>";
elseif (!eregi('^[A-Za-z]$', $FirstName))
$errorString .=
"\n<div align='center'><br><font class='small-red'>first name</font> field - Invalid Entry" .
"\n<br>Only letters are allowed in the <b>first name</b> field.</div>";