PHP — Convert all POST data into SESSION variables
There’s got to be a much more elegant way of doing this. How do I convert all non-empty post data to session variables, without specifying each one line by line? Basically, I want to perform the function below for all instances of X that exist in the POST array.
if (!empty($_POST['X'])) $_SESSION['X']=$_POST['X']; 6 Answers 6
I would specify a dictionary of POST names that are acceptable.
$accepted = array('foo', 'bar', 'baz'); foreach ( $_POST as $foo=>$bar ) < if ( in_array( $foo, $accepted ) && !empty($bar) ) < $_SESSION[$foo] = $bar; >> Or something to that effect. I would not use empty because it treats 0 as empty.
To be honest, you should avoid using empty() at all — kick the habit now, and you’ll develop techniques that will work in EVERY situation, not just this one. There are appropriate functions for every data type. Use them!
@mederomuraliev My Post method working good, snag.gy/ojWxHe.jpg how can i use my session values and display in my table : pastiebin.com/5d25bbd65405e
The syntax error, is just because there is a bracket still open. it should be
$vars = array('name', 'age', 'location'); foreach ($vars as $v) < if (isset($_POST[$v])) < $_SESSION[$v] = $_POST[$v]; >> It should work like that. If you use
it strips down empty data.
Well the first thing I would suggest is you don’t do this. It’s a huge potential security hole. Let’s say you rely on a session variable of username and/or usertype (very common). Someone can just post over those details. You should be taking a white list approach by only copying approved values from $_POST to $_SESSION ie:
$vars = array('name', 'age', 'location'); foreach ($vars as $v) < if (isset($_POST[$v]) < $_SESSION[$v] = $_POST[$v]; >> How you define «empty» determines what kind of check you do. The above code uses isset() . You could also do if ($_POST[$v]) . if you don’t want to write empty strings or the number 0.
PHP merge $_POST into $_SESSION
Is there a way to take the $_POST data array and merge it into the $_SESSION array. I want it to keep the current data intact and only insert new data or update the pieces that have been changed. I’ve tried array_merge but it didn’t do what I was looking for. Thanks
If array_merge() didn’t do what you wanted, you might need to come up with an example. What’s your input and what output do you expect? Keep it simple.
I hope you understand the security risks involved when saving $_POST variables in $_SESSION without prior filtering of $_POST data.
4 Answers 4
Could you not try creating a $_SESSION[‘postVars’] variable and then storing the $_POST information in there. I wouldn’t try and merge $_SESSION with $_POST that will have security implications for your application later on down the track. Having said that I would also be careful about just saving whatever comes through on the $_POST global. Anyway, I hope my suggestion helps.
Not a good idea to try to merge $_POST into $_SESSION . Instead, do something like:
Or, if you’re wanting to update changes, compare $_POST with $_SESSION[‘lastPost’] and assign any differences to the affected keys, such as
$_SESSION['lastPost']['thisKeysValueChanged'] = $_POST['thisKeysValueChanged']; foreach ($_POST as $key => $val) < if (!isset($_SESSION[$key]) || ($val !== $_SESSION[$key])) < $_SESSION[$key] = $val; >> in short, if the currently-being-considered POST key value doesn’t have a corresponding entry in the SESSION arra, or the two values differ, then copy the POST data to SESSION.
However, be aware that this would allow malicious users to overwrite the entire session array. If they know that you keep a $_SESSION[‘is_admin’] flag, they can trivially overwrite it with an appropriate value and give themselves superuser powers.
Directly+blindly transferring user-provided data into the session variable is NEVER a good idea.
array_merge does work, but it doesnt modify the array, it returns the merged array. What you want to do is:
$_SESSION = array_merge($_SESSION, $_POST); (security warnings as above 🙂
Storing all POST data in SESSION
NOTE : I have prevented there values from SQL injection. My question is can I know is there a way to store all these POST values in SESSION at once? Instead of this method.. $_SESSION[‘name’] = $name; etc any answers will be highly appreciated. Thank you.
4 Answers 4
That will create an array of the post values in a single session variable. The values would be accessible as
$_SESSION['post-data']['name'] $_SESSION['post-data']['username'] . OK.. but one thing, I have assign POST values to variables.. $name = $_POST[‘name’]; etc.. Then what happen?
You can add one array to another.
$_POST and $_SESSION are just arrays.
Note that the keys in the second array take priority in case of duplicates.
However, I don’t see this ending well, since the client side can inject anything he wants to the session, E.G. hijacking your users session id.
I don’t know whether this changed but values in the first array take priority with duplicate keys. See php.net/manual/en/function.array-merge.php
If you looking for session variables that are set using the same key as the posted array, you could use this:
foreach ($_POST as $key => $value) < $= $value; $_SESSION[$key] = $value; > This will make your $_POST array into variables based on the array key and also set the session at the same time. You could then access your name post by using either $_SESSION[‘name’] or $name .
This means you will not need to use: $name = $_POST[‘name’]; anymore. As the above code will set the name variable for you and also set the session variable.
How to Store Form Data in Session in PHP
In this tutorial, we will learn how to store form data in a session in PHP. We will take an example as shown in the above image with the help of an HTML form.
Using session, we can keep the form values even after submitting the data. If you do not know about the PHP session and how it works then go through the below tutorial link.
Required steps to store form data in session in PHP
- First of all, start the PHP session with the help of the session_start() function.
- We will get the form values from the request after submitting with the help of PHP $_POST[] global variable in the form of an array.
- Now, we will store all the POST variables in a session array with the help of the $_SESSION[] global variable in the form of an array in PHP.
- The form values will remain in session until we click the reset button.
- After clicking the reset button, all the form values will be removed from the form fields with the help of the session_unset() function.
Complete Code:-
//reset the form data if(isset($_POST['reset'])) < session_unset(); //session_destroy(); >?> .containerName:Email:Phone No: