Lab07-PHP04-Forms V1.01
Lab07-PHP04-Forms V1.01
Php
<p>Guessing game...</p>
<form>
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" size="40" id="guess"/></p>
<input type="submit"/>
</form>
<pre>
$_GET:
<?php
print_r($_GET);
?>
</pre>
2. Since the input does not go through sanity check, you should be able to type your
name in the text area. Type in your name and screenshot the output.
Basic Forms (submit data via POST)
1. By using the php code given in the previous basic form, change the method to submit
data from GET to POST.
<p>Guessing game...</p>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" size="40" id="guess"/></p>
<input type="submit"/>
</form>
<pre>
$_POST:
<?php
print_r($_POST);
?>
$_GET:
<?php
print_r($_GET);
?>
</pre>
2. Print out the super global variable $_POST. Insert your name into the text area, and
submit it. You should observe your name for the variable $_POST.
Exploring Various Form Input Types
1. The following code will introduce various kind of form input types. Go through the
following code.
2. Task
- Add one new radio button – male/female
- Add one new input type for email
Exploring different HTML5 input types
1. The following code will introduce various input type. Go through the following code.
2. Apart from the input type above, try out at least 2 new input type.
- Reference: https://www.w3schools.com/html/html_form_input_types.asp
Persisting Form Data
1. After submitting a form (in the case whereby we would like to retain the previous
form data), we will use the following code to retrieve the previous form data.
- Note: Both of the code below have the same meaning.
- “<?= $oldguess ?>
- <?php echo($oldguess); ?>”
<?php
$oldguess = isset($_POST['guess']) ? $_POST['guess'] : '';
?>
<p>Guessing game...</p>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess"
size="40" value="<?= $oldguess ?>" /></p>
<input type="submit"/>
</form>
<pre>
$_POST:
<?php
print_r($_POST);
?>
</pre>
2. As the code did not go through any sanity checking, we can perform html injection.
(This is very bad coding practice, and may lead to severe security
loopholes/vulnerability)
3. By inserting the following value into the text box "><b>DIE DIE</b> , observe
that the html code will be present, and the previous post value will not be available in
the textbox.
https://www.php.net/manual/en/function.print-r.php
return (true)
If you would like to capture the output of print_r(), use the return parameter. When this
parameter is set to TRUE, print_r() will return the information rather than print it.
Input Data Validation
1. The following code will check whether the parameters is empty, length of parameters,
before describing whether the value is too high or too low.
<?php
if ( ! isset($_POST['guess']) ) {
echo("Missing guess parameter");
} else if ( strlen($_POST['guess']) < 1 ) {
echo("Your guess is too short");
} else if ( ! is_numeric($_POST['guess']) ) {
echo("Your guess is not a number");
} else if ( $_POST['guess'] < 42 ) {
echo("Your guess is too low");
} else if ( $_POST['guess'] > 42 ) {
echo("Your guess is too high");
} else {
echo("Congratulations - You are right");
}
?>
2. Add an additional sanity check, to check whether the input is a number. Input “abc”
into the text box, and you should observe “your guess is not a number” on your
browser.
Note: In this exercise, we have received all the input via POST request. However, the entire
exercise should also work properly if you're using GET request. Just change all the $_POST
to $_GET.
Convention Model View Controller (MVC)
1. Modify the code that you have created in this lab to fulfil the convention model view
controller.
2. In MVC, the php code should be located abundantly at the top part, while the output
(html) is located at the bottom part of the code.
- This is just a suggestion, not a rule.
<?php
$oldguess = isset($_POST['guess']) ? $_POST['guess'] : '';
if ( ! isset($_POST['guess']) ) {
$message = ("Missing guess parameter");
} else if ( strlen($_POST['guess']) < 1 ) {
$message = ("Your guess is too short");
} else if ( ! is_numeric($_POST['guess']) ) {
$message =("Your guess is not a number");
} else if ( $_POST['guess'] < 42 ) {
$message =("Your guess is too low");
} else if ( $_POST['guess'] > 42 ) {
$message =("Your guess is too high");
} else {
$message =("Congratulations - You are right");
}
?>
<html>
<head>
<title>A Guessing game</title>
</head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" size="40" id="guess"
value="<?= htmlentities($oldguess) ?>"></p>
<input type="submit"/>
</form>
<?php
if ( $message !== false ) {
echo("<p>$message</p>\n");
}
?>
</body>
</html>