If they are separate invocations, why would you expect the variables to jump from one thread or process to another? It seems to me that you want the first invocation to return a page containing a modified version of the form: entry fields containing a default value equal to what the user sent the first time, or perhaps a hidden field containing a session ID so that the second invocation can pull the desired historical values from disk.
| [reply] [Watch: Dir/Any] |
It is a single user invoking the form, selecting an answer, and, then, depending on whether it is the "right" answer, either getting the same version of the form with his/her answer left intact and an admonition to respond again, or being told s/he answered correctly and being given a "new" question.
I load the question and the possible answers from a database.
In the "wrong" answer case, I want to leave the database alone. In the "right" answer case, I want to visit it again and get a new question.
Thank you for considering this question, which clearly contains a moderate share of ignorance.
| [reply] [Watch: Dir/Any] |
The thing to keep in mind is that your script is started, deals with a request and then terminates. Nothing should survive except what you have written to disk, and what the user knows.
But you can't trust the user, so don't believe anything they say or the sister of bobby tables will tell you that her name is "admin", authenticated=1 and/or score=1000000 ;)
Instead of real info, only give them a session ID that is really hard to guess (say, 32 random hex characters), and delete session info that is older than 30 minutes. Use the string they reply with to find and load the user's session info (last question/score/login name/etc). If it doesn't exist, send them to the login screen.
Edit: Fixed link
| [reply] [Watch: Dir/Any] |