310 likes | 337 Views
Reading Web Data. Form Handling. The PHP superglobals $_GET $_POST are used to collect form-data. A Simple HTML Form.
E N D
Form Handling The PHP superglobals • $_GET • $_POST are used to collect form-data.
A Simple HTML Form <html><body><form action="welcome.php" method="post">Name: <input type="text" name="name"><br>E-mail: <input type="text" name="email"><br><input type="submit"></form></body></html> When the user fills out the form above and clicks the submit button, the form data is sent for processing to a PHP file named "welcome.php". The form data is sent with the HTTP POST method.
welcome.php <html><body>Welcome <?php echo $_POST["name"]; ?><br>Your email address is: <?php echo $_POST["email"]; ?></body></html> Welcome JohnYour email address is john.doe@example.com
The same result could also be achieved using the HTTP GET method: <html><body><form action="welcome_get.php" method="get">Name: <input type="text" name="name"><br>E-mail: <input type="text" name="email"><br><input type="submit"></form></body></html>
welcome_get.php <html><body>Welcome <?php echo $_GET["name"]; ?><br>Your email address is: <?php echo $_GET["email"]; ?></body></html>
GET vs. POST • Both GET and POST create an array (e.g. array( key => value, key2 => value2, key3 => value3, ...)). • This array holds key/value pairs, where keys are the names of the form controls and values are the input data from the user. • Both GET and POST are treated as $_GET and $_POST. These are superglobals, which means that they are always accessible, regardless of scope - and you can access them from any function, class or file without having to do anything special. • $_GET is an array of variables passed to the current script via the URL parameters. • $_POST is an array of variables passed to the current script via the HTTP POST method.
When to use GET? • Information sent from a form with the GET method is visible to everyone (all variable names and values are displayed in the URL) • GET also has limits on the amount of information to send. • The limitation is about 2000 characters. However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases. • GET may be used for sending non-sensitive data. • Note: GET should NEVER be used for sending passwords or other sensitive information!
When to use POST? • Information sent from a form with the POST method is invisible to others (all names/values are embedded within the body of the HTTP request) and has no limits on the amount of information to send. • However, because the variables are not displayed in the URL, it is not possible to bookmark the page. • Developers prefer POST for sending form data.
$_REQUEST • PHP $_REQUEST is used to collect data after submitting an HTML form • $_REQUEST array holds data from both $_GET and $_POST • i.e) it can be used to retrieve the data from the html form without considering the method attribute
Handling Text Box phptext.php <html> <head> <title> Entering data into text fields </title> </head> <body> <h1> Entering data into text fields </h1> <form method="post" action="phptext.php"> What's your name? <input name="data" type="text"> . <input type="submit" value="Send"> </form> </body> </html> <html> <head> <title> Reading data from text fields </title> </head> <body> <h1> Reading data from text fields </h1> Thanks for answering, <?php echo $_REQUEST["data"]; ?> </body> </html>
Handling Text Areas <html> <head> <title> Reading data from text areas </title> </head> <body> <h1> Reading data from text areas </h1> You ordered a pizza with: <br> <?php $text = $_REQUEST["data"]; echo str_replace("\n", "<br>", $text); ?> </body> </html> <body> <h1> Entering data into text areas </h1> <form method="post" action="phptextarea.php"> Enter the pizza toppings you want: <br> <textarea name="data" cols="50" rows=“3"> 1. 2. 3. </textarea> <br> <input type="submit" value="Send"> </form> </body> Note that, we are dealing with a text area, multiline text will be filled with new lines character, \n. When you display the text, the browser is going to ignore the newlines, so you might replace them with <br> elements instead using str_replace method.
Handling Check box • These are square control, that we can select or de-select with mouse <form method="post" action="phpcheckbox.php"> Do you want fries with that? <input name="check1" type="checkbox" value="yes"> Yes <input name="check2" type="checkbox" value="no"> No <br> <br> <input type="submit" value="Send"> </form> The value of first check box is “yes” and the value of second is “no” – those are the values that will be sent to php script on the server.
