• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 791
  • Last Modified:

PHP back button

Hi Experts,

I'd like to use PHP instead of Java to script a 'back' button in a page.  The previous page is a form so I'd like any of the fields to still have the data in them when the user clicks 'back'.

Any idea how to do this?

Thanks,

HNM
0
HelpNearMe
Asked:
HelpNearMe
  • 3
  • 2
  • 2
  • +3
6 Solutions
 
Terry174Commented:
if (isset($HTTP_REFERER)) {
echo "<a href='$HTTP_REFERER'>back</a>";
} else {
echo "<a href='javascript:history.back()'>back</a>";
}
0
 
gamebitsCommented:
Use session to remember the data entered, it is done in two fold first on your form page you need to check if the session are set if not you show the blank fields, when the user submit the form you set the session data so if the user goes back than the fields are already populated.
0
 
Terry174Commented:
This should probably work better.

<?php
  $url = htmlspecialchars($_SERVER['HTTP_REFERER']);
  echo "<a href='$url'>back</a>";
?>

Although they should both work.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
WilliamStamCommented:
create a loop of all the fields submitted with hidden fields..

foreach in post thing


then your back button basicaly submits the hidden fields back to your form.. your form inputs

if(isset($_POST['fld'])){
$v = $_POST['fld'];
} else $v = "";

<input type="text" value="<?php echo $v; ?>
0
 
Ray PaseurCommented:
That's an interesting question.  Usually developers are more interested in disabling the back button to prevent accidental re-submission of the data.

But if you want to prepopulate the form input fields, you can usually do it without too much trouble.  Often the information comes out of a data base, but it could come from $_SESSION, too.

Install this and run it to see the moving parts.

Regards, ~Ray
<?php // RAY_prepopulate_forms.php

// SET ERROR REPORTING SO WE CAN IGNORE UNDEFINED VARIABLE NOTICES
error_reporting(E_ALL ^ E_NOTICE);

// ALWAYS START THE SESSION UNCONDITIONALLY AT THE TOP OF THE PAGE
session_start();

// IF ANYTHING HAS BEEN POSTED
if (!empty($_POST))
{
    // COPY THE POSTED INFORMATION TO THE SESSION
    $_SESSION['POST'] = $_POST;
    
    // DISPLAY THE CONTENTS OF THE ARRAYS TO SIMULATE PROCESSING THE DATA
    echo "<pre>" . PHP_EOL;
    echo "POST: ";
    var_dump($_POST);
    echo "SESSION: ";
    var_dump($_SESSION);
    
    // ALL DONE
    die("HIT THE BACK KEY NOW");
}

// IF NOTHING HAS BEEN POSTED, DROP INTO HTML AND PUT UP THE FORM
?>
<form method="post">
YOUR NAME: <input name="name" value="<?php echo $_SESSION["POST"]["name"]; ?>" />
<input type="submit" />
</form>

Open in new window

0
 
phpmycoderCommented:
This may considered semi-vulnerable, but if your form allows for fields to be filled through GET variables (say, form.php?name=Me fills in the name field when the form displays) you could always iterate through all of the given form information and create invisible fields for each. Then the back button simply will submit all this information back to the form. Try something like this:

 
<?php //PhpMyCoder - formprocess.php
$keys = array('name', 'email', 'zip');  //Array of post fields to send back
?>
<form action="form.php" method="get">
<?php foreach($keys as $key): ?>
<input type="hidden" name="<?= $key ?>" value="<?= $_POST[$key] ?>" />
<?php endforeach; ?>
<input type="submit" name="s" value="Back" />
</form>

<?php //PhpMyCoder - form.php ?>
<form action="formprocess.php" action="post">
<input type="text" name="name" value="<?= htmlentities($_GET['name']) ?>" />
<input type="text" name="email" value="<?= htmlentities($_GET['email']) ?>" />
<input type="text" name="zip" value="<?= htmlentities($_GET['zip']) ?>" />
</form>

Open in new window

0
 
Ray PaseurCommented:
"This may considered semi-vulnerable,..."

It is all vulnerable if it depends on unfiltered external data, and it is safe if the script follows the standard, "Accept only known good values."

Every month or so, I like to read all the links on the first two pages here:
http://lmgtfy.com?q=PHP+Security

Best to all, ~Ray
0
 
phpmycoderCommented:
Hence the htmlentities(), but then again there's lots of other hacks that could apply here and circumvent the htmlentities() function.
My strategy when it comes to vulnerabilities is: learn the attack, practice it on a local machine, and then find a way to prevent it. Usually, though, the last step is really unnecessary since a simple Googling can find a solution.

I can't agree with you more on that quote. Newer programmers never consider the evils of the internet and the dangers of using user generated content.

Also Ray, I can't help but noticing: you really like "let me Google that for you" don't you?
0
 
HelpNearMeAuthor Commented:
I'll have some feed back shortly, haven't touched this yet.

Thanks,

HNM
0
 
HelpNearMeAuthor Commented:
May be another two days before I can update this question thanks for waiting.

HNM
0
 
HelpNearMeAuthor Commented:
I won't be able to test the solutions so I'm just sharing the points and thank you for the effort.

HNM
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now