php vars between pages

[Flamin_Squirrel]

At the risk of seeming rather dense, i cant seem to work out how to pass vars between different pages. Ive tried searching for how to globalise vars, but this always seems to be in reference to different functions.

 

[Jonty]

Hi Flamin_Squirrel

You really have three options when it comes to passing variables between pages . . .

1. Use the GET method - This method appends the end of the page address with a query string; e.g.

   target.php?string=Hello&string2=Testing

   The above code would create a variable named 'string' with a value of 'Hello' and a second variable named 'string2' with a value of 'Testing'. These values are then retrieved by the target page, target.php, by using the PHP $_GET["VariableName"]; method.
   
2. Use the POST method - Similar to above, except the information is sent 'invisibly' via the POST method. Usually this is done via via a hidden form element, e.g.

   <form action="target.php" method="post">
     <input name="string" type="hidden" value="Hello" />
   </form>"

   Any form field, hidden or not, could in theory be used; the name attribute becoming the variable name, and the value attribute becoming the value. These values are then retrieved by the target page, target.php, by using the PHP $_POST["VariableName"]; method.
   
3. Use cookies - This method simply stores the variables in a cookie, which can then be retrieved later on. This tends to be a little more risky than the above two, though, as the user may block cookies from your site, or they may expire or be wiped before returning etc.

There are other ways, but these three are arguably the simplest solutions for passing variables from one page to the next. The examples given are only very brief, and probably quite unclear, so just say if you need any further information.

Kind Regards

 

[Flamin_Squirrel]

hurrah, after playing around for a while i managed to get it working. thanks again for taking time to explain things jonty.

however, is there a way to make a var available to several pages?

cheers

 

[Jonty]

Well done, Flamin_Squirrel With regards your question, I don't believe there is a simple PHP function or method which allows a variable to span several pages at once. The only way I can think of is by using cookies (notwithstanding the dangers outlined above), or by 'daisy chaining' the variable from one page to the next (e.g. page one creates the variable, passes it to page two regardless of whether it's needed, which passes it to page three etc.). Sorry I can't be of more assistance.

Kind Regards

 

[TheJkWhoSaysNi]

If you use the include() function you can use variables across pages but obviously you'll get the entire page and any content on it. The easiest (in my opinion anyway) is using the URL.

I'm also pretty sure you dont need to put $_GET["VariableName"]; i'm sure by using the URL you can just use $variablename (Unless you're using it in a function iirc).

 

[Jonty]

Hi TheJkWhoSaysNi

Good point about the include() method

With regards your point about the way in which you retrieve query string variables, I didn't know that, rather cool However, if the server has register globals turned off, which since PHP version 4.2.0 is the default setting for security reasons, then I believe you have to use the $_GET["VariableName"]; method in order to prevent any errors from occuring. I'm not 100% sure, though, but it is good practice, even if your way is a lot easier, hehe

Kind Regards

 

[(Shovel)]

Indeed, all current releases have automagic parsing of variables switched off. I discovered this when running it on my own machine, while my webhost is running with it enabled.

The security issue at hand, is that if you have a simple admin mode enabled by a cookie say, setting $authorised to "true", then someone could get around it by inputting:

yourpage.php?authorised=true&whatever=else

If you keep careful track of your variables, and ensure that you set important branching variables no matter what - e.g. don't assume "false", always set it, then the main security threat can be cicumvented.

Having said that, there are less obvious exploits for the method that depend entirely on how you program your code. If you use a specific Query String to trigger off a page method, manipulating the QS could theoretically allow someone to fire off a method in the wrong place. On secure systems, this can understandably compromise the security.