4 Replies Latest reply on Mar 25, 2008 9:30 AM by (Beth_Lowgren)

    multi page form id - sessions? cookies? url?

    Level 1
      I'm wondering what the best practices are as far as passing an id from page to page of a multi-page form with sensitive user info (name, address, email)? We don't want to create a login as these are generally one-use forms.

      Using ADDT, what is the best method to pass info? It seems simple to do it using a URL, but not secure.

      Does anyone have any info on using session and cookie variables in ADDT? (the documentation was a little slim). When setting these variables in the bindings panel, where exactly is the code placed? It doesn't seem to go into the current document when I add sessions here.
        • 1. Re: multi page form id - sessions? cookies? url?
          Level 1
          Beth,

          I have used session variables with ADDT code on multi page forms. I created the forms with the Custom Form Wizard and manually set the session variables using Custom Triggers. Then on the last form page I used an Insert Record Form Wizard to insert all of the data into the database.

          You would need to use session_start(); on any pages you are setting or calling session variables. Pages using the restrict access to page server behavior should not need that code.

          I would suggest using a session array to hold all of the data for one user form, rather than a different session variable for each form variable.

          For example:

          $_SESSION['user']['name']
          $_SESSION['user']['address']
          $_SESSION['user']['phone']

          Rather than:

          $_SESSION['name']
          $_SESSION['address']
          $_SESSION['phone']

          That way you can clear the whole variable easily by calling:

          unset($_SESSION['user']);

          rather than having to unset each variable. I usually unset the variable, or call session_destroy(); to destroy all session variables, on the final confirmation page.

          You can also do error checking on the individual form pages to make sure the proper session variables are set before loading the page. This way if someone gets to one of the form pages without having started at the beginning, it will give them an error.

          Hope this helps,

          Shane
          • 2. Re: multi page form id - sessions? cookies? url?
            Level 1
            Thanks Shane. Yes, that does help. Do you have any links or references about sessions that go through the ABC's of session building? Perhaps I'm over-complicating it... it looks like it's as simple as create, destroy and set a variable in-between.
            • 3. Re: multi page form id - sessions? cookies? url?
              Level 1
              Beth,

              Unfortunately I don't think there are many references to using SESSION variables with ADDT. There are lots of references to how to use PHP session variables.

              Here's a quick breakdown of how I would do this with ADDT for a 3 page form. I'm going to give examples with 2 form elements per page.

              Use ADDT Custom Form Wizard to create form fields for page 1.
              Use ADDT Custom Trigger. In this trigger set your SESSION variables. It will look something like this:

              function Trigger_Custom(&$tNG) {
              session_start();
              $_SESSION['form']['firstname'] = $tNG->getColumnValue("firstname");
              $_SESSION['form']['lastname'] = $tNG->getColumnValue("lastname");
              }

              $tNG->getColumnValue("firstname") is ADDT code that gets the value from the submitted form for the input field named firstname. One note, you can put session_start(); at the top of your PHP page instead of here in the trigger.

              Your redirect should be set to go to the next form page. You would do the same thing for this page as you did on the first one. Create a Custom Form and the use a Custom Trigger to set the SESSION variables.

              function Trigger_Custom(&$tNG) {
              session_start();
              $_SESSION['form']['address'] = $tNG->getColumnValue("address");
              $_SESSION['form']['phone'] = $tNG->getColumnValue("phone");
              }

              This page is set to redirect to the final form page.

              On this final page, you are going to use the Insert Record Form Wizard to insert the data into the database. When you use the wizard, only select the final fields you want to insert into the database. The wizard will show you all the fields in the table by default, except the primary key. Delete all the fields that you already collected data from leaving only the fields that still need to be entered.

              What you can do is display the data already collected in the first 2 pages above the final form so they can see what they already entered before submitting the form.

              So above your final form you can do something like this in the html:

              You have entered:

              First Name:

              Last Name:

              Address:

              Phone:


              Please enter:
              --Final Form--

              On this final page with the Insert Record server behavior do another Custom Trigger. BE SURE to set this one to execute BEFORE. This can be set in the Advanced tab of the Custom Trigger Wizard. Then you need to do some code like this:

              function Trigger_Custom(&$tNG) {
              session_start();

              $firstname = $_SESSION['form']['firstname'];
              $tNG->addColumn("firstname","STRING_TYPE","VALUE",$firstname);

              $lastname = $_SESSION['form']['lastname'];
              $tNG->addColumn("lastname","STRING_TYPE","VALUE",$lastname);
              }

              You would do this for all the variables from the first 2 pages.

              A couple of things to note here for the function addColumn. The first value is the name of the database field. The second value can be several options. Off the top of my head STRING_TYPE, NUMERIC_TYPE, and maybe DOUBLE_TYPE and one other. It's in the documentation for ADDT. I added the extra step of setting $firstname to the session variable. You can actually do $tNG->addColumn("firstname","STRING_TYPE","VALUE",$_SESSION['form']['lastname']);
              but you have to comment out the ' I think and for readability I prefer to add an extra step.

              Finally on this page I would add a Custom Trigger set to execute AFTER the Insert happens, should be AFTER by default. Here's the code I would add to that:

              $_SESSION['insertKey'] = $tNG->getPrimaryKeyValue();

              function Trigger_Custom1(&$tNG) {
              session_start();

              $_SESSION['form']['insertKey'] = $tNG->getPrimaryKeyValue();

              }

              I don't think you need the session_start() again if you already called it. This code gets the primary key of the record that was just inserted into the database. This will be very useful for the final confirmation page. You may only want to display a thank you note, but you may have situations where you want to display all the information that was just posted.

              On the final redirect page, call session_start(); somewhere at the top. Then create a Recordset for the table that contains the inserted data. My recordset would look something like this:

              $primaryKey = $_SESSION['form']['insertKey'];
              mysql_select_db($database_my_db, $my_db);
              $query_RecordsetForm = "SELECT * FROM forms WHERE form_id = $primaryKey";
              $RecordsetForm = mysql_query($query_RecordsetForm, $my_db) or die(mysql_error());
              $row_RecordsetForm = mysql_fetch_assoc($RecordsetForm);
              $totalRows_RecordsetForm = mysql_num_rows($RecordsetForm);

              Note $primaryKey = $_SESSION['form']['insertKey']; was added by me and I edited the MYSQL query to add WHERE form_id = $primaryKey

              Now you can display the data that was inputed for this record.

              First Name:

              Last Name:

              etc...

              The reason I do this rather than just echo the SESSION variables is so that I know that what is displayed on the confirmation page is actually stored data from the database.

              Finally, at the end of your code on the confirmation page do:

              session_destroy();
              or
              unset($_SESSION['form']);

              to clear the data from the SESSION.

              Sorry to type this much, I was hoping to do a tutorial on this but I haven't had the time. Please note that there are other methods and alternatives. Any pros out there, please give advice on areas you think have better solutions or quicker alternatives to what I suggest.

              Shane
              • 4. Re: multi page form id - sessions? cookies? url?
                Level 1
                Wow Shane. That's over and above! Thanks so much from all of us getting acquainted with sessions!!

                Beth