View Full Version : registration 4 part file escape question

09-09-2011, 11:14 PM
Hi my registration has three parts which means that it passes input from page 1 to page 2 then to page three. The 4th part is the process.

I ask because im having an issue with my text var value and i want to make sure this is not the problem.

lets say i have text1 that is input on page one of the registration.

i escape the post value.

then that value is passed as hidden inputs (no display) to the other pages until it gets to the process page where it is processed.

along the way i escape the post values as the data grows.

in other words

page one text1 i escape
i pass that to page2 and escape the post.
i pass that to page3 and escape the post.
i pass that to page 4 and escape the post.

by the time i get to page 4 i have about 30 or so dif var ready to be processed.

my question is if there is only one input on page 1 for text one and it is only being passed not displayed not edited along the way, do i need to escape the post with every pass? As long as its not touched it should be ok just escaping the first time right.

im having an issue with the final text being funky and i think it might have something to do with multiple escapes when i dont need to.


09-09-2011, 11:33 PM
You only need to escape the data when its going into the database.

Secondly you should never pass information back to the page as a hidden value - it can be changed by the user. Use sessions instead. If you prefer, save the data into the database and pass back the insert id as a hidden value instead so that you can reference the data in the DB.

09-10-2011, 12:14 AM
thanks tango, yeah i knew i had to do it before the insert but I was just trying to do it as i go lol, i will only do it once and see how it goes. ill just add all the escape to the last page before right before the actual insert.

just fyi it never gets passed back to the previous page it just gets passed hidden to the next page. and i got ya on the session deal.


09-10-2011, 12:41 AM
it just gets passed hidden to the next page.

I must recommend against this as those values can be altered by the user. You really must consider using sessions for short term storage or the DB for long term (EG where the user may close the window and come back later).