Scribd
Upload
187 views26 pages

PHP 11 Forms - 10282014 PDF

The document discusses forms and handling form data in PHP. It explains that PHP loads form data submitted via GET into the $_GET array and form data submitted via POST into the $_POST array. It demonstrates how to create basic HTML forms with different field types like text, radio buttons, dropdowns. It also shows how to retrieve submitted form data from the $_GET and $_POST arrays in PHP and sanitize values to prevent HTML injection attacks. The document provides an example guessing game form that retrieves and displays previous guesses while displaying messages if the guess is too high, low or correct.

Uploaded by

TommyWong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
187 views26 pages

PHP 11 Forms - 10282014 PDF

The document discusses forms and handling form data in PHP. It explains that PHP loads form data submitted via GET into the $_GET array and form data submitted via POST into the $_POST array. It demonstrates how to create basic HTML forms with different field types like text, radio buttons, dropdowns. It also shows how to retrieve submitted form data from the $_GET and $_POST arrays in PHP and sanitize values to prevent HTML injection attacks. The document provides an example guessing game form that retrieves and displays previous guesses while displaying messages if the guess is too high, low or correct.

Uploaded by

TommyWong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Forms and PHP

Chapter 11

www.php-intro.com

To be used in association with the book:



PHP, MySql, and JavaScript by Robin Nixon

Forms Submit Data


form1.php

<p>Guessing game...</p>
<form>
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess"/></p>
<input type="submit"/>
</form>

$_GET and $_POST


PHP loads the values for the URL parameters into an array
called $_GET and the POST parameters into an array called
$_POST

There is another array called $_REQUEST which merges
GET and POST data

<pre>

The <pre> tag defines pre formatted text, and is displayed in a
fixed-width font (usually Courier), and it preserves both spaces
and line breaks. Usually we use <pre> element when displaying
text with unusual formatting, or some sort of computer code.

<p>Guessing game...</p>
<form>
<p>
<label for="guess">Input Guess</label>
<input type="text" name="guess"
id="guess"/>
</p>
<input type="submit"/></form>
<pre>$_GET:
<?php print_r($_GET);?>
</pre>

form2.php

<p>Guessing game...</p>
form3.php

<form method="post"><p>
<label for="guess">Input Guess</label>
<input type="text" name="guess" size="40" id="guess"/></p>
<input type="submit"/>
</form>
<pre>
$_POST:<?php print_r($_POST);?>
$_GET:<?php
print_r($_GET);?>
</pre>

form4.php

<?php
$oldguess = isset($_POST['guess']) ? $_POST['guess'] : '';
?>
<p>Guessing game...</p>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
<?php echo 'value="' . $oldguess . '"'; ?> /></p>
<input type="submit"/>
</form>

Can anyone guess the output?



What is this program tries to do?

Hygene Alert!

form4.php

What happens when we use an HTML character in a form


field value??

form4.php

<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess"
id="guess"value=""><b>DIE DIE</b>"
/></p>
<input type="submit"/>
</form>

To The Rescue: htmlentities()



<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess
<?php echo 'value="' . htmlentities($oldguess) . '"';?> />
</p>
<input type="submit"/>
</form>

form5.php

<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess"<?php echo 'value="' .
htmlentities($oldguess) . '"';?> />
</p>
<input type="submit"/></form>

<input type="text" name="guess"


id="guess"value="&quot;&gt;&lt;b&gt;DIE DIE&lt;/b&gt;"

/></p>

Guess.php handling incoming POST data (part1)



<?php
$guess = '';
$message = false;
if ( isset($_POST['guess']) ){
// Trick for int/num parameters
$guess = $_POST['guess'] + 0;
if ( $guess == 42 ) $message = "Great job!";
else if ( $guess < 42 ) $message = "Too low";
else $message = "Too high...";
}
?>

guess.php

Guess.php producing the page output (part2)



