Form Processing in PHP Dr. Charles Severance

Slides:



Advertisements
Similar presentations
PHP Form and File Handling
Advertisements

HTML Forms. collect information for passing to server- side processes built up from standard widgets –text-input, radio buttons, check boxes, option lists,
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Video, audio, embed, iframe, HTML Form
Forms Review. 2 Using Forms tag  Contains the form elements on a web page  Container tag tag  Configures a variety of form elements including text.
Copyright © Terry Felke-Morris WEB DEVELOPMENT & DESIGN FOUNDATIONS WITH HTML5 Chapter 9 Key Concepts 1 Copyright © Terry Felke-Morris.
Web Development & Design Foundations with XHTML Chapter 9 Key Concepts.
Forms and PHP Dr. Charles Severance
Chapter 10 Form Basics Key Concepts Copyright © 2013 Terry Ann Morris, Ed.D 1.
Forms, Validation Week 7 INFM 603. Announcements Try placing today’s example in htdocs (XAMPP). This will allow you to execute examples that rely on PHP.
Cookies, Sessions, and Authentication Dr. Charles Severance
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
Unit 7 – Working with Forms 1. Creating a form 2. Accessing the submitted data 3. Common operations on forms.
Advance Database Management Systems Lab no. 5 PHP Web Pages.
CSC 2720 Building Web Applications HTML Forms. Introduction  HTML forms are used to collect user input.  The collected input is typically sent to a.
Copyright © Terry Felke-Morris WEB DEVELOPMENT & DESIGN FOUNDATIONS WITH HTML5 7 TH EDITION Chapter 9 Key Concepts 1 Copyright © Terry Felke-Morris.
HTML Forms.
Web Development & Design Foundations with XHTML Chapter 9 Key Concepts.
Week 9 - Form Basics Key Concepts 1. 1.Describe common uses of forms on web pages 2.Create forms on web pages using the form, input, textarea, and select.
CSC 2720 Building Web Applications Server-side Scripting with PHP.
Copyright © Terry Felke-Morris WEB DEVELOPMENT & DESIGN FOUNDATIONS WITH HTML5 7 TH EDITION Chapter 9 Key Concepts 1 Copyright © Terry Felke-Morris.
Copyright © Terry Felke-Morris WEB DEVELOPMENT & DESIGN FOUNDATIONS WITH HTML5 Chapter 9 Key Concepts 1 Copyright © Terry Felke-Morris.
+ FORMS HTML forms are used to pass data to a server. begins and ends a form Forms are made up of input elements Every input element has a name and value.
Week 10: HTML Forms HNDIT11062 – Web Development.
Forms and PHP Dr. Charles Severance
PHP Arrays Dr. Charles Severance
Web Forms. Web Forms: A form allows our web visitors to submit information to us. Some examples uses for forms are to let the web user contact us, fill.
Lesson 5 Introduction to HTML Forms. Lesson 5 Forms A form is an area that can contain form elements. Form elements are elements that allow the user to.
Introduction to Dynamic Web Content Chapter 1 Dr. Charles Severance To be used in assocition with the book: PHP, MySql, and JavaScript by Robin Nixon.
Dr. Charles Severance Using Handlebars Dr. Charles Severance
C.R.U.D. Charles Severance
Introduction to Dynamic Web Content
PHP Arrays Dr. Charles Severance
Our Technologies Dr. Charles Severance
Forms and PHP.
Cascading Style Sheets
Getting PHP Hosting Dr. Charles Severance
Using JSON Dr. Charles Severance
How to Write Web Forms By Mimi Opkins.
Redirect, Routing, and Authentication
CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr
HTTP Parameters and Arrays
Chapter 19 PHP Part III Credits: Parts of the slides are based on slides created by textbook authors, P.J. Deitel and H. M. Deitel by Prentice Hall ©
PHP Arrays Dr. Charles Severance
Super Global Arrays Forms and PHP "Superglobal" arrays (6.4.1)
Super Global Arrays Forms and PHP "Superglobal" arrays (6.4.1)
Web Programming– UFCFB Lecture 22
Web Programming– UFCFB Lecture 17
Designing Forms Lesson 10.
HTML Forms and User Input
Objectives Explore web forms Work with form servers
CGI Programming Part II UNIX Security
Creating Form Elements
Creating Form Elements
PHP Namespaces (in progress)
Dr. John P. Abraham Professor UTRGV eCommerce CSCI 6314
Forms and PHP.
Introduction to Dynamic Web Content
Web Development & Design Foundations with H T M L 5
Using jQuery Dr. Charles Severance
FORM OBJECT When creating an interactive web site for the Internet it is necessary to capture user input and process this input. Based on the result of.
CNIT 131 HTML5 - Forms.
Web Development & Design Foundations with H T M L 5
HTTP GET vs POST SE-2840 Dr. Mark L. Hornick.
Creating Forms on a Web Page
Basics of Web Design Chapter 10 Form Basics Key Concepts
© Hugh McCabe 2000 Web Authoring Lecture 8
Lesson 6: Web Forms.
PHP-II.
Model View Controller (MVC)
Presentation transcript:

