Pass Variables from One Page to Another -- PHP
Tutorial Outline :
- Passing PHP variables with $_POST
- Passing PHP variables in links with $_GET
- Passing PHP variables without POST or GET | $_SESSION
- Passing PHP variables arrays from one page to another
- Passing PHP COOKIE variables
Introduction - php Passing Variables between Pages
In this tutorial about passing php variables, you will learn how to access PHP variables from one page to another.
This tutorial will illustrate how to collect information with a form; send that information to another webpage; encode that information into links, use session data to track data across the the user's entire visit and place cookies on the user's machine to be used by a php script for tracking and passing data.SIDE NOTE
The fact that you have made it to this webpage means that you have probably started coding a php script, everything is looking great and you are ready to send your collected data to another page or script to do some more work on that data. If your experience is anything like my early php coding experiences with passing variables - your "hello world" program with the echo function does not really offer much instruction on passing data to another webpage. Quickly frustrated because everything I found online assumed that passing variables is something the reader should already know, I decided to create this website and and document new coding techiniques as I learned them. I hope this tutorial helps you learn php.
Get The PHP Manual
The php manual is an indispensable tool for a php developer. It gives examples of code and built-in functions that will help you grasp how php works. It can be found at php.net . For those running a Windows Operating system, it comes in an easy-to-use help program. You can download it here http://www.php.net/download-docs.php.
Passing $_POST to Another Page
Here is a simple example of how to pass a PHP variable from one page to another with the post method, and how to use the POST super global array to make your coding experiences more efficient and less time-consuming. We will start this lesson by creating php files.
- First create a file named passing-vars.php .
- Second create an HTML FORM on the passing-vars.php file to collect user data.
- Third you create a file named catching-vars.php and then write some php code in it to handle the variables.
Explanations and How To
If you are new to this stuff, the explanations in the following list should help explain things.
Creating php files --
Obviously if you are going to write php scripts you will need to know how to create php files.
The good news is that creating php documents is arguably the easiest part!
Simply open a text editor like notepad and save your file as YourFile.php
You can also do this for "HTML," "ASP," and "TXT" files.
However, with the exception of text files, to display correctly you must place them into a web-server directory and open them with a web-browser.
What is Hosting ?-- A hosting account is space on a web-server that your website files reside on that is provided by a 3rd party company for a price.
If you don't want to pay a 3rd party you can set up your own server. Doing it yourself will require a level of expertise that is beyond the scope of this tutorial.
I strongly suggest installing a local test http server on your personal computer. Apache is used in these examples. Apache is generally easy to learn, it's free, and it has been around since about as long as the Internet itself. In fact, you may want to look at Installing Apache and Installing PHPfor instructions on setting up apache and php on your local machine.
- FORM -- Forms are used to collect text data from Internet users. They are made up of text boxes and submit-buttons. Data collected with FORMS can vary greatly depending on website types.
Mrarrowhead.com for example has a FORM at the bottom of each page for collecting user feedback and comments about the website. When the Submit button is clicked, whatever text the user typed into the FORM'S input areas will be passed along to the web server which uses the value in the input box's -- name=variablename attribute to create global variables that live in the server as super-global-arrays, POST or GET. For now it is enough to know that those variables have a global scope, and are usually sent to the script that you have pointed your form to using the form tag's action="". The example form in this tutorial is pointing to a script called catching-var.php. catching-var.php will process the data passed to it from the by the form we place on "passing-var.php."
Copy the HTML below, paste it into a text editor and then save the file as "passing-var.php"
Look closely at the "FORM TAG." The server KNOWS, so-to-speak, to handle this data as "POST" because the method=POST attribute was set in the form. If this attribute is omitted or not set, it defaults to "GET"
When submitted, the address bar will not contain the familiar
This is because the POST method, contrary to GET does not pass variable information in the address bar.
Although, it is noteworthy to mention that both of these methods CAN be employed simultaneously providing added advantages such as hiding some of the information passed while leaving some in plain sight. From a development point of view, the ability to change-up the variable-names and values in the address-bar is much faster than recreating the forms that send the data while testing.
Copy the PHP code below and paste it into a text editor and then save the file as "catching-var.php."
Testing the Post Script
Open your web browser and navigate to passing-var.php. Insert some data into the form and submit it.
Now the catching-var.php script has access to the data sent over to it by the HTML FORM your created -- passing-vara.php . If all is working correctly, you should see the data that you entered in the output of catching-var.php.
That concludes the POST tutorial on learning how to pass variables from one page to another in php.
Next in line is the "GET "method. GET is teh DEFAULT methad used by HTML forms.
If you do not specify POST in your form's action attribute "action=post" then "GET" will be used.
