CENG 449 Lecture 11 welcome.php"> CENG 449 Lecture 11 welcome.php">
Download presentation
Presentation is loading. Please wait.
Published byLynette Long Modified over 9 years ago
1
Slide 1 of 40 PHP Form Handling The PHP superglobals $_GET and $_POST are used to collect form-data. EX: Name: E-mail: CENG 449 Lecture 11
2
Slide 2 of 40 <?php $name=$_POST["name"]; $email=$_POST["email"]; echo "Your name is ".$name." "; echo "Your email is ".$email." "; ?> CENG 449 Lecture 11 welcome.php
3
Slide 3 of 40 <?php if(isset($_POST["name"]) && isset($_POST["email"]) { $name=$_POST["name"]; $email=$_POST["email"]; echo "Your name is ".$name." "; echo "Your email is ".$email." "; } ?> CENG 449 Lecture 11 welcome.php
4
Slide 4 of 40 Name: E-mail: CENG 449 Lecture 11
5
Slide 5 of 40 <?php $name=$_GET["name"]; $email=$_GET["email"]; echo "Your name is ".$name." "; echo "Your email is ".$email." "; ?> CENG 449 Lecture 11
6
Slide 6 of 40 GET vs. POST Both GET and POST create an array (e.g. array( key => value, key2 => value2, key3 => value3,...)). This array holds key/value pairs, where keys are the names of the form controls and values are the input data from the user. Both GET and POST are treated as $_GET and $_POST. These are superglobals, which means that they are always accessible, regardless of scope - and you can access them from any function, class or file without having to do anything special. $_GET is an array of variables passed to the current script via the URL parameters. $_POST is an array of variables passed to the current script via the HTTP POST method. CENG 449 Lecture 11
7
Slide 7 of 40 When to use GET? Information sent from a form with the GET method is visible to everyone (all variable names and values are displayed in the URL). GET also has limits on the amount of information to send. The limitation is about 2000 characters. However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases. GET may be used for sending non-sensitive data. Note: GET should NEVER be used for sending passwords or other sensitive information! CENG 449 Lecture 11
8
Slide 8 of 40 When to use POST? Information sent from a form with the POST method is invisible to others (all names/values are embedded within the body of the HTTP request) and has no limits on the amount of information to send. Moreover POST supports advanced functionality such as support for multi-part binary input while uploading files to server. However, because the variables are not displayed in the URL, it is not possible to bookmark the page. NoteDevelopers prefer POST for sending form data. CENG 449 Lecture 11
9
Slide 9 of 40 What is the $_SERVER["PHP_SELF"] variable? The $_SERVER["PHP_SELF"] is a super global variable that returns the filename of the currently executing script. So, the $_SERVER["PHP_SELF"] sends the submitted form data to the page itself, instead of jumping to a different page. This way, the user will get error messages on the same page as the form. CENG 449 Lecture 11
10
Slide 10 of 40 What is the htmlspecialchars() function? The htmlspecialchars() function converts special characters to HTML entities. This means that it will replace HTML characters like with < and >. This prevents attackers from exploiting the code by injecting HTML or Javascript code (Cross-site Scripting attacks) in forms. See: http://www.w3schools.com/php/php_form_validation.asp http://www.w3schools.com/php/php_form_validation.asp for an example CENG 449 Lecture 11
11
Slide 11 of 40 "> First name: Last name: <?php if(isset($_POST['firstname']) && isset($_POST['lastname'])) { echo("First name: ". $_POST['firstname']. " \n"); echo("Last name: ". $_POST['lastname']. " \n"); } ?> CENG 449 Lecture 11
12
Slide 12 of 40 CENG 449 Lecture 11
13
Slide 13 of 40 \n"); echo("Last name: ". $_POST['lastname']. " \n"); } ?> "> First name: Last name: CENG 449 Lecture 11
14
Slide 14 of 40 Secure input data To prevent hackers entering your system, use the following approach while inputting the data from user <?php // define variables and set to empty values $name = $email = $gender = $comment = $website = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $name = test_input($_POST["name"]); $email = test_input($_POST["email"]); $website = test_input($_POST["website"]); $comment = test_input($_POST["comment"]); $gender = test_input($_POST["gender"]); } function test_input($data) { $data = trim($data); // avoids the blank spaces at the beginning and at the end $data = stripslashes($data); // stripes slashes $data = htmlspecialchars($data); // convers special characters such as < return $data; } ?> CENG 449 Lecture 11
