hopefully quick question

[insanity381]

is there any quick way i could send the POST values sent to one page to the next page. if it was simpler, i wouldn't care about sending all of them (the array), just specific ones (username, password). all i really want to know is how to send them, like, through HTTP or something so they arrive on the next page.please don't suggest i use sessions or cookies ; i'm a simple guy, and cookies aren't working!

[Little Goat]

well, you would have to do this everywhere you wanted a link, and it wouldn't work if javascript was turned off, but here:

<form name="whereveryouwanttolinkto" action="whereveryouwanttolinkto.php"><input type="hidden" value="<?php echo $_POST['var1']; ?>"  name="var1" />(repeat for each variable)<a href="javascript:document.whereveryouwanttolinkto.submit()">next page</a></form>

but you really shouldn't use it.

[justsomeguy]

Use sessions. Sessions are simple, and you're a simple guy, so you'll get along well.session_start();$_SESSION['user'] = $username;That's pretty simple.

[Little Goat]

yea, that works, but he said not to suggest sessions.

[dcole.ath.cx]

you can store data in the URL /file.php?data=something or other

[justsomeguy]

If he wants to pass arbitrary POST data to another page, including arrays or binary data, he's going to want to keep it in the session. It's the easiest way in my opinion, you don't have to manage any files and you don't have to worry about URL-encoding or validating any data.

[aleksanteri]

If he wants to pass arbitrary POST data to another page, including arrays or binary data, he's going to want to keep it in the session.  It's the easiest way in my opinion, you don't have to manage any files and you don't have to worry about URL-encoding or validating any data.

<{POST_SNAPBACK}>

I agree, sessions are a good thing in PHP, I didn't just know there is a special variable like _SESSION["var"]. I was registering ALL my variables when I was testing a login script! (actually I had only two of them, one for username and one for password)Usernames and passwords in a login script needs to go with "POST" for security reasons. I remember one page with a login script with "GET". Were they mad? I logged in one time and came never back.

[skym]

It doesn't really matter if they used $_GET or $_POST for login, the input must be filtered in any way ($_COOKIE too). So if they used $_GET for login and they filtered it, then there should be no problem.

[insanity381]

Okay, thanks for the replies. I have looked at sessions, and I might use them if they're that decent, but I don't get how I'd autamatically destroy them if you hadn't gone onto a page on that website for, say, an hour. How would I autamatically call session_destroy;, basically?

[justsomeguy]

Sessions will automatically expire. You can explicitly call session_destroy if you want to end the session immediately (like if they log out). I found this on the comments page for session_cache_expire on php.net:

The garbage collector controls the session data and destroys sessions which are older then 1440 seconds (24 minutes) by default.So to keep a session alive longer then 24 minutes (for example when a visitor tries to POST a huge message that took him 1 hour to type), you must modify the session.gc_maxlifetime thru ini_set()