<html><head>
<title>A Guessing game</title>
</head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php if ( $message !== false )
echo("<p>$message</p>\n");
?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40" <?php
echo 'value="' . htmlentities($guess) . '"';?>
/></p>
<input type="submit"/>
</form>
</body>

Complete guess.php version


<?php
$guess = '';
$message = false;
if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters
$guess = $_POST['guess'] + 0;
if ( $guess == 42 )
$message = "Great job!";
else if ( $guess < 42 )
$message = "Too low";
else
$message = "Too high...";
}?>
<html><head><title>A Guessing game</title></head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php
if ( $message !== false ) echo("<p>$message</p>\n"); ?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
<?php
echo 'value="' . htmlentities($guess) . '"';?>
/></p>
<input type="submit"/>
</form>
</body>

guess.php

<?php
$guess = '';
$message = false;
if ( isset($_POST['guess']) ) {
$guess = $_POST['guess'] + 0;
if ( $guess == 42 )
$message = "Great job!";
else if ( $guess < 42 )
$message = "Too low";
else
$message = "Too high...";
}
?>
<html> ...

guess.php

<html><head><title>A Guessing game</title></head>


<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php if ( $message !== false ) {
echo("<p>$message</p>\n");
}?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
<?php
echo 'value="' . htmlentities($guess) . '"';?>
<input type="submit"/>
</form>
</body>

/></p>

guess.php

Other Input Types


more.php

Text

Password

Radio Button

Check Box

Select / Drop-Down

TextArea

<p>Many field types...</p>


<form method="post" action="more.php">
<p><label for="inp01">Account:</label>
<input type="text" name="account" id="inp01" size="40" ></p>
<p><label for="inp02">Password:</label>
<input type="password" name="pw" id="inp02" size="40" ></p>
<p><label for="inp03">Nick Name:</label>
<input type="text" name="nick" id="inp03" size="40" ></p>

$_POST:Array(!
[account] => Beth [pw] => 12345
[nick] => BK [when] => pm ...)!

more.php

<p>Preferred Time:<br/>
<input type="radio" name="when" value="am">AM<br>
<input type="radio" name="when" value="pm" checked>PM
</p>

$_POST:Array(!
...
[nick] => BK

[when] => pm

[class] => si502

more.php

...)!

more.php

Which buildings do you
<input type="checkbox"
<input type="checkbox"
<input type="checkbox"
Complex<br />
<input type="checkbox"
<input type="checkbox"

want access to?<br />


name="formDoor[]" value="A" />Acorn Building<br />
name="formDoor[]" value="B" />Brown Hall<br />
name="formDoor[]" value="C" />Carnegie
name="formDoor[]" value="D" />Drake Commons<br />
name="formDoor[]" value="E" />Elliot House

<p><label for="inp06">Which soda:


<select name="soda" id="inp06">
<option value="0">-- Please Select --</option>
<option value="1">Coke</option>
<option value="2">Pepsi</option>
<option value="3">Mountain Dew</option>
<option value="4">Orange Juice</option>
<option value="5">Lemonade</option>
</select>
</p>

$_POST:Array(!
...
[class] => si502 [soda] => 0 [snack] => peanuts

more.php

...)!

<p><label for="inp07">Which snack:


<select name="snack" id="inp07">
<option value="">-- Please Select --</option>
<option value="chips">Chips</option>
<option value="peanuts" selected>Peanuts</option>
<option value="cookie">Cookie</option>
</select>
</p>

$_POST:Array(!
...
[class] => si502 [soda] => 0
peanuts ...)!

[snack] =>

more.php

<p><label for="inp08">Tell us about yourself:<br/>


<textarea rows="10" cols="40" id="inp08" name="about">
I love building web sites in PHP and MySQL.
</textarea>
</p>

more.php

$_POST:Array(!
...[about] => I love building web sites in PHP and MySQL.
[dopost] => Submit ...)!

Summary

Forms, $_GET and $_POST



Sanitizing HTML

Create form

Retrieve form

You might also like