15
Slide 15 of 40 Select Forms: Art Supply Order Form Paint Brushes Erasers Quantity: CENG 449 Lecture 11
16
Slide 16 of 40 process.php "; echo "Thank you for ordering!"; ?> CENG 449 Lecture 11
17
Slide 17 of 40 CENG 449 Lecture 11
18
Slide 18 of 40 PHP HTML Form radio button Example Enter Your Full Name : You are : Male Female CENG 449 Lecture 11
19
Slide 19 of 40 example.php <?php if(isset($_POST['BtnSubmit'])) { echo " Your form data as bellow "; echo " Your Name: {$_POST['FullName']}"; echo " Your are: {$_POST['YourGender']}"; echo " "; } ?> CENG 449 Lecture 11
20
Slide 20 of 40 CENG 449 Lecture 11
21
Slide 21 of 40 Checkbox example: PHP HTML Form checkbox Example Male Female CENG 449 Lecture 11
22
Slide 22 of 40 process.php <?php if (isset($_POST['gender'])) { echo "Your gender is "; echo $_POST['gender']; // Displays value of checked checkbox. } ?> CENG 449 Lecture 11
23
Slide 23 of 40 CENG 449 Lecture 11
24
Slide 24 of 40 PHP HTML Form button Example Enter Your Name : Enter Your SurName : CENG 449 Lecture 11
25
Slide 25 of 40 process.php <?php if (isset($_POST['save'])) { echo "Save button is pressed! "; } if (isset($_POST['clear'])) { echo "Clear button is pressed! "; } if (isset($_POST['update'])) { echo "Update button is pressed! "; } ?> CENG 449 Lecture 11
26
Slide 26 of 40 CENG 449 Lecture 11
27
Slide 27 of 40 Mulltiple Selection CheckBox: Please select your book types: Drama Action and Adventure Romance Mystery Horror Guide Science History CENG 449 Lecture 11
28
Slide 28 of 40 <?php $bookArray=$_POST['book']; echo "Your selected books are "; foreach ($bookArray as $aBook) { echo "$aBook "; } ?> CENG 449 Lecture 11
29
Slide 29 of 40 CENG 449 Lecture 11
30
Slide 30 of 40 PHP and MySQL MySQL works very well in combination of various programming languages like PERL, C, C++, JAVA and PHP. Out of these languages, PHP is the most popular one because of its web application development capabilities. PHP provides various functions to access MySQL database and to manipulate data records inside MySQL database. You would require to call PHP functions in the same way you call any other PHP function. The PHP functions for use with MySQL have the following general format: mysql_function(value,value,...); CENG 449 Lecture 11
31
Slide 31 of 40 Following example shows a generic syntax of PHP to call any MySQL function. PHP with MySQL <?php $retval = mysql_function(value, [value,...]); if( !$retval ) { die ( "Error: a related error message" ); } // Otherwise MySQL or PHP Statements ?> CENG 449 Lecture 11
32
Slide 32 of 40 MySQL Connection using PHP Script: connection mysql_connect(server,user,passwd,new_link,client_flag); Connecting MySQL Server <?php $dbhost = 'localhost:3036'; $dbuser = 'guest'; $dbpass = 'guest123'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: '. mysql_error()); } echo 'Connected successfully'; mysql_close($conn); ?> CENG 449 Lecture 11
33
Slide 33 of 40 User Data Form Enter Your Name : Enter Your SurName : Enter Your Student Number : You are : Male Female CENG 449 Lecture 11
34
Slide 34 of 40
35
Slide 35 of 40 <?php $stName=$_POST['Name']; $stSurname=$_POST['Surname']; $stFullName=$Name." ".$Surname; $stNumber=$_POST['stNumber']; $stGender=$_POST['YourGender']; $dbhost = "localhost"; $dbuser = "root"; $dbpass = ""; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: '. mysql_error()); } echo 'Connected successfully'; mysql_select_db('studentInfo'); $sql = "INSERT INTO studentInfoTable (stName, stSurname,stFullName,stNumber, stGender) VALUES ('$stName','$stSurname','$stFullName','$stNumber','$stGender')"; $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not enter data: '. mysql_error()); } echo "Entered data successfully\n"; mysql_close($conn); ?> CENG 449 Lecture 11
36
Slide 36 of 40 Search data in database User Data Form Enter Name to be Searhed : CENG 449 Lecture 11
37
Slide 37 of 40 <?php $stName=$_POST['Name']; $dbhost = "localhost"; $dbuser = "root"; $dbpass = ""; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: '. mysql_error()); } echo 'Connected successfully'; mysql_select_db('studentInfo'); $sql = "SELECT * FROM studentInfoTable WHERE stName='$stName'"; $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not get data: '. mysql_error()); } while($row = mysql_fetch_array($retval) { echo "$row['stName'] $row['stSurname'] "; } echo "Fetched data successfully\n"; mysql_close($conn); ?> CENG 449 Lecture 11
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.