Presentation is loading. Please wait.

Presentation is loading. Please wait.

Part 2 Lecture 9 PHP Superglobals and Form Handling.

Similar presentations


Presentation on theme: "Part 2 Lecture 9 PHP Superglobals and Form Handling."— Presentation transcript:

1 Part 2 Lecture 9 PHP Superglobals and Form Handling

2 PHP superglobals There are several superglobal variables in PHP. $globals $_server $_request $_post $_get $_files $_env $_cookie $_session

3 $GLOBALS Is used to access global variables from anywhere in the PHP script. Example: <?php $x = 5; $y = 7; function sum(){ $GLOBALS[‘z’] = $GLOBALS[‘x’]+$GLOBALS[‘y’] } sum(); echo $z; ?>

4 $_SERVER It holds information about headers, path and script locations. It is written $_SERVER[‘ ’] The following elements can be placed within the quotes of the square brackets. $_SERVER[‘PHP_SELF’]: returns the file name of the currently executing script $_SERVER[‘GATEWAY_INTERFACE’] $_SERVER[‘SERVER_ADDR’] $_SERVER[‘SERVER_NAME’] $_SERVER[‘SERVER_SOFTWARE’] $_SERVER[‘SERVER_PROTOCOL’] $_SERVER[‘REQUEST_METHOD’] $_SERVER[‘REQUEST_TIME’] $_SERVER[‘QUERY_STRING’]

5 $_SERVER[‘HTTP_ACCEPT’] $_SERVER[‘HTTP_ACCEPT_CHARSET’] $_SERVER[‘HTTP_HOST’] $_SERVER[‘HTTP_REFERER’] $_SERVER[‘HTTPS’] $_SERVER[‘REMOTE_ADDR’] $_SERVER[‘REMOTE_HOST’] $_SERVER[‘REMOTE_PORT’] $_SERVER[‘SCRIPT_FILENAME’] $_SERVER[‘SERVER_ADMIN’] $_SERVER[‘SERVER_PORT’] $_SERVER[‘SERVER_SIGNATURE’] $_SERVER[‘PATH_ TRANSLATED’] $_SERVER[‘SCRIPT_NAME’] $_SERVER[‘SCRIPT_URI’]

6 $_REQUEST: This is used to collect data after submitting an html form. $_POST: used to collect form data after submitting an html form with http method =“post”. $_GET: used to collect form data after submitting an html form with http method =“get”.

7 PHP Form handling In the last lecture, we discussed html forms. Lets do a quick recap of the things we need to remember. The Form element takes the method and action attributes. Action specifies where the form is sent when submitted and method specifies the http method to be used to send the form. GET and POST are the two most used http methods. Use GET when the data you are sending does not contain sensitive information because all variables and values are displayed in the address bar. One advantage of using GET is that the page can be bookmarked. Use POST when the information you are sending is sensitive. unlimited number of characters can be sent via post.

8 The super global $_GET and $_POST are used to collect form data in PHP. $_GET is used when the http method used for the form is GET and $_POST is used when the http method used for the form is POST. Now let’s launch wamp server and open the www directory to do some practical. Open your school of programming folder and the welcome.php page which we created in the last lecture.

9 Welcome.php page On your welcome.php page, type the following. <?php $username =$_POST['username']; echo "WELCOME ".$username; ?> the $_post[“form element name” ] is an inbuilt function used to get post data. If the http method used on the form was GET, then we would use $_GET[“form element name”]. So php will look for the html form element with the specified name in the square bracket and return the value entered. Now lets create a new page and give it the name register.php to do some detailed explanation of how forms are handled and validated. type the following code on your register.php page.

10 .error {color: #FF0000;} <?php function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } // define variables and set to empty values $firstnameErr = $lastnameErr = $middlenameErr =$emailErr = $genderErr =""; $firstname = $lastname =$middlename = $email = $gender = ""; //check if the submit button was clicked if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["firstname"])) { $firstnameErr = "first name is required"; } else { $firstname = test_input($_POST["firstname"]); // check if name only contains letters and whitespace if (!preg_match("/^[a-zA-Z ]*$/",$firstname)) { $firstnameErr = "Only letters and white space allowed"; }

11 if (empty($_POST["lastname"])) { $lastnameErr = "last name is required"; } else { $lastname = test_input($_POST["lastname"]); // check if name only contains letters and whitespace if (!preg_match("/^[a-zA-Z ]*$/",$lastname)) { $lastnameErr = "Only letters and white space allowed"; } if (empty($_POST["middlename"])) { $middlenameErr = "middle name is required"; } else { $middlename = test_input($_POST["middlename"]); // check if name only contains letters and whitespace if (!preg_match("/^[a-zA-Z ]*$/",$middlename)) { $middlenameErr = "Only letters and white space allowed"; }

12 if (empty($_POST["email"])) { $emailErr = "Email is required"; } else { $email = test_input($_POST["email"]); // check if e-mail address is well-formed if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $emailErr = "Invalid email format"; } if (empty($_POST["sex"])) { $genderErr = "Gender is required"; } else { $gender = test_input($_POST["sex"]); }

13 ?> Registration form * required field. <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> First Name: "> * Last Name: "> * Middle Name: "> * E-mail: "> *

14 Gender: value="female">Female value="male">Male * <?php echo " Below is the information you entered "; echo "first name: ".$firstname; echo " "; echo "last name: ".$lastname; echo " "; echo "middle name: ".$middlename; echo " "; echo "your email address is: ".$email; echo " "; echo "you are a: ".$gender; ?>

15 Explanation of the registration form. Because our form method is post, we use $_POST super global to access the form. The validation rule for the form is that all fields must be filled, the email must be valid and gender must be selected. The super global $_SERVER[“PHP_SELF”] returns the file name of the currently executing script. The form data is submitted to itself instead of a new page. this way the user will get error messages on the same page as the form. This super global can be exploited. To prevent cross site scripting attacks, the htmlspecialchars() function is used to convert special characters to html entities.

16 htmlspecialchars(): this function converts special characters to HTML entities and prevents attackers from exploiting the code by injecting scripts in forms. (prevents XSS attacks). trim(): the trim function removes extra spaces, tabs and newline from the user input data. stripslashes(): this function removes backslashes from user input. The function test_input that we have written uses the functions mentioned above to perform its functions on the input.


Download ppt "Part 2 Lecture 9 PHP Superglobals and Form Handling."

Similar presentations


Ads by Google