Form Processing in PHP Dr. Charles Severance www.wa4e.com http://www.wa4e.com/code/forms http://www.wa4e.com/code/forms.zip

PHP Global Variables Part of the goal of PHP is to make interacting with HTTP and HTML as easy as possible. PHP processes the incoming HTTP request based on the protocol specifications and drops the data into various super global variables (usually arrays).

(Review from Arrays) http://www.wa4e.com/code/arrays/get-01.php

Time DOM Apache MySql PHP ind.php RRC/HTTP SQL Browser Web Server Database Server DOM Apache static files MySql get-01.php?x=2 Parse Request Parse Response $_GET php code PHP ind.php JavaScript RRC/HTTP SQL

Forms – User Input / Action <p>Guessing game...</p> <form> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess"/></p> <input type="submit"/> </form> http://www.wa4e.com/code/forms/form1.php

Forms Submit Data form1.php <p>Guessing game...</p> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess"/></p> <input type="submit"/> </form>

form2.php <p>Guessing game...</p> <form> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess"/></p> <input type="submit"/> </form> <pre> $_GET: <?php print_r($_GET); ?> </pre> form2.php

GET and POST with Forms

Time DOM Apache MySql PHP RRC/HTTP SQL Browser Web Server Database Server DOM Apache static files MySql Parse Request Parse Response $_POST php code PHP form1.php JavaScript RRC/HTTP SQL

form3.php <p>Guessing game...</p> <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" size="40" id="guess"/></p> <input type="submit"/> </form> <pre> $_POST: <?php print_r($_POST); ?> $_GET: print_r($_GET); </pre> form3.php

Forms GET vs. POST Two ways the browser can send parameters to the web server GET - Parameters are placed on the URL which is retrieved. POST - The URL is retrieved and parameters are appended to the request in the the HTTP connection.

Passing Parameters to The Server GET /form1.php?guess=42 Accept: text/html User-Agent: Lynx/2.4 libwww/2.14 Web Server HTTP Request POST /form3.php Accept: text/html User-Agent: Lynx/2.4 libwww/2.14 Content-type: application/x-www-form-urlencoded Content-length: 13 guess=42 Browser <input type="text" name="guess" id="yourid" />

Time DOM Apache MySql PHP RRC/HTTP SQL Browser Web Server Database Server DOM Apache static files MySql Parse Request Parse Response $_POST php code PHP form3.php JavaScript RRC/HTTP SQL

Rules of the POST/GET Choice POST is used when data is being created or modified. GET is used when your are reading or searching things. Web search spiders will follow GET URLs but generally not POST URLs. GET URLs should be “idempotent” - the same URL should give the “same thing” each time you access it. GET has an upper limit of the number of bytes of parameters and values (think about 2K).

