register_globals

On the most server, you can have a " .htaccess " file on your application directory, where could be set the register_global directive to on, simply by inserting line like this:
php_flag register_globals on
Sometimes it cannot be allowed at all. But if it is possible, you can use simplified form of accessing (not only) form variables, see the older version of this page. The difference is - only on some places - marked by use of the red color.

Application data transfer

Sometimes it is required to transfer the data received from the user to the consequent forms, but we don't like to write them to a database table. There are more methods, how to solve it:

Input field with type="hidden"

Most frequent problem of students' applications in this course is to pass the login information between forms. The only correct solution would be to use the https access, but it is not possible on the servers we are using. For this reason, we will introduce a solution, how to send a data to next form by using hidden input fields. The disadvantage is, that the user can see a password, if he/she try to show page source code, but the most typical solution with a use of the cookies will have the same result.

It has to be stated, that this solution is not secure, and cannot be used in serious applications (in a real application, you will need to use .htaccess file and require the https data access, with users registered on the server).

The next three forms show, how it works: The first page allows to insert a login name and a password, the second allows to insert some two other parameters, and the last displays everything. Only the second one will check a password, but not using database, it is fixed here.

The first page is a standard html page. By the way, if you like to keep it working, name it form1.htm, because this name is written in the second file. You can try a similar program on tem.wz.cz/form1.htm:

<html>

<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1250">
<title>Direct data transfer...1</title>
</head>

<body bgcolor="#FFFFFF">

<p><font size="4"><strong>Please, log in using help:</strong></font></p>

<form action="form2.php" method="post">
    <p>Your login name : <input type="text" size="20"
    name="name1"> scott<br>
    Your password: <input type="text" size="20" name="value1">
    tiger<br>
    <input type="submit" name="send_it" value="Send"></p>
</form>

<p><sub>version from 31.3.2010</sub> </p>
</body>
</html>

The next page will generate a form with the hidden input fields:

<html>

<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1250">
<title>Direct data transfer...2</title></head>

<body bgcolor="#FFFFFF">

<?php
if (($_POST["send_it"]=="Send")and($_POST["name1"]=="scott")and($_POST["value1"]=="tiger")):
?>

<p><font size="4"><strong>Now you can insert any other parameters :</strong></font></p>

<form action="form3.php" method="post">
    <p>Insert the first word : <input type="text" size="20" name="name2"><br>
    Insert the second word : <input type="text" size="20" name="value2">
    <br>


<?php
echo '<input type="hidden" name="name1" value="'.$_POST["name1"].'">';
echo '<input type="hidden" name="password" value="'.$_POST["value1"].'">';
?>
    <input type="submit" name="send" value="Send"></p>
</form>
<?php    //php can switch on/off parts of the html code
else: 
?>
Wrong login or password. <a href="form1.htm">Try again</a>.
<?php
endif; 
?>
<p><sub>version from 31.3.2010</sub> </p>
</body>
</html>

Beware of the correct apostrophe and a double quotation use - as a result, we have to join a strings use a "." symbol (dot).
Comment: The value, used for password, cannot contain any quotation or backslash symbol. Later we will show, how you can check it in time of a user registration, or if the password is to be changed.

The last script only shows the results, no check. We have already done it:

<html>

<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1250">
<meta name="GENERATOR" content="Microsoft FrontPage Express 2.0">
<title>Direct data transfer...3</title></head>

<body bgcolor="#FFFFFF">

<p><font size="4"><strong>List of inserted values:</strong></font></p>

<table border=1>
<?php
foreach($_POST as $n1 => $v1) {echo "<tr><td>".$n1."<td>".$v1; };
?>
</table>

<p><sub>version from 31.3.2010</sub> </p>
</body>
</html>

 

Cookies

More common method for data saving is a cookies. In this case, the data are saved on a client side. Typically, the saved variable can be user for all php scripts, executed from the same directory on the server. After executing of any php script, the cookie variable will be accessible in the $_COOKIE associative array. Function is defined as follows:

setcookie(name,value,time_to_destroy,directory,domain);

Only the first two parameters are obligatory. If you use zero value as a third, your cookie will be destroyed, when user will close an explorer window - if you insert a time, it would last up to this time. You can use current date and add for example 30 days, for example:

time()+60*60*24*30 

Time in the Unix system is in the seconds, counted from the beginning of the year 1970 (ten years before a MS starts count a date).

