PHP Form Handling

The PHP superglobals $_GET and $_POST are used to collect form-data.

<html>
<body>

<form action="welcome.php" method="POST">

Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>

</body>
</html>

When the user fills out the form above and clicks the submit button, the form data is sent for
processing to a PHP file named "welcome.php". The form data is sent with the HTTP POST
method.

To display the submitted data you could simply echo all the variables.

The "welcome.php" looks like this:

<html>
<body>

Welcome <?php echo $_POST["name"]; ?><br>

Your email address is: <?php echo $_POST["email"]; ?>

</body>
</html>
Output

Welcome John
Your email address is [email protected]

GET METHOD

<html>
<body>

<form action="welcome_get.php" method="GET">

Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>

WELCOME.PHP
<html>
<body>

Welcome <?php echo $_GET["name"]; ?><br>

Your email address is: <?php echo $_GET["email"]; ?>

</body>
</html>

PHP Form Validation

HTML form we will be working at in these chapters, contains

various input fields: required and optional text fields, radio
buttons, and a submit button:

PHP Form Validation Example

* required field

Name: *

E-mail: *

Website:

Comment:

Gender: Female Male Other *

Your Input:

The validation rules for the form above are as follows:

 Field Validation Rules
Name Required. + Must only contain letters and whitespace
Required. + Must contain a valid email address (with @
E-mail
and .)
Website Optional. If present, it must contain a valid URL
Comment Optional. Multi-line input field (textarea)
Gender Required. Must select one

Text Fields

The name, email, and website fields are text input elements, and the comment field is a textarea.

The HTML code looks like this:

Name: <input type="text" name="name">

E-mail: <input type="text" name="email">
Website: <input type="text" name="website">
Comment: <textarea name="comment" rows="5" cols="40"></textarea>

Radio Buttons

The gender fields are radio buttons and the HTML code looks like this:

Gender:
<input type="radio" name="gender" value="female">Female
<input type="radio" name="gender" value="male">Male
<input type="radio" name="gender" value="other">Other

The Form Element

The HTML code of the form looks like this:

<form method="post" action="<?php echo

htmlspecialchars($_SERVER["PHP_SELF"]);?>">

When the form is submitted, the form data is sent with method="post".

Error Handling in PHP

Error handling in PHP is simple. An error message with filename,
line number and a message describing the error is sent to the
browser.

PHP Error Handling

When creating scripts and web applications, error handling is an important part. If your code
lacks error checking code, your program may look very unprofessional and you may be open to
security risks.

This tutorial contains some of the most common error checking methods in PHP.

We will show different error handling methods:

 Simple "die()" statements

 Custom errors and error triggers

 Error reporting

Basic Error Handling: Using the die() function

The first example shows a simple script that opens a text file:

<?php
$file=fopen("mytestfile.txt","r");
?>

If the file does not exist you might get an error like this:

Warning: fopen(mytestfile.txt) [function.fopen]: failed to open stream:

No such file or directory in C:\webfolder\test.php on line 2
<?php
if(file_exists("mytestfile.txt")) {
$file = fopen("mytestfile.txt", "r");
} else {
die("Error: The file does not exist.");
}
?>

Now if the file does not exist you get an error like this:

Error: The file does not exist.

The code above is more efficient than the earlier code, because it uses a simple error handling
mechanism to stop the script after the error.
Creating a Custom Error Handler

Creating a custom error handler is quite simple. We simply create a special function that can be
called when an error occurs in PHP.

This function must be able to handle a minimum of two parameters (error level and error
message) but can accept up to five parameters (optionally: file, line-number, and the error
context):

Syntax
error_function(error_level,error_message,
error_file,error_line,error_context)

Parameter Description

Required. Specifies the error report level for the user-defined error. Must be
error_level
a value number. See table below for possible error report levels

error_message Required. Specifies the error message for the user-defined error

error_file Optional. Specifies the filename in which the error occurred

error_line Optional. Specifies the line number in which the error occurred

Optional. Specifies an array containing every variable, and their values, in

error_context
use when the error occurred

Error Report levels

These error report levels are the different types of error the user-defined error handler can be
used for:

