0

I have read multiple posts on this on here, but none seem to do the trick, maybe i am just misunderstanding as i new to this. I have a form that inserts into a database and then echo's out the data, perfectly!, my problem is because the form is on a users accounts page, when you logout all the information disappears. I am aware that i will have to save my $_POST variables into a $_SESSION.

But even when saved into a session, the data echo'd out still disappears once logged out, when logging back in. What is the correct way to save a$_POST into a $_SESSION.

I am currently using :

// Save $_POST to $_SESSION
$_SESSION['fname'] = $_POST;

Is there a better way here is my code:

HTML

      <section class="container">
    <form id="myform " class="Form" method="post" action="Cus_Account.php?c_id=<?php echo $c_id ?>" accept-charset="utf-8">

        <!--                    <div id="first">-->
        <input type="text" id="fname" name="fname" value="<?php echo isset($_POST['fname']) ? $_POST['fname'] : '';?>" required> 
        <input type="text" id="lname" name="lname" value="<?php echo isset($_POST['lname']) ? $_POST['lname'] : '';?>" required>
        <input type="text" id="email" name="email" value="<?php echo $_SESSION['Cus_Email']; ?>" required>
        <input type="number" id="phone" name="phone"  value="<?php echo isset($_POST['phone']) ? $_POST['phone'] : '';?>"required>
        <input type="submit" name="Update" value="Update">
        <br>
    </form>

PHP

  <?php
if (isset($_POST['Update'])) {
$c_fname = $_POST['fname'];
$c_lname = $_POST['lname'];
$c_email = $_POST['email'];
$c_phone = $_POST['phone'];

// Save $_POST to $_SESSION
$_SESSION['fname'] = $_POST;
//query

$insert_det = "INSERT INTO Cus_acc_details(CUS_Fname,CUS_Lname,Cus_Email,CUS_Phone) VALUES (?,?,?,?)";
$stmt = mysqli_prepare($dbc, $insert_det);
//new
// $stmt = mysqli_prepare($dbc, $insert_c);
//debugging
//$stmt = mysqli_prepare($dbc, $insert_c)  or die(mysqli_error($dbc));

mysqli_stmt_bind_param($stmt, 'sssi', $c_fname, $c_lname, $c_email, $c_phone);

/* execute query */
$r = mysqli_stmt_execute($stmt);

// if inserted echo the following messges
if ($r) {
    echo "<script> alert('registration sucessful')</script>";
}
} else {
echo "<b>Oops! Your passwords do not </b>";
}
?>

The $_SESSION['Cus_Email'] in the form is from another query. Any help or suggestions would be much appreciated.

Improve this question
12
  • 1
    Possible duplicate of Session variables not working php Commented Mar 23, 2016 at 15:24
  • Not sure of your question but maybe make a session value for each field $_SESSION['fname'] = $_POST['fname']; Commented Mar 23, 2016 at 15:24
  • Or just $_SESSION = $_POST; but probaly $_SESSION['post'] = $_POST; then just echo $_SESSION['post']['fname']; etc... Commented Mar 23, 2016 at 15:31
  • @chris85 i am trialling different methods on one variable, as it is not even working for fname at the moment. I am trying to save $_POST into $_SESSION but i am failing terribly Commented Mar 23, 2016 at 15:34
  • have you tried session_start();? Commented Mar 23, 2016 at 15:37

1 Answer 1

Reset to default
1

$_POST data should only be stored as a session variable temporarily. For example, if your user makes an error:

form.php

<?php
  // This function should go in a config file, to escape data:
  function html($str){
    return htmlspecialchars($str, ENT_QUOTES);
  }

  $data   = $_SESSION['form']['data'];
  $errors = $_SESSION['form']['errors'];
?>
<form method="post" action="action.php">

  <input type="text" name="fname" value="<?=html($data['fname'])?>" placeholder="First name">
  <?php if(isset($errors['fname'])): ?>
    <p>ERROR: <?=html($errors['fname'])?></p>
  <?php endif; ?>

  <input type="text" name="lname" value="<?=html($data['lname'])?>" placeholder="Last name">

  <button type="submit">Go</button>

</form>
<?php
  unset($_SESSION['form']); // You don't want to keep this data any longer.

action.php

<?php
  $data = $_POST;

  // Validate the data, for example:
  if($data['fname'] == ''){
    $errors['fname'] = "First name is required.";
  }

  if(!empty($errors)){
    unset($data['password']); // Do not store passwords in session variables.
    $_SESSION['form']['data']   = $data;
    $_SESSION['form']['errors'] = $errors;
    header("Location: form.php");
    die;
  }
  // Put your database inserts here (no errors)

You should store things like first name, surname, etc, inside your database. Don't store these in $_SESSION other than in the example above.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

the information is in the database. but i just want the info to also show on the accounts page when loaded
@jerneva In the form, you mean?
hi. I have sorted it. Used a select query instead and saved the variables into a session
@jerneva The only thing you should be saving in the session is the user ID. If you are using sessions in this way, you are doing something wrong.
Store only $_SESSION['user_id'] then use this to get the user data from the database. Have the select query return an associative array. Name the array $user, then use $user['fname'] etc
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.