PHP – Form Processing in PHP Harit Kothari [email_address]

Agenda Reading data from a page $_REQUEST, $_GET & $_POST Isset() & array_key_exists() Validating data

Reading data from a page

$_REQUEST, $_GET & $_POST

Isset() & array_key_exists()

Validating data

Reading data from a page HTML Forms Use of text box, text area, radio button, check box Data (inserted or selected as per above objects) can be sent either of 2 ways – GET or POST request So, a request is like a box, in which selected items are packed and sent

HTML Forms

Use of text box, text area, radio button, check box

Data (inserted or selected as per above objects) can be sent either of 2 ways – GET or POST request

So, a request is like a box, in which selected items are packed and sent

Practical Applications You are developing a web based form to collect user data User fills data and when Submit button is pressed, the data should be inserted in database, or something like that User login management

You are developing a web based form to collect user data

User fills data and when Submit button is pressed, the data should be inserted in database, or something like that

User login management

$_REQUEST Represents HTTP request as an array Is automatically created when a Get or POST is made, superset of $_GET & $_POST Also contains $_COOKIES array Request type can be checked by: $_SERVER['REQUEST_METHOD'] It should return either 'GET' or 'POST' See an example next

Represents HTTP request as an array

Is automatically created when a Get or POST is made, superset of $_GET & $_POST

Also contains $_COOKIES array

Request type can be checked by: $_SERVER['REQUEST_METHOD'] It should return either 'GET' or 'POST'

See an example next

$_REQUEST Example Assuming that some data has been sent via a form. It can be interpreted in PHP as under: <?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { echo “This is a get request”; } else echo “This is a post request”; // extract values from $_REQUEST // uName & pWord areTextBoxs in HTML $username = $_REQUEST['uName']; $password = $_REQUEST['pWord']; ?>

Assuming that some data has been sent via a form. It can be interpreted in PHP as under: <?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { echo “This is a get request”; } else echo “This is a post request”; // extract values from $_REQUEST // uName & pWord areTextBoxs in HTML $username = $_REQUEST['uName']; $password = $_REQUEST['pWord']; ?>

$_GET Parameters are appended to URL Less secure URL length limitation See an example next

Parameters are appended to URL

Less secure

URL length limitation

See an example next

$_GET Example If you are accepting name and age from a form, you can give output like following: Welcome <?php echo $_GET[&quot;name&quot;]; ?>.<br /> You are <?php echo $_GET[&quot;age&quot;]; ?> years old!

If you are accepting name and age from a form, you can give output like following: Welcome <?php echo $_GET[&quot;name&quot;]; ?>.<br /> You are <?php echo $_GET[&quot;age&quot;]; ?> years old!

$_POST Parameters are encoded as request body More secure No length limitation Mostly used See an example next

Parameters are encoded as request body

More secure

No length limitation

Mostly used

See an example next

$_POST Example If you are accepting name and age from a form, you can give output like following: Welcome <?php echo $_GET[&quot;name&quot;]; ?>.<br /> You are <?php echo $_GET[&quot;age&quot;]; ?> years old! So, what's the difference? - apparently that, it includes name & age parameters in request body!

If you are accepting name and age from a form, you can give output like following: Welcome <?php echo $_GET[&quot;name&quot;]; ?>.<br /> You are <?php echo $_GET[&quot;age&quot;]; ?> years old!

So, what's the difference? - apparently that, it includes name & age parameters in request body!

isset() Check a particular variable is set or not Typically used to check existance, and so to give respective error message if the value is required Example : if(isset($name) == true) echo “name entered”; else echo “please enter your name”;

Check a particular variable is set or not

Typically used to check existance, and so to give respective error message if the value is required

Example : if(isset($name) == true) echo “name entered”; else echo “please enter your name”;

array_key_exists() Similar to isset(), checks if value exists in array Initially known as key_exists() if (array_key_exists(key, array)) { ... } Example : if (array_key_exists('name', $person)) echo &quot;name entered&quot;; else echo &quot;please enter your name&quot;;

Similar to isset(), checks if value exists in array

Initially known as key_exists()

if (array_key_exists(key, array)) { ... }

Example : if (array_key_exists('name', $person)) echo &quot;name entered&quot;; else echo &quot;please enter your name&quot;;

Validating data User input via form, as we have seen Accept data, check its validity and report to the user How? See next!

User input via form, as we have seen

Accept data, check its validity and report to the user

How? See next!

