Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

mulipage form

Status
Not open for further replies.

ice78991

Programmer
Nov 20, 2006
216
I am looking into ways of creating a form that spans multiple pages ( with 'Next Step' links on each page)

What is the best way to preserve data between each page. Is it best to use session variables or is it ok to write the form data entered for each step directly to the database table when 'next step' is clicked (and include a 'completed' column to indicate when the user has completed the form)
 
I usually use

Code:
<cfoutput>
   <input type="hidden" name="previousFormVar" value="#FORM.prevFormVar#" />
</cfoutput>

or you can pass vars through the querystring.
 
Are there security issues associated with form and url variable methods that are avoided using session variables? Maybe a hacker could tamper with the querystring?
 
There are definitely security issues with querystring variables. They can be easily manipulated.

Form data, unless submitted over HTTPS, is also insecure, but not as easily forged as querystring variables.

You could use the SESSION scope which is maintained at the server level. And those time out when the session times out.
 
You should always not trust your users. Sanitize and validate everything at the server.

Storing or passing from form to form either as a post variable or as a session variable in them selves are not the problem -- it's what you do with it after you get it that's the problem or not.

[plug=shameless]
[/plug]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top