I have page1.php, with some params defined, and fetched from form with POST which I want to pass to another page, page2.php for example:
// File page1.php
$params = $_POST['params']; // nested array with form values
<form action="page2.php" method="POST">
<button type="submit" name="params[details]" value="some_value"></button>
</form>
// File page2.php
$params = $_POST['params'];
print_r($params);
// I am only get params[details] value, not all passed values to page1.php
How can I pass all variables form page1.php to page2.php, not only submitted param from $params['details']? Should I use $_SESSION variable instead? Is it secure enough, and are there any caveats?
Don't trust data sent to the user to resubmit to the next step. Use a session (or other persistent server side data storage) to hold the data.
All user input should be treated as potentially malicious.