Value Constant Description

1 E_ERROR A fatal run-time error. Execution of the script is stopped

A non-fatal run-time error. Execution of the script is not

2 E_WARNING
stopped

A run-time notice. The script found something that might be

8 E_NOTICE an error, but could also happen when running a script
normally
 A fatal user-generated error. This is like an E_ERROR, except
256 E_USER_ERROR it is generated by the PHP script using the function
trigger_error()

A non-fatal user-generated warning. This is like an

512 E_USER_WARNING E_WARNING, except it is generated by the PHP script using
the function trigger_error()

A user-generated notice. This is like an E_NOTICE, except it is

1024 E_USER_NOTICE generated by the PHP script using the function
trigger_error()

2048 E_STRICT Not strictly an error.

All errors and warnings (E_STRICT became a part of E_ALL in

8191 E_ALL
PHP 5.4)

Now lets create a function to handle errors:

function customError($errno, $errstr) {

echo "<b>Error:</b> [$errno] $errstr<br>";
echo "Ending Script";
die();
}

The code above is a simple error handling function. When it is triggered, it gets the error level
and an error message. It then outputs the error level and message and terminates the script.

Set Error Handler

The default error handler for PHP is the built in error handler. We are going to make the function
above the default error handler for the duration of the script.

It is possible to change the error handler to apply for only some errors, that way the script can
handle different errors in different ways. However, in this example we are going to use our
custom error handler for all errors:

set_error_handler("customError");

Since we want our custom function to handle all errors, the set_error_handler() only
needed one parameter, a second parameter could be added to specify an error level.
Example
<?php
//error handler function
function customError($errno, $errstr) {
echo"<b>Error:</b> [$errno] $errstr";
}

//set error handler

set_error_handler("customError");

//trigger error
echo($test);
?>

The output of the code above should be something like this:

Error: [8] Undefined variable: test

Trigger an Error

In a script where users can input data it is useful to trigger errors when an illegal input occurs. In
PHP, this is done by the trigger_error() function.

Example

In this example an error occurs if the "test" variable is bigger than "1":

<?php
$test=2;
if ($test>=1){
trigger_error("Value must be 1 or below");
}
?>

The output of the code above should be something like this:

Notice: Value must be 1 or below

in C:\webfolder\test.php on line 6

An error can be triggered anywhere you wish in a script, and by adding a second parameter, you
can specify what error level is triggered.

Possible error types:

  E_USER_ERROR - Fatal user-generated run-time error. Errors that can not be recovered
from. Execution of the script is halted
 E_USER_WARNING - Non-fatal user-generated run-time warning. Execution of the
script is not halted
 E_USER_NOTICE - Default. User-generated run-time notice. The script found
something that might be an error, but could also happen when running a script normally

Example

In this example an E_USER_WARNING occurs if the "test" variable is bigger than "1". If an
E_USER_WARNING occurs we will use our custom error handler and end the script:

<?php
//error handler function
function customError($errno, $errstr) {
echo"<b>Error:</b> [$errno] $errstr<br>";
echo"Ending Script";
die();
}

//set error handler

set_error_handler("customError",E_USER_WARNING);

//trigger error
$test=2;
if ($test>=1) {
trigger_error("Value must be 1 or below",E_USER_WARNING);
}
?>

The output of the code above should be something like this:

Error: [512] Value must be 1 or below

Ending Script

Error Logging

By default, PHP sends an error log to the server's logging system or a file, depending on how the
error_log configuration is set in the php.ini file. By using the error_log() function you can
send error logs to a specified file or a remote destination.
Sending error messages to yourself by e-mail can be a good way of getting notified of specific
errors.

Send an Error Message by E-Mail

In the example below we will send an e-mail with an error message and end the script, if a
specific error occurs:

<?php
//error handler function
function customError($errno, $errstr) {
echo"<b>Error:</b> [$errno] $errstr<br>";
echo"Webmaster has been notified";
error_log("Error: [$errno] $errstr",1,
"[email protected]","From: [email protected]");
}

//set error handler

set_error_handler("customError",E_USER_WARNING);

//trigger error
$test=2;
if ($test>=1) {
trigger_error("Value must be 1 or below",E_USER_WARNING);
}
?>

The output of the code above should be something like this:

Error: [512] Value must be 1 or below

Webmaster has been notified

And the mail received from the code above looks like this:

Error: [512] Value must be 1 or below

This should not be used with all errors. Regular errors should be logged on the server using the
default PHP logging system.