Form Input Types

Other Input Types Text Password Radio Button Check Box Select / Drop-Down Textarea http://www.wa4e.com/code/forms/more.php

more.php $_POST: Array ( [account] => Beth [pw] => 12345 <p>Many field types...</p> <form method="post" action="more.php"> <p><label for="inp01">Account:</label> <input type="text" name="account" id="inp01" size="40" ></p> <p><label for="inp02">Password:</label> <input type="password" name="pw" id="inp02" size="40" ></p> <p><label for="inp03">Nick Name:</label> <input type="text" name="nick" id="inp03" size="40" ></p> $_POST: Array ( [account] => Beth [pw] => 12345 [nick] => BK [when] => pm ... )

more.php $_POST: Array( ... [nick] => BK [when] => pm <p>Preferred Time:<br/> <input type="radio" name="when" value="am">AM<br> <input type="radio" name="when" value="pm" checked>PM</p> $_POST: Array( ... [nick] => BK [when] => pm [class] => si502 )

<input type="checkbox" name="class1" value="si502" checked> <p>Classes taken:<br/> <input type="checkbox" name="class1" value="si502" checked> SI502 - Networked Tech<br> <input type="checkbox" name="class2" value="si539"> SI539 - App Engine<br> <input type="checkbox" name="class3"> SI543 - Java<br> </p> $_POST: Array( ... [when] => pm [class1] => si502 [soda] => 0 ) $_POST: Array( ... [when] => pm [class3] => on [soda] => 0 )

The values can be any string, but numbers are used quite often. <p><label for="inp06">Which soda: <select name="soda" id="inp06"> <option value="0">-- Please Select --</option> <option value="1">Coke</option> <option value="2">Pepsi</option> <option value="3">Mountain Dew</option> <option value="4">Orange Juice</option> <option value="5">Lemonade</option> </select> </p> more.php $_POST: Array( ... [class] => si502 [soda] => 0 [snack] => peanuts ) The values can be any string, but numbers are used quite often.

more.php $_POST: Array( ... [class] => si502 [soda] => 0 <p><label for="inp07">Which snack: <select name="snack" id="inp07"> <option value="">-- Please Select --</option> <option value="chips">Chips</option> <option value="peanuts" selected>Peanuts</option> <option value="cookie">Cookie</option> </select> </p> $_POST: Array( ... [class] => si502 [soda] => 0 [snack] => peanuts )

more.php $_POST: Array( ... <p><label for="inp08">Tell us about yourself:<br/> <textarea rows="10" cols="40" id="inp08" name="about"> I love building web sites in PHP and MySQL. </textarea> </p> $_POST: Array( ... [about] => I love building web sites in PHP and MySQL. [dopost] => Submit )

more.php $_POST: Array( ... [code] => Array ( [0] => css <p><label for="inp09">Which are awesome?<br/> <select multiple="multiple" name="code[]" id="inp09"> <option value="python">Python</option> <option value="css">CSS</option> <option value="html">HTML</option> <option value="php">PHP</option> </select> $_POST: Array( ... [code] => Array ( [0] => css [1] => html ) [dopost] => Submit

more.php $_POST: Array( ... [dopost] => Submit ) <p> <input type="submit" name="dopost" value="Submit"/> <input type="button" onclick="location.href='http://www.wa4e.com/'; return false;" value="Escape"> </p> $_POST: Array( ... [dopost] => Submit ) On submit input types, the text is both in the UI and in $_POST so we tend to look for the key, not the value.

HTML5 Input Types HTML5 defines new input types Not all browsers support all input types They fall back to type="text" http://www.w3schools.com/html/html5_form_input_types.asp

Validation happens when you press submit. Select your favorite color: <input type="color" name="favcolor" value="#0000ff"><br/> Birthday: <input type="date" name="bday" value="2013-09-02"><br/> E-mail: <input type="email" name="email"><br/> Quantity (between 1 and 5): <input type="number" name="quantity" min="1" max="5"><br/> Add your homepage: <input type="url" name="homepage"><br> Transportation: <input type="flying" name="saucer"><br> Validation happens when you press submit. http://www.wa4e.com/code/forms/html5.php

Data Security / Integrity / Validation

Persisting Form Data When we submit forms and there is an error, we just expect that the data will remain in the form when the page is redisplayed. The application needs to make sure to put the previous values back into the form.

