Passing error messages to another page

Question

What options are available to send an error message back to the form page?

I have a form on login.php it submits to process.php. process.php handles the db connection, validation etc. If there is an error, I want to pass that back to index.php.

ie:

    } else {
    session_destroy();
    header("Location: /login");
    $error = "Sorry, that user name or password is incorrect. Please try again.";
}

Since these are two different files, what are the best options available to set and retrieve the errors? $_POST, $_GET, $_SESSION?

Answer 1

A simple solution is to just use $_SESSION.

process.php:

<?php 
 else {
//session_destroy();

$_SESSION['error'] = "Sorry, that user name or password is incorrect. Please try again.";
header("Location: /login");
exit():
}

login.php:

<?php if(isset($_SESSION['error'])){
   echo $_SESSION['error'];
   unset( $_SESSION['error'];
}

Answer 2

I'd suggest using $_SESSION. For one, you don't have to worry about refresh, and if you used $_GET, and scum of the universe can share a page and change the query string to mess with what shows up on your page.

If you have $_SESSION and if you create a unique identifier for each form you have, you can show a warning and then after the warning is output, unset that value in the $_SESSION array

e.g. to set it up

$_SESSION['uniq_form']['warning'] = 'You got this wrong';

next page:

echo $_SESSION['uniq_form']['warning'];
unset($_SESSION['uniq_form']['warning']);

Answer 3

For your specific case, and with the code given, $_SESSION is your best bet. I.e:

$_SESSION['login_error_msg'] = "Sorry, that user name or password is incorrect. Please try again.";

Then back in index.php you'd have to check that session variable somehow, e.g:

if( ! empty($_SESSION['login_error_msg']))
{
    //display the message however you want
    unset($_SESSION['login_error_msg'];
}

Answer 4

I'm thinking that $_SESSION would be your best bet without exposing too much information to your users.