What is an Exception

With PHP 5 came a new object oriented way of dealing with errors.

Exception handling is used to change the normal flow of the code execution if a specified error
(exceptional) condition occurs. This condition is called an exception.
This is what normally happens when an exception is triggered:

 The current code state is saved

 The code execution will switch to a predefined (custom) exception handler function

 Depending on the situation, the handler may then resume the execution from the saved
code state, terminate the script execution or continue the script from a different
location in the code

We will show different error handling methods:

 Basic use of Exceptions

 Creating a custom exception handler

 Multiple exceptions

 Re-throwing an exception

 Setting a top level exception handler

Basic Use of Exceptions

When an exception is thrown, the code following it will not be executed, and PHP will try to find
the matching "catch" block.

If an exception is not caught, a fatal error will be issued with an "Uncaught Exception" message.

Lets try to throw an exception without catching it:

<?php
//create function with an exception
function checkNum($number) {
if($number>1) {
thrownew Exception("Value must be 1 or below");
}
return true;
}

//trigger exception
checkNum(2);
?>

The code above will get an error like this:

Fatal error: Uncaught exception 'Exception' with message 'Value must be 1 or below' in C:\
webfolder\test.php:6
Stack trace: #0 C:\webfolder\test.php(12):
checkNum(28) #1 {main} thrown in C:\webfolder\test.php on line 6

Try, throw and catch

To avoid the error from the example above, we need to create the proper code to handle an
exception.

Proper exception code should include:

1. try - A function using an exception should be in a "try" block. If the exception does not
trigger, the code will continue as normal. However if the exception triggers, an exception
is "thrown"
2. throw - This is how you trigger an exception. Each "throw" must have at least one
"catch"
3. catch - A "catch" block retrieves an exception and creates an object containing the
exception information
4. <?php
//create function with an exception
function checkNum($number) {
if($number>1) {
thrownew Exception("Value must be 1 or below");
}
return true;
}

//trigger exception in a "try" block

try {
checkNum(2);
//If the exception is thrown, this text will not be shown
echo'If you see this, the number is 1 or below';
}

//catch exception
catch(Exception $e) {
echo'Message: ' .$e->getMessage();
}
?>
The code above will get an error like this:
Message: Value must be 1 or below

The code above will get an error like this:

Message: Value must be 1 or below
1. The checkNum() function is created. It checks if a number is greater than 1. If it is, an
exception is thrown
2. The checkNum() function is called in a "try" block
3. The exception within the checkNum() function is thrown
4. The "catch" block retrieves the exception and creates an object ($e) containing the
exception information
5. The error message from the exception is echoed by calling $e->getMessage() from the
exception object

However, one way to get around the "every throw must have a catch" rule is to set a top level
exception handler to handle errors that slip through.

Creating a Custom Exception Class

To create a custom exception handler you must create a special class with functions that can be
called when an exception occurs in PHP. The class must be an extension of the exception class.

The custom exception class inherits the properties from PHP's exception class and you can add
custom functions to it.

Lets create an exception class:

<?php
class customException extends Exception {
publicfunction errorMessage() {
//error message
$errorMsg = 'Error on line '.$this->getLine().' in '.$this->getFile()
.': <b>'.$this->getMessage().'</b> is not a valid E-Mail address';
return $errorMsg;
}
}

$email = "[email protected]";

try {
//check if
if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
//throw exception if email is not valid
thrownew customException($email);
}
}

catch (customException $e) {

 //display custom message
echo $e->errorMessage();
}
?>

The new class is a copy of the old exception class with an addition of the errorMessage()
function. Since it is a copy of the old class, and it inherits the properties and methods from the
old class, we can use the exception class methods like getLine() and getFile() and getMessage().