Review: Ternary Operation <?php $oldguess = isset($_POST['guess']) ? $_POST['guess'] : ''; ?> <p>Guessing game...</p> <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" value="<?= $oldguess ?>"/></p> <input type="submit"/> </form> “Persisting” Form Data Across Requests form4.php <?= $oldguess ?> <?php echo($oldguess); ?> Review: Ternary Operation

Hygiene Alert! What happens when we use an HTML character in a form field value?

form4.php <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess size="40" "value=""><b>DIE DIE</b>" /></p> <input type="submit"/> </form>

To The Rescue: htmlentities() <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" value="<?= htmlentities($oldguess) ?>"/></p> <input type="submit"/> </form> form5.php

<input type="text" name="guess" id="guess" <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" value="<?= htmlentities($oldguess) ?>"/></p> <input type="submit"/> </form> <input type="text" name="guess" id="guess" value=""><b>DIE DIE</b>" /></p>

In-Server Data Validation

Time DOM Apache MySql PHP RRC/HTTP SQL Browser Web Server Database Server DOM Apache static files MySql Parse Request Parse Response $_POST php code PHP form3.php JavaScript RRC/HTTP SQL

Incoming Data Validation Making sure all user data is present and the correct format before proceeding Non-empty strlen($var) > 0 A number is_numeric($var) An email address strpos($var, '@') > 0 Or filter_var($var, FILTER_VALIDATE_EMAIL) !== false ....

http://www.wa4e.com/code/forms/guess.php?guess=7

http://www.wa4e.com/code/forms/guess.php?guess=200

Convention: Model View Controller (MVC)

Model-View-Controller A model that defines the elements of a web application and how they interact View – Produces output Model – Handles data Controller – Orchestration / Routing https://en.wikipedia.org/wiki/Model-view-controller

Pattern: Processing POST Data Many patterns for handling POST data No “rules”, just “suggestions” Completely process incoming data (if any) - produce no output <?php $guess = ''; $message = false; if ( isset($_POST['guess']) ) { // Trick for integer / numeric parameters $guess = $_POST['guess'] + 0; if ( $guess == 42 ) { $message = "Great job!"; } else if ( $guess < 42 ) { $message = "Too low"; } else { $message = "Too high..."; } ?> <html> <head> <title>A Guessing game</title> </head> <body style="font-family: sans-serif;"> <p>Guessing game...</p> if ( $message !== false ) { echo("<p>$message</p>\n"); <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" <?php echo 'value="' . htmlentities($guess) . '"'; /></p> <input type="submit"/> </form> </body> Produce the page output What about frameworks? guess_mvc.php

guess_mvc.php Model Context Controller View <?php $oldguess = ''; $message = false; if ( isset($_POST['guess']) ) { // Trick for integer / numeric parameters $oldguess = $_POST['guess'] + 0; if ( $oldguess == 42 ) { $message = "Great job!"; } else if ( $oldguess < 42 ) { $message = "Too low"; } else { $message = "Too high..."; } ?> <html> <head> <title>A Guessing game</title> </head> <body style="font-family: sans-serif;"> <p>Guessing game...</p> if ( $message !== false ) { echo("<p>$message</p>\n"); <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" value="<?= htmlentities($oldguess) ?>"/></p> <input type="submit"/> </form> </body> Model Context Controller View guess_mvc.php

guess_mvc.php No HTML Context Controller No Database <?php $oldguess = ''; $message = false; if ( isset($_POST['guess']) ) { // Trick for integer / numeric parameters $oldguess = $_POST['guess'] + 0; if ( $oldguess == 42 ) { $message = "Great job!"; } else if ( $oldguess < 42 ) { $message = "Too low"; } else { $message = "Too high..."; } ?> <html> <head> <title>A Guessing game</title> </head> <body style="font-family: sans-serif;"> <p>Guessing game...</p> if ( $message !== false ) { echo("<p>$message</p>\n"); <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" value="<?= htmlentities($oldguess) ?>"/></p> <input type="submit"/> </form> </body> No HTML Context Controller No Database guess_mvc.php

