Nan Harbison wrote: > Phil, > > I think what I am doing wrong is - I have a form submit to itself, and then > it shows sign up options on a form and then you submit again, and then it > shows a credit card form, so I guess I am getting the form elements from > first form. > So do I store the values that I keep needing as the process continues as > session variables? I always feel guilty when I do that, like it is the > cowards way out. > > Thanks for your help! > Nan > Hi Nan, Yes, you need to store the 1st page's responses somewhere. Either put them in session variables or hide them on subsequent forms. (Sessions aren't cowardly, if that helps.) Unfortunately, there are pros and cons to each method you need to be aware of: 1) Cookie-based sessions won't automatically deal with your visitor opening multiple tabs or windows, and starting into the process on each. 2) Sessions store their data on the server's hard disk in one form or another. You may have to examine how that's done to ensure your customer's confidential information is wiped when you're done with it. (I don't process credit cards, so I can't speak to the details.) Especially if they get partway through and then close their browser. 3) Hidden variables are susceptible to spoofing... you have to validate them on the server side on every submission. Increases both processing time and traffic volume. 4) Hidden form variables aren't actually hidden from an interested user (view source), so if your validation process generates confidential internal codes, you would expose them to view. If you are creating sessions anyways as part of a login process, just add the information to $_SESSION. Maybe keep just the CC number in a hidden field so you don't have to deal with #2. If you have a problem with #1, also add a hidden token to your forms so you can distinguish between multiple windows. If you don't need sessions for other purposes, and #4 isn't a problem, use hidden fields. HTH, Phil -- Need to contact me offlist? Drop -webdev or you probably won't get through.