use SESSION variable?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

If ever a newbie wants to know how much he has to learn yet, he only has
to look here<g>!!  ANYway:

PHP 5.2.5; XP Pro SP2+, local Apache Server

My actual question is:  How do I get a POST variable into a session
variable so I can use it in any other page I want to use it in?
   Apparently posted variables are only available in the Form page in
the file called by Action=, right?  But I'd like to use it in other

By way of example, if this makes any sense:

I have a form.php that posts data to a-file.php.  I would also like to
use that same var dat in files other than a-file.php though.
   Since however it's only available to a-file.php because that's where
the form's  action= sends it, I logically then cannot get the same
variable for z-file.php, right?

So the logical way to get it accessible for other files then would be to
put it into a session variable, right?  HOW the heck do I do that???

In this particular case, to keep it simple, I've been using "age" for
the variable.  I want to 'input' "age" in 1.php, and use it in both
2.php and 3.php.
In 1.php I have:
   $_SESSION['age'] = $age;
<form method="post" action="2.php"
<input type="text" name="age"
<input type="Submit" value="Continue">
Runs OK.  Say the entered age was "66".

In 2.php I have:
   session_start();        //  needed or $age fails completely.
   $age = $_POST['age'];
echo '$age is ' . $age;
echo '<br>$POST is ' . $_POST['age'];
echo '<br>session age is ' . $_SESSION['age'];
echo "<br><br><HR>";
<a href="3.php">Go to 3.php and run same code</a>
$age is 66
$POST is 66
session age is

Go to 3.php and run same code

And throws this warning:

Warning: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session
extension does not consider global variables as a source of data, unless
register_globals is enabled. You can disable this functionality and this
warning by setting session.bug_compat_42 or session.bug_compat_warn to
off, respectively. in Unknown on line 0

I prefer not to mod the .ini; I'd rather know the WHY.
and in 3.php I Have:
   $age = $_SESSION['age'];
echo '$age is ' . $age;
echo '<br>$POST is ' . $_POST['age'];
echo '<br>session age is ' . $_SESSION['age'];
Clicking the link in 2.php results in this output:
$age is 66
$POST is
session age is 66
  BUT there seems to be NO WAY I can find to get "age" properly into a
session variable in 2.php.
The code here is the closest I can come to getting it working; which
isn't very desirable, especially considering the warning, which is new
to me and no amount of research seems to explain it well to me so I can
understand WHY it throws that error.

It's doing approximately what I want, but ... it doesn't feel right, and
I can't do anything to get rid of that Warning and still keep the code
working.  Thus, I think I need to get 2.php working correctly.
   Any and all relevant comments much appreciated by this newbie,


Re: use SESSION variable?

Twayne wrote:
Quoted text here. Click to load it

You never set $_SESSION['age'].  You need something like:

$_SESSION['age'] = $_POST['age'];

Of course, like any user data, you should validate/sanitize it before
using it.  The most logical place is before you put in the $_SESSION

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: use SESSION variable?

Quoted text here. Click to load it

There are several ways to do this.  A $_SESSION variable is one way, and in
many cases that's the most convenient.  However, if you have a bunch of
pages with <form>s that succeed one another, it's also possible to pass
this kind of information as <input type=hidden> variables without the
overhead of a session.
Tim Roberts,
Providenza & Boekelheide, Inc.

Re: use SESSION variable?

Tim Roberts wrote:
Quoted text here. Click to load it

To expand in what Tim wrote, here is what you would do in 2.php

<input type="hidden" value="<?php print $_POST['age']; ?>" >

to get the value from 1.php.  Then in 3.php you would be able to get it
from the $_POST['age'] coming from 2.php.

I prefer using a session variable for situations where I need it on
multiple pages because then I don't have to worry about the exact order
of the pages.

Re: use SESSION variable?


Quoted text here. Click to load it

Such improper use of form values is one of the main reasons for XSS
attacks. You almost always want to use htmlspecialchars() before the


Re: use SESSION variable?

.oO(Tim Roberts)

Quoted text here. Click to load it

Bad idea. Sessions are made for this. It's the hidden fields that cause
the real overhead on the network and the server:

* The same data has to be transferred back and forth between the server
  and the client multiple times, wasting bandwidth.
* You have to re-validate the same data over and over again on every
  single form submission, because even hidden fields can be manipulated.

With a session you do it all just once: you receive the data, validate
it, store it in the session and that's it. The overhead caused by the
session handler is not really an issue.


Resolved Re: use SESSION variable?

Quoted text here. Click to load it

Hmm, recommended or not, that was at least educational.  The validation
issue is what convinced me, I think.

  I finally got my head around sessions and they aren't so confusing
now.  Funny how these danged newfangled machines only do what you tell
them to do, not what you meant to do!!  :-)

Thanks to all,


Site Timeline