Best practice to store and return form data with PHP

Question

Possible duplicate:

Hey there, I am building a form which is used to query an API and filter some search results. None of this data is being stored in a text file or a database.

Naturally the form submission refreshes the page, and the form values default to the native selected options I specified when writing the HTML. I am looking to store the users submitted values and have those be the selected options in the form after the page reloads and the filtered selections are loaded. What would be the best solution for achieving this? Sessions, or querying the POST array?

Naturally, I did a couple of Google Searches but everything related to databases or text files, which didn't apply.

My current form code:

<form method="post" action="">
  <label>Year</label>
  <select class="minYear" name="minimuimYearFilter">
    <?php 
    $vehicleYear = date("Y") + 1;
    for ($i = 1993; $i <= $vehicleYear; $i++) {
        echo "<option value=".$i.">".$i."</option>";
    }
    ?>
  </select>
  To:
  <select class="maxYear" name="maximumYearFilter">
    <?php 
    for ($i = 1993; $i <= $vehicleYear; $i++) {
      if ($i == $vehicleYear) {
        echo "<option value=".$i." selected>".$i."</option>"; 
      } else {
        echo "<option value=".$i.">".$i."</option>";
      }
    }
    ?>
  </select>
  <label for="priceFilter">Price</label>
  <select class="priceFilter" name="priceFilter">
    <?php 
    for ($i = 1000; $i <= 50000; $i=$i+1000) {
      if ($i == 50000) {
        echo "<option value=".$i.">$".$i."+</option>";
      } elseif ($i == 20000) {
        echo "<option value=".$i." selected>$".$i."</option>";
      } else {
        echo "<option value=".$i.">$".$i."</option>";
      }
    }
    ?>
  </select>
  <label for="mileageFilter">Mileage</label>
  <select class="mileageFilter" name="mileageFilter">
    <?php 
    for ($i = 5000; $i <= 100000; $i=$i+5000) {
      if ($i == 100000) {
        echo "<option value=".$i.">".$i."+</option>";
      } elseif ($i == 75000) {
        echo "<option value=".$i." selected>".$i."</option>";
      } else {
        echo "<option value=".$i.">".$i."</option>";
      }
    }
    ?>
  </select>
  <input type="submit" value="Submit">
</form>

Hey all, have a meeting, then out of town beyond wifi over the weekend, will catch up ASAP on Monday. Thanks for all the great responses thus far! Cant wait to get back and try this.

Answer 1

If you mean passing data between pages - you should read best answer for this question:

PHP Pass variable to next page

After this - read more about sessions in PHP. Session is the best mechanism for "remembering application state".

Answer 2

The fact that you have are using select boxes makes this harder, but the general idea is to use the value of each select box in the $_REQUEST array to decide which option gets the selected attribute.

Something along these lines:

for ($i = 1993; $i <= $vehicleYear; $i++) {
    echo "<option value='".$i."'".(($_REQUEST['minimuimYearFilter']==$i)?"selected":"").">".$i."</option>";
}

The idea is that the option that was previously selected gets a selected attribute, making it the default selected value.

This should work out of the box, at least in my example, the reason being that if no value is selected, none of them get a selected attribute and the top one is the default. If you also want a 'first time' selected option, simply detect if $_REQUEST['whatever'] has returned anything, and if not set its value to the option you want to be selected.

Answer 3

First on top page set session:

session_start();

For example if $_POST is sent than set in a session:

if (isset($_POST['vehicle_selected']))
{
    $_SESSION['vehicle_selected'] = $_POST['vehicle_selected'];
}
else
{
    $_SESSION['vehicle_selected'] = ''; 
}

In HTML form add this value:

value="<?=$_SESSION['vehicle_selected']; ?>";

Or full example:

<?php

session_start();

if (isset($_POST['vehicle_selected']))
{
    $_SESSION['vehicle_selected'] = $_POST['vehicle_selected'];
}
else
{
    $_SESSION['vehicle_selected'] = ''; 
}

?>

    <form method="post" action="">
      <label>Year</label>
      <select class="minYear" name="minimuimYearFilter">
        <?php 
        $vehicleYear = date("Y") + 1;
        for ($i = 1993; $i <= $vehicleYear; $i++) {
        echo "<option value=".$_SESSION['vehicle_selected'].">".$_SESSION['vehicle_selected']."</option>";
        }
        ?>
      </select>
    ....

Another words (not answers, but recommended for security purposes):

Using REQUEST method can be attack simpler than POST, instead of REQUEST ($_GET,$_POST) use only $_GET. If you want more secure explore CSRF protection for PHP in Stackoverflow. But this is only for security.

Answer 4

Use cookies. The PHP man page for setcookies() is pretty self-explanatory: http://php.net/manual/en/function.setcookie.php

Answer 5

I would use the POST array. session only adds a step that isn't necessary if you arn't using the inputs across multiple pages.

$value = (isset($_POST['some_option']) ? $_POST['some_option'] : "";
?>

<select selected="<?php echo $value; ?>">

or

<input value="<?php echo $value; ?>"/>