Example 1 - simple index.htm <html> <body> <form name =”test_form1” method = “POST” action = “form_process.php”> <p/>User Name <input type = “text” name = “name”/> <br/><p>User Name <input type = “text” name = “age”/> <br><input type = “submit” value = “Validate Me”/> </form> <body> </html>

index.htm <html> <body> <form name =”test_form1” method = “POST” action = “form_process.php”> <p/>User Name <input type = “text” name = “name”/> <br/><p>User Name <input type = “text” name = “age”/> <br><input type = “submit” value = “Validate Me”/> </form> <body> </html>

form_process.php <?php $name = $_POST['name']; $age = $_POST['age']; // validity of age $valid_age = strspn($age, &quot;1234567890&quot;) == strlen($age); // above can be achieved also, as under: // $valid_age = preg_match('/^d+$/', $age); if(!isset($name)) die(“Name is not given!”); if(!$valid_age) die(“Age is invalid”); ?>

form_process.php <?php $name = $_POST['name']; $age = $_POST['age']; // validity of age $valid_age = strspn($age, &quot;1234567890&quot;) == strlen($age); // above can be achieved also, as under: // $valid_age = preg_match('/^d+$/', $age); if(!isset($name)) die(“Name is not given!”); if(!$valid_age) die(“Age is invalid”); ?>

Example 2 – Self Processing <html> <body> <form action=&quot;<?= $PHP_SELF ?>&quot; method=&quot;POST&quot;> Name: <input type=text name=&quot;name&quot; value=&quot;<?= $name ?>&quot; /><br /> Status: <input type=&quot;checkbox&quot; name=&quot;status&quot; value=&quot;active&quot; <?php if($status == 'active') { echo 'checked'; } ?> /> Active<br/> Media: <select name=&quot;media_type&quot;> <option value=&quot;&quot;>Choose one</option> <option value=&quot;picture&quot; <?php media_selected('picture') ?> />Picture</optio <option value=&quot;audio&quot; <?php media_selected('audio') ?> />Audio</option> <option value=&quot;movie&quot; <?php media_selected('movie') ?> />Movie</option> </select><br /> File: <input type=&quot;text&quot; name=&quot;filename&quot; value=&quot;<?= $filename ?>&quot; /><br />Caption: <textarea name=&quot;caption&quot;><?= $caption ? ></textarea><br />

<html> <body> <form action=&quot;<?= $PHP_SELF ?>&quot; method=&quot;POST&quot;> Name: <input type=text name=&quot;name&quot; value=&quot;<?= $name ?>&quot; /><br /> Status: <input type=&quot;checkbox&quot; name=&quot;status&quot; value=&quot;active&quot; <?php if($status == 'active') { echo 'checked'; } ?> /> Active<br/> Media: <select name=&quot;media_type&quot;> <option value=&quot;&quot;>Choose one</option> <option value=&quot;picture&quot; <?php media_selected('picture') ?> />Picture</optio <option value=&quot;audio&quot; <?php media_selected('audio') ?> />Audio</option> <option value=&quot;movie&quot; <?php media_selected('movie') ?> />Movie</option> </select><br /> File: <input type=&quot;text&quot; name=&quot;filename&quot; value=&quot;<?= $filename ?>&quot; /><br />Caption: <textarea name=&quot;caption&quot;><?= $caption ? ></textarea><br />

<input type=&quot;hidden&quot; name=&quot;tried&quot; value=&quot;yes&quot; /> <input type=&quot;submit&quot; value=&quot;<?php echo $tried ? 'Continue' : 'Create'; ? >&quot; /> </form> </body> </html>

<input type=&quot;hidden&quot; name=&quot;tried&quot; value=&quot;yes&quot; /> <input type=&quot;submit&quot; value=&quot;<?php echo $tried ? 'Continue' : 'Create'; ? >&quot; /> </form> </body> </html>

<?php $name = $_POST['name']; $media_type = $_POST['media_type']; $filename = $_POST['filename']; $caption = $_POST['caption']; $tried = ($_POST['tried'] == 'yes'); if ($tried) { $validated = (!empty($name) && !empty($media_type) && ! empty($filename)); if (!$validated) { ?> <p> The name, media type, and filename are required fields. Please fill them out to continue. </p> <?php }

<?php $name = $_POST['name']; $media_type = $_POST['media_type']; $filename = $_POST['filename']; $caption = $_POST['caption']; $tried = ($_POST['tried'] == 'yes'); if ($tried) { $validated = (!empty($name) && !empty($media_type) && ! empty($filename)); if (!$validated) { ?> <p> The name, media type, and filename are required fields. Please fill them out to continue. </p> <?php }

} if ($tried && $validated) { echo '<p>The item has been created.</p>'; } // was this type of media selected? print &quot;selected&quot; if so function media_selected ($type) { global $media_type; if ($media_type == $type) { echo &quot;selected&quot;; } } ?>

} if ($tried && $validated) { echo '<p>The item has been created.</p>'; } // was this type of media selected? print &quot;selected&quot; if so function media_selected ($type) { global $media_type; if ($media_type == $type) { echo &quot;selected&quot;; } } ?>

Whats next?