10 Years
Discussion Span
Last Post by Spycat

You really don't need to save anything in a cookie for this.

You can just pass on what the use has put in the form in the HTTP POST or GET and populate the form with this for the user.

It easiest if you use the same PHP script both for generating the form and processing the form. That way you don't have to pass your form fields via HTTP twice.

Simple example: (pseudo code)

$is_generate = false;

if (/* some validation failed */) {

$is_generate = true;

if ($is_generate) { // generate form

echo '<form ... >';
echo '<input type="text" name="foo" value="'.clean($_POST['foo']).'" />';

echo '... etc. etc..';
echo '</form>';

} else { // process form


// your variable cleansing funtion
function clean($var) {
// do some sanitizing
return $clean_var;

NOtice the line:

echo '<input type="text" name="foo" value="'.clean($_POST['foo']).'" />';

Ive set the value="" to the HTTP POST param "foo" since that is what was passed last time the form was filled...

The reason I have clean() function there is just to note that if you are going to print anything sent by the user, back to the browser, you will have to clean your variables with your own custom function.

usually to prevent cross-site scripting.. XSS.

Withought that lil bit it would look something like:

echo '<input type="text" name="foo" value="'.$_POST['foo'].'" />';
Votes + Comments
Very well thought-out explanation

Hi there Dig-Eth,

Thanks sooo much for taking the time to write all that out for me.
I am pretty new at PHP, so I will take what you have given me and try to piece it together.

I sincerely appreciate your help.

Have a GREAT Thanksgiving! :)


This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.