Passing variables in php with $_GET
The "GET METHOD" allows you to see the variables along with the values stored in them in your web browser's address bar as they are passed to the another page. Additionally, paasing variables encoded into hyperlinks uses GET.
Let's Take a look at how this is done.
GET Anchor / Hyperlink Link Example
Get a Decent Text Editor
If you read the POST tutorial then you have already learned how to make php files with a text editor. If not, then need to go and get a good text editor. I suggest notepad++. It is chocked full of features for just about every kind of programming language you can think of; and the best thing about it is -- it is free. It will cost you nothing; not a dime! However, for those of you who can afford it, I strongly encourage you to make donations to the author of Notepad++ for giving us all such a great text editor. Also JUST FYI. I get nothing for promoting it. I plugged it because I honestly like it.
Now that you have a good text editor let's learn how to write php to handle variable sent with "GET."
First Complete the Following Steps:
- Create two .php files -- passing-var.php and catching-var.php.
- Place those files into a directory on your web server that is able to serve php scripts to the public.
- On Apache it is usually called htdocs
Passing php variables in HYPERLINKS - GET
Using GET for passing variables from one page to another page in PHP can be more versatile than using "POST", especially when dealing with dynamic variable data and user input. "GET" is the method utilized automatically when variables are coded into hyperlinks.
First - Coding variables into hyperlinks.
When you follow this link to "catching-var.php" :
These variables ----- > name=Shaun&Lname=Morgan
will be available to catching-var.php via the the $_GET super global array -- $_GET['name']&$_GET['Lname']
Now place the following code at the top of the php script page - catching-var.php
Second - How to Use GET Method With HTML FORMS
You actually see "GET" variables all the time while you are browsing the Internet. They are the cryptic-looking text after the Question Mark "?" behind the web addresses in your navigation bar. They are strings of text that represent variable names and data that is paired up and then passed to another page for processing by a web script or some other programming language.
After testing the catching-var.php file, lets go back and do something a little different. Instead of just accessing the GET variable lets do something useful with it. Next we will code the data that was sent into yet another URL to be passed on to yet another page etcetera.
The resulting link would be:
You can also pass variables in the "action" attribute of the form tag like this:
Keep in mind that passing php variables in hyperlinks only works if the user clicks on the links.
Security Concerning the GET Method
The "get method" passes data in the URI. If you look at your web browser's address bar after submitting a "get method" form, you will notice that you can view all variables and values pairs that were written into the page's HTML forms and links. They can also be modified and resubmitted by the user which can make GET data insecure by itself.
Malicious input can be added to GET values in the web browser in an attempt to launch an injection attack against a web server. People who perpetrate injection attacks attempt to cause harm to remote machines by sending servers parameters often encoded into a web browser's address bar. PHP programmers should always watch out for this kind of attack and be proactive about stopping attackers before they compromise their websites.
Basic Security Tips
- Use Functions likestriptags() to keep attackers from injecting unwanted HTML and other code into your web site. The striptags() php function removes HTML and other scripting tags from the content it processes.
- fgetss( ) -- Does same as str_replace
- Write code that tracks number of times a web attacker attempts submit a form. Throw an error and write soem code to deal with it when it is attempted toom any times
POST is slightly more secure than GET because a the variable values you are sending are not visible.
Example Passing Variables Using $_SESSION['']
What if I want to pass a certain set of variables several pages or every page on my website?
Do I have to keep coding $_POST or $_GET into the HTML on every page?
Answer: No - You can use Sessions Or Cookies Instead.
SESSIONS will allow you to pass php variables and values to every page a user visits on your web site.
- Every time a person visits a site that uses php session_start() a new session is started.
- The user is also assigned an unique SESSION id number
- Sessions are valid until the session expires (the expiry value is set in the php.ini file), or until the user closes his or her browser.
- SESSIONS are php super global arrays
- The syntax for accessing session variables is -- $_SESSION['name of variables'].
- Using Sessions can make passing variables between pages much easier.
- $_SESSION['name of variables']is available to programmers anywhere on the server that he/she invokes the session_start(); php function.
Example of Form Tag and $_SESSION[''] Variables
First send the variable to a script
Move $_POST Variable Contents into $_SESSION Variable
Call: "session_start()": on testScript.php
Explanation of Example Script
First we use a form to send POST data to a php script -- testScript.php
Next testScript.php calls up the session_start() function, creating a session variable --- $_SESSION['name'] ---and sets it to the value found in $_POST['name']values. Now the $_SESSION['name'] variable can be accessed and used from any page on the server
Accessing $_SESSION Variable
You must call the "session_start()" function in php to gain access to the $_SESSION super global array.