The next example will call itself (note name of the script: cookie1.php ), so it can be used for the cookie behavior testing. Try, that if you set a cookie, it will be visible for the next time, not for the form, which created a cookie:

<html>

<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1250">
<title>Cookie...</title>

</head>

<body bgcolor="#FFFFFF">

<?php
if ($_GET["send1"]=='Send') setcookie($_GET["name1"],$_GET["value1"],0) ;
?>

<p><font size="4"><strong>Actual cookies list:</strong></font></p>

<table border=1>
<?php
foreach($_COOKIE as $n1 => $v1) {echo "<tr><td>".$n1."<td>".$v1; };
?>
</table>

<p><font size="4"><strong>Insert a new values for a cookie:</strong></font></p>

<form action="cookie1.php" method="get">
Insert a name for a new cookie: <input name="name1" type="text">  
<br>  
Insert a value for a new cookie: <input name="value1" type="text">  
<br>  
<input name="send1" value="Send" type="submit"></form>  
<p>&nbsp;</p>
<sub>version from 25.3.2010</sub>
</body>
</html>

You can try similar program (again in the Czech version only) here. It always as the first write a complete list of cookies, then create the new one.

Session

Cookie don't need to be always allowed, so you can save variables on the server, using a "session". This should to be initialized:

session_start();

Then you can use an associative array $_SESSION , containing saved data, and it can be simply modified:

$_SESSION["color"] = "yellow";

We can show this by use:

echo $_SESSION["color"];

Because more people can use our script simultaneously, you should start the session with selecting an unique name. It is typically done by saving the initialization value to cookie (it will be solved automatically, if you don't use the next command), or you can set one:

session_name('alik');
session_start();

This should be on the beginning of every php script. Problem is, if two of users will initialize the session with the same value (they will got the same data). Note the name of the php script, mentioned inside (cookie2.php):

<html>

<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1250">
<title>Session</title>

</head>

<body bgcolor="#FFFFFF">

<?php
session_name('alik');
session_start();

if ($_GET["send1"]=='Send') $_SESSION[$_GET["name1"]] = $_GET["value1"];
?>

<p><font size="4"><strong>List of the session array:</strong></font></p>

<table border=1>
<?php
foreach($_SESSION as $n1 => $v1) {echo "<tr><td>".$n1."<td>".$v1; };
?>
</table>

<p><font size="4"><strong>Insert a new session variable:</strong></font></p>

<form action="cookie2.php" method="get">
The name: <input name="name1" type="text">  
<br>  
The value: <input name="value1" type="text">  
<br>  
<input name="send1" value="Send" type="submit"></form>  
<p>&nbsp;</p>
<sub>version from 31.3.2010</sub>
</body>
</html>

This script calls itself (reclusively). In my case, from unknown reason, the "foreach" cycle starts the list of the session associative array with an empty pair (without name and value), but it should not be problem for an ordinary use. You can try the Czech version here.

Conclusion

Session is independent on the client side and can be debugged to create a reliable solution. Cookie is a standard solution of this problem, and if there cookies are banned on the user computer, you can ask to allow them to work with your web pages. With cookies, the user can easily erase them, if he runs into problems.

EU solution

With a reading of the superglobal structures, Javascript variables and little AI, you can collect information about your users and save it on your server, for example for better focused advertisement. This is o.k. But if you use cookie in the EU, you are obligated to warn your users about it. It is strange, because in this case, you don't collect any information about them.

Simplest solution is just display a message (Javascript):

window.alert("This page uses cookies. Click OK to accept this, or leave the page.");

Or you can use some prefabricated solution (i have found TermsFeed, CookieConsent and ComplyDog).

Note: Anyone could just disable cookies in its browser. This makes this rule even more strange. Next picture has been caught from the FireFox. Remember it, when vote into EU parliament.