Security with PHP form processing with "not required" field confirm submit
I'm noob about form best practices... The goal: Solution for processing not "required fields" which are, for lack of better term, "soft required". When the form is submited, and required fields are OK, there is a soft-require check asking the user "Are you sure you don't want the undercoating?"
How I plan to do it: Three pages. (1) the user form, (2) "thank you for submitting", and (3) "soft require" confirmation (ok, submits and goes page 2; cancel, returns to page 1. I'm thinking where "soft require" is triggered, to forward the form's contents in _POST from page 1 to page 3, ask for confirm and then duplicate in php page 1's mysql query to save the data, and redirect to page 2.
Does this confrom to best practice for form data with security of the form contents?
The short answer to this, thanx mr.shrike, is to set a flag in the control structure of the validation code. After validating $missing and correcting $mistakes, check for the recommended fields. If they are not present, set a flag in post and reprocess the form page. This time display a confirm form. The confirm form may have fields non-editable, except for the recommended fields, and submit is replaced with "confirm" and maybe a short, "are you sure you don't want the undercoating?". All in one scriptie. Seems very PHPish if you ask me. C