guess_mvc.php <?php $oldguess = ''; $message = false; if ( isset($_POST['guess']) ) { // Trick for integer / numeric parameters $guess = $_POST['guess'] + 0; if ( $guess == 42 ) { $message = "Great job!"; } else if ( $guess < 42 ) { $message = "Too low"; } else { $message = "Too high..."; } ?> <html> <head> <title>A Guessing game</title> </head> <body style="font-family: sans-serif;"> <p>Guessing game...</p> if ( $message !== false ) { echo("<p>$message</p>\n"); <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" value="<?= htmlentities($oldguess) ?></p> <input type="submit"/> <input type="submit"/> </form> </body> <?php $oldguess = ''; $message = false; if ( isset($_POST['guess']) ) { // Nifty trick $oldguess = $_POST['guess'] + 0; if ( $oldguess == 42 ) { $message = "Great job!"; } else if ( $oldguess < 42 ) { $message = "Too low"; } else { $message = "Too high..."; } ?> <html> ... guess_mvc.php

<title>A Guessing game</title> </head> <?php $guess = ''; $message = false; if ( isset($_POST['guess']) ) { // Trick for integer / numeric parameters $guess = $_POST['guess'] + 0; if ( $guess == 42 ) { $message = "Great job!"; } else if ( $guess < 42 ) { $message = "Too low"; } else { $message = "Too high..."; } ?> <html> <head> <title>A Guessing game</title> </head> <body style="font-family: sans-serif;"> <p>Guessing game...</p> if ( $message !== false ) { echo("<p>$message</p>\n"); <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" value="<?= htmlentities($oldguess) ?></p> <input type="submit"/> <input type="submit"/> </form> </body> ... ?> <html> <head> <title>A Guessing game</title> </head> <body style="font-family: sans-serif;"> <p>Guessing game...</p> <?php if ( $message !== false ) { echo("<p>$message</p>\n"); } <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" value="<?= htmlentities($oldguess) ?>"></p> <input type="submit"/> </form> </body>

Note: This code is a little sloppy in terms of its data validation. <?php $oldguess = ''; $message = false; if ( isset($_POST['guess']) ) { // Nifty trick $oldguess = $_POST['guess'] + 0; if ( $oldguess == 42 ) { $message = "Great job!"; } else if ( $oldguess < 42 ) { $message = "Too low"; } else { $message = "Too high..."; } ?> <html> ... guess_mvc.php Note: This code is a little sloppy in terms of its data validation.

guess_mvc.php <html> <head> <title>A Guessing game</title> </head> <body style="font-family: sans-serif;"> <p>Guessing game...</p> <?php if ( $message !== false ) { echo("<p>$message</p>\n"); } ?> <form method="post"> <p><label for="guess">Input Guess</label> <input type="text" name="guess" id="guess" size="40" value="<?= htmlentities($oldguess) ?>"></p> <input type="submit"/> </form> </body> guess_mvc.php

Summary Forms, $_GET and $_POST Form fields New form fields in HTML5 Sanitizing HTML Data Validation Model-View-Controller

Acknowledgements / Contributions These slides are Copyright 2010- Charles R. Severance (www.dr-chuck.com) as part of www.wa4e.com and made available under a Creative Commons Attribution 4.0 License. Please maintain this last slide in all copies of the document to comply with the attribution requirements of the license. If you make a change, feel free to add your name and organization to the list of contributors on this page as you republish the materials. Initial Development: Charles Severance, University of Michigan School of Information Insert new Contributors and Translators here including names and dates Continue new Contributors and Translators here Note from Chuck. Please retain and maintain this page as you remix and republish these materials. Please add any of your own improvements or contributions.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.