Example explained:

The code above throws an exception and catches it with a custom exception class:

1. The customException() class is created as an extension of the old exception class. This
way it inherits all methods and properties from the old exception class
2. The errorMessage() function is created. This function returns an error message if an e-
mail address is invalid

3. The $email variable is set to a string that is not a valid e-mail address

4. The "try" block is executed and an exception is thrown since the e-mail address is invalid

5. The "catch" block catches the exception and displays the error message

Multiple Exceptions

It is possible for a script to use multiple exceptions to check for multiple conditions.It is possible
to use several if..else blocks, a switch, or nest multiple exceptions. These exceptions can use
different exception classes and return different error messages:

<?php
class customException extends Exception {
publicfunction errorMessage(){
//error message
$errorMsg = 'Error on line '.$this->getLine().' in '.$this->getFile()
.': <b>'.$this->getMessage().'</b> is not a valid E-Mail address';
return $errorMsg;
}
}

$email = "[email protected]";

try {
//check if
 if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
//throw exception if email is not valid
thrownew customException($email);
}
//check for "example" in mail address
if(strpos($email, "example") !== FALSE) {
thrownew Exception("$email is an example e-mail");
}
}
catch (customException $e) {
echo $e->errorMessage();
}

catch(Exception $e) {
echo $e->getMessage();
}
?>

Example explained:

The code above tests two conditions and throws an exception if any of the conditions are not
met:

1. The customException() class is created as an extension of the old exception class. This
way it inherits all methods and properties from the old exception class
2. The errorMessage() function is created. This function returns an error message if an e-
mail address is invalid

3. The $email variable is set to a string that is a valid e-mail address, but contains the string
"example"

4. The "try" block is executed and an exception is not thrown on the first condition

5. The second condition triggers an exception since the e-mail contains the string
"example"

6. The "catch" block catches the exception and displays the correct error message

If the exception thrown was of the class custom Exception and there were no custom Exception
catch, only the base exception catch, the exception would be handled there.
Re-throwing Exceptions

Sometimes, when an exception is thrown, you may wish to handle it differently than the standard
way. It is possible to throw an exception a second time within a "catch" block.

A script should hide system errors from users. System errors may be important for the coder, but
are of no interest to the user. To make things easier for the user you can re-throw the exception
with a user friendly message:

<?php
class customException extends Exception {
publicfunction errorMessage() {
//error message
$errorMsg = $this->getMessage().' is not a valid E-Mail address.';
return $errorMsg;
}
}
$email = "[email protected]";
try {
try {
//check for "example" in mail address
if(strpos($email, "example") !== FALSE) {
//throw exception if email is not valid
thrownew Exception($email);
}
}
catch(Exception $e) {
//re-throw exception
thrownew customException($email);
}
}
catch (customException $e) {
//display custom message
echo $e->errorMessage();
}
?>
Example explained:

The code above tests if the email-address contains the string "example" in it, if it does, the
exception is re-thrown:

1. The customException() class is created as an extension of the old exception class. This
way it inherits all methods and properties from the old exception class
2. The errorMessage() function is created. This function returns an error message if an e-
mail address is invalid

3. The $email variable is set to a string that is a valid e-mail address, but contains the string
"example"

4. The "try" block contains another "try" block to make it possible to re-throw the
exception

5. The exception is triggered since the e-mail contains the string "example"

6. The "catch" block catches the exception and re-throws a "customException"

7. The "customException" is caught and displays an error message

If the exception is not caught in its current "try" block, it will search for a catch block on "higher
levels".

Set a Top Level Exception Handler

The set_exception_handler() function sets a user-defined function to handle all

uncaught exceptions:

<?php
function myException($exception){
echo"<b>Exception:</b>" . $exception->getMessage();
}
set_exception_handler('myException');
thrownew Exception('Uncaught Exception occurred');
?>

The output of the code above should be something like this:

Exception: Uncaught Exception occurred

In the code above there was no "catch" block. Instead, the top level exception handler triggered.
This function should be used to catch uncaught exceptions.
Rules for exceptions
 Code may be surrounded in a try block, to help catch potential exceptions
 Each try block or "throw" must have at least one corresponding catch block

 Multiple catch blocks can be used to catch different classes of exceptions

 Exceptions can be thrown (or re-thrown) in a catch block within a try block

A simple rule: If you throw something, you have to catch it.