210 likes | 378 Views
Lecture. 6/2/12. Forms and PHP. The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms and PHP is that any form element in an HTML page will automatically be available to your PHP scripts. $_POST.
E N D
Lecture 6/2/12
Forms and PHP • The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input • When dealing with HTML forms and PHP is that any form element in an HTML page will automatically be available to your PHP scripts.
$_POST • The $_POST variable is an array of variable names and values sent by the HTTP POST method • The $_POST variable is used to collect values from a form with method="post“ • Information sent from a form with the POST method is invisible to others and has no limits on the amount of information to send
Example <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type" /> <title>Untitled 1</title> </head> <body> <form action="newpage.php" method="post"> Name: <input type="text" name="name" /> Age: <input type="text" name="age" /> <input type="submit" /> </form> </body> </html>
Example Continued.. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type" /> <title>Untitled 1</title> </head> <body> Welcome <?php echo $_POST["name"];?>.<br/> You are <?php echo $_POST["age"];?> years old </body> </html>
Why use POST? • Variables sent with HTTP POST are not shown in the URL • Variables have no length limit
$_REQUEST • The PHP $_REQUEST variable contains the contents of both $_GET, $_POST, and $_COOKIE • The PHP $_REQUEST variable can be used to get the result from form data sent with both the GET and POST methods
$_GET • The $_GET variable is an array of variable names and values sent by the HTTP GET method • The $_GET variable is used to collect values from a form with method="get" • Information sent from a form with the GET method is visible to everyone (it will be displayed in the browser's address bar) and it has limits on the amount of information to send (max. 100 characters)
Get Example <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type" /> <title>Untitled 1</title> </head> <body> <form action="get1.php" method="get"> Name: <input type="text" name="name" /> Age: <input type="text" name="age" /> <input type="submit" /> </form> </body> </html>
Get Continued… <html> <head> <title>Grab form values</title> </head> <body> Welcome <?php echo $_GET["name"];?>.<br/> You are <?php echo $_GET["age"];?> years old </body> </html>
Form Validation • Client side validation is faster, and will reduce server load • However, any site that gets enough traffic to worry about server resources, may also need to worry about site security • Use server side validation if the form accesses a database • A good way to validate a form on the server is to post the form to itself, instead of jumping to a different page • The user will then get the error messages on the same page as the form • This makes it easier to discover the error
Multiple Form Web Sessions • Leads the user through a series Of HTML forms that work together to pass data from form to form • E.g. shopping cart and multi-page web form
Using Hidden Fields • HTML form element that the browser does not display • The receiving PHP script can retrieve any variable name and value defined in a hidden field form element like any other HTML form element
Note • A hidden field is not completely invisible from the user – they can be viewed by looking at the HTML source • Tip: You shouldn’t store any data in a hidden field that you don’t want the user to view
To do.. • Create a normal form as our first page • The first form needs nothing special as it is only passing its data to the next page like any other form • It does not need to worry about accepting data from a previous page
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type" /> <title>Form 1</title> </head> <body> <form method="post" action="page2.php"> Name: <input type="text" size="40" name="cust_name" /><br/> Email: <input type="text" size="40" name="cust_email" /><br/> <input type="submit" name="submit1" value="Proceed" /> </form> </body> </html>
Form 2 • Unlike the first, this form needs to take the data from a previous form and be able to pass it along • Take each piece of data from the previous form and placing it in a hidden field • While in our example we are only dealing with two pages, this second form could be a template for any number of pages in between the start and finish of a multi-page form
Form 2 • Takes the specific values out of the $_POST array and stores them in a more manageable variable name • Then when actually creating the form, place those values in a hidden field so that they are passed on to the next page.
<?php $cust_name = htmlentities ($_POST['cust_name']); $cust_email = htmlentities ($_POST['cust_email']); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Multi-page Form - Page Two</title> </head> <body> <p>Please fill in the following information</p> <form method="post" action="final.php"> Address: <input type="text" size="50" name="cust_address" /><br /> Phone: <input type="text" size="20" name="cust_phone" /><br /> <input type="hidden" name="cust_name" value="<?php echo $cust_name; ?>" /> <input type="hidden" name="cust_email" value="<?php echo $cust_email; ?>" /> <input type="submit" name="submit2" value="Proceed" /> </form> </body> </html>
Final Form • Lastly, we will have a script that will process the data submitted to it • This form is identical to any script you would normally use to process form data • It accepts data posted to it and then processes it • Stores each of the passed $_POST variables into an easier to use variable name and then displays the data that the user has entered.
<?php $cust_name = htmlentities($_POST['cust_name']); $cust_email = htmlentities($_POST['cust_email']); $cust_address = htmlentities($_POST['cust_address']); $cust_phone = htmlentities($_POST['cust_phone']); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Multi-page Form - Final</title> </head> <body> <p>You filled in:</p> Name: <?php echo $cust_name; ?><br/> Email: <?php echo $cust_email; ?><br/> Address: <?php echo $cust_address; ?><br/> Phone: <?php echo $cust_phone; ?><br/> </body> </html>