<body> <h1> Reading data from check boxes </h1> You selected: <?php echo $_REQUEST["check1"], "<br>"; echo $_REQUEST["check2"], "<br>"; ?> </body> <body> <h1> Reading data from check boxes </h1> You selected: <?php if (isset($_REQUEST["check1"])) { echo $_REQUEST["check1"], "<br>"; } if (isset($_REQUEST["check2"])) { echo $_REQUEST["check2"], "<br>"; } ?> </body> The user may not have checked the check box, so attempting to display the data from that check box would give an error in php
Handling Radio Button This will be used to allow the user to make one selection from a number of choices. <form method="post" action="phpradiobutton.php"> Do you want fries with that? <input name="radios" type="radio" value="yes"> Yes <input name="radios" type="radio" value="no"> No <br> <br> <input type="submit" value="Send"> </form>
<body> <h1> Reading data from radio buttons </h1> You selected <?php if (isset($_REQUEST["radios"])) { echo $_REQUEST["radios"]; } else { echo "No radio button was selected. <br>"; } ?> </body> Note: we’re giving both radiobuttons the same name here, “radio”
List box <form method="post" action="phplistbox.php"> <select name="ice_cream[]" multiple> <option>vanilla</option> <option>strawberry</option> <option>chocolate</option> <option>herring</option> </select> <br> <br> <input type="submit" value="Send">
<?php foreach($_REQUEST["ice_cream"] as $flavor) { echo $flavor, "<br>"; } ?>
Password Control <form method="post" action="phppassword.php"> Enter your password: <input name="password" type="password"> <br> <br> <input type="submit" value="Send"> </form>
<?php if ($_REQUEST["password"] == "letmein"){ ?> <h2> Password accepted </h2> OK, you're in.<br> Please act responsibly. <?php } else { ?> <h2> Password denied </h2> You did not enter the correct password.<br> What are you, some kind of hacker? <?php } ?>
PHP - Validation • What is Validation ? • Validation means check the input submitted by the user. There are two types of validation are available in PHP. They are as follows − • Client-Side Validation − Validation is performed on the client machine web browsers. • Server Side Validation − After submitted by data, The data has sent to a server and perform validation checks in server machine.
Valid URL • Below code shows validation of URL $website = input($_POST["site"]); if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website)) { $websiteErr = "Invalid URL"; } Above syntax will verify whether a given URL is valid or not. It should allow some keywords as https, ftp, www, a-z, 0-9,..etc..
Valid Email • Below code shows validation of Email address $email = input($_POST["email"]); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $emailErr = "Invalid format and please re-enter valid email"; } Above syntax will verify whether given Email address is well-formed or not.if it is not, it will show an error message.
Example • Example below shows the form with required field validation • In the following code we have added some new variables: $nameErr, $emailErr, $genderErr,and $websiteErr. These error variables will hold error messages for the required fields. • We have also added an if else statement for each $_POST variable. This checks if the $_POST variable is empty (with the PHP empty() function). If it is empty, an error message is stored in the different error variables, and if it is not empty, it sends the user input data through the test_input() function:
<?php // define variables and set to empty values $nameErr = $emailErr = $genderErr = $websiteErr = ""; $name = $email = $gender = $comment = $website = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["name"])) {$nameErr = "Name is required";} else {$name = test_input($_POST["name"]);} if (empty($_POST["email"])) {$emailErr = "Email is required";} else
{ $email = test_input($_POST["email"]);} if (empty($_POST["website"])) {$website = "";} else {$website = test_input($_POST["website"]);} if (empty($_POST["comment"])) {$comment = "";} else {$comment = test_input($_POST["comment"]);} if (empty($_POST["gender"])) {$genderErr = "Gender is required";} else {$gender = test_input($_POST["gender"]);} } ?>
PHP - Display The Error Messages • Then in the HTML form, we add a little script after each required field, which generates the correct error message if needed (that is if the user tries to submit the form without filling out the required fields): Example <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> Name: <input type="text" name="name"> <span class="error">* <?php echo $nameErr;?></span> <br><br>
E-mail: <input type="text" name="email"> <span class="error">* <?php echo $emailErr;?></span> <br><br> Website: <input type="text" name="website"> <span class="error"><?php echo $websiteErr;?></span> <br><br> <label>Comment: <textarea name="comment" rows="5" cols="40"></textarea> <br><br>
Gender: <input type="radio" name="gender" value="female">Female <input type="radio" name="gender" value="male">Male <span class="error">* <?php echo $genderErr;?></span> <br><br> <input type="submit" name="submit" value="Submit"> </form>