ChaCol ChaCol - 22 days ago 5
PHP Question

How to keep session variables between pages with forms?

I'm writing a program that has 3 pages.

On page 1 there is an option for the user to select a quantity of a breakfast product he wants to purchase. After selecting a quantity the user hits the submit button, if the user is not registered, it will take him to Page 2 for him to register. If the user is registered, it will direct them to Page 3.

However, if the user goes to Page 2 first and does not have a quantity selected from Page 1 it will redirect him to Page 1 after he registers and press submit, and then once they select a quantity and hit submit on Page 1 it will go to Page 3.

I'm struggling to maintain my session variables between the pages because two of them have forms that get overwritten if the user ever goes back to that page.

Page 1:

<?php
session_start();
$_SESSION['name']= $_POST['name'];
$_SESSION['email']= $_POST['email'];
$platter_quantity = $_SESSION['platter_quantity'];
$yogurt_quantity = $_SESSION['yogurt_quantity'];
$waffles_quantity = $_SESSION['waffles_quantity'];
?>

<!DOCTYPE html>
<head>
<title>Product Page</title>
<link rel="stylesheet" type"text/css" href="settings.css">
</head>
<html>
<body>

<ul>
<li><a class="active" href="product.php">Product</a></li>
<li><a href="registration.php">Registration</a></li>
<li><a href="invoice.php">Invoice</a></li>
<li style="float:right"><a href="registration.php">Login</a></li>
</ul>

<?php
$action = '';
if (!empty($_SESSION['name']) or !empty($_SESSION['email'])) {
$action = "invoice.php";
}
else {
$action = "registration.php";
}
?>

<form action="<?php echo $action; ?>" method="post">
<div class="container">
<img src="images/platter.jpg" alt="Breakfast Platter" style="float: left; width: 400px; height: 300px;";>
<h1>Breakfast Platter</p>
<p>The breakfast platter option comes with two fried eggs, four pancakes, and a bunch of bacon.</p>
Quantity: <input type="number" name="platter_quantity" min="0">
<p value="10.99" name="platter_price">Price: $10.99</p>
</div>

<div class="container">
<img src="images/yogurt.jpg" alt="Yogurt Parfait" style="float: left; width: 400px; height: 300px;">
<h1>Yogurt Parfait</p>
<p>The yogurt parfait option comes with two cups of yogurt, oats, and a mixture of berries.</p>
Quantity: <input type="number" name="yogurt_quantity" min="0">
<p value="6.99" name="yogurt_price">Price: $6.99</p>
</div>

<div class="container">
<img src="images/waffles.jpg" alt="Waffles" style="float: left; width: 400px; height: 300px;";>
<h1>Waffles</p>
<p>The waffles option comes with two buttermilk waffles with butter and syrup.</p>
Quantity: <input type="number" name="waffles_quantity" min="0">
<p value="$4.99" name="waffles_price">Price: $4.99</p>
</div>

<br>
<button class="button" type="submit" name="submit">Submit</button>
</form>

</body>
</html>


Page 2:

<?php
session_start();
$name = $_SESSION['name'];
$email = $_SESSION['email'];
$_SESSION['platter_quantity'] = $_POST['platter_quantity'];
$_SESSION['yogurt_quantity'] = $_POST['yogurt_quantity'];
$_SESSION['waffles_quantity'] = $_POST['waffles_quantity'];
?>

<!DOCTYPE html>
<head>
<title>Registration Page</title>
<link rel="stylesheet" type"text/css" href="settings.css">
</head>
<html>
<body>

<ul>
<li><a href="product.php">Product</a></li>
<li><a class="active" href="registration.php">Registration</a></li>
<li><a href="invoice.php">Invoice</a></li>
<li style="float:right"><a href="registration.php">Login</a></li>
</ul>
<br>

<?php
$action = '';
if (!empty($_SESSION['platter_quantity']) or !empty($_SESSION['yogurt_quantity']) or !empty($_SESSION['waffles_quantity'])) {
$action = "invoice.php";
}
else {
$action = "product.php";
}
?>

<form action="<?php echo $action; ?>" method="post">
Name: <input type="text" name="name" pattern="[A-Za-z]" required><br><br>
E-mail: <input type="text" name="email" pattern="/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/" required><br><br>
<input type="submit">
</form>
<br>
<?php
print_r($_SESSION);
echo "<br>Platter: " . $_SESSION["platter_quantity"] . "<br>";
echo "Yogurt: " . $_SESSION["yogurt_quantity"] . "<br>";
echo "Waffles: " . $_SESSION["waffles_quantity"];
?>
</body>
</html>


Page 3:

<?php
session_start();
$name = $_SESSION['name'];
$email = $_SESSION['email'];
$platter_quantity = $_SESSION['platter_quantity'];
$yogurt_quantity = $_SESSION['yogurt_quantity'];
$waffles_quantity = $_SESSION['waffles_quantity'];
?>

<!DOCTYPE html>
<head>
<title>Invoice Page</title>
<link rel="stylesheet" type"text/css" href="settings.css">
</head>
<html>
<body>

<ul>
<li><a href="product.php">Product</a></li>
<li><a href="registration.php">Registration</a></li>
<li><a class="active" href="invoice.php">Invoice</a></li>
<li style="float:right"><a href="registration.php">Login</a></li>
</ul>

<h1>Hi! Welcome <?php echo $_SESSION['name']; ?>! </h1>
<?php
print_r($_SESSION);
echo "<br>Platter: " . $platter_quantity . "<br>";
echo "Yogurt: " . $yogurt_quantity . "<br>";
echo "Waffles: " . $waffles_quantity;
?>
</body>
</html>


What's the best way for me to implement this using session variables without using a database?

I tried doing this as well, but it did not seem to work:

<?php
session_start();
if (empty($_SESSION['name']) or empty($_SESSION['email'])) {
$_SESSION['name'] = $POST_['name'];
$_SESSION['email'] = $POST_['email'];
}
else {
$name = $_SESSION['name'];
$name = $_SESSION['email'];
}

if (empty($_SESSION['platter_quantity']) or empty($_SESSION['yogurt_quantity']) or ($_SESSION['waffles_quantity'])) {
$_SESSION['platter_quantity'] = $POST_['platter_quantity'];
$_SESSION['yogurt_quantity'] = $POST_['yogurt_quantity'];
$_SESSION['waffles_quantity'] = $POST_['waffles_quantity'];
}
else {
$platter_quantity = $_SESSION['platter_quantity'];
$yogurt_quantity = $_SESSION['yogurt_quantity'];
$waffles_quantity = $_SESSION['waffles_quantity'];
}
?>

Answer

You never insert $_POST or $_GET without first checking if they're set isset($_POST['variable']), and you can use checks here as well - do a check for the existence of $_POST-variables, and if they exist, use them, and if not, assign the $_SESSION-variables. So on page 3, you will have something like:

$name = $_SESSION['name'] = ((isset($_POST['name']) && !empty($_POST['name'])) ? $_POST['name'] : ((isset($_SESSION['name']) ? $_SESSION['name'] : '')));

And so on for the other variables. What this does is checks for $_POST, and if it's set, it updates the $_SESSION-variable, and if it's not set, it just updates the $_SESSION-variable with the already existing $_SESSION-variable, and if that doesn't exist either, it sets both variables $name and $_SESSION['name'] to empty, which you then can check for later in the script (and redirect etc.)