Unit 4

Unit 4: Handling HTML forms with

PHP and Database:
4.1 Capturing Form Data using GET and POST form methods
4.1.1 Dealing with multiple values including arrays to redirect data
on another page.
4.1.2 Image / file upload implementation with PHP.
4.2 Dealing with Sessions & Cookies while handling forms (with Database)
4.3 Introduction to MySQLi and its data types.
4.3.1 Creating database, tables, relationships in database.
4.3.2 Storing images/files in the database.
4.4 MySQLi various supported database engines.
Capturing Form Data using GET and
POST form methods
• Use GET for retrieving data without side effects,
• while use POST for sending data that will result in a change on the
server.
• Prefer the POST method over GET for sensitive data. GET has
limitations on data size, while POST can handle large amounts of data,
making it suitable for forms and file uploads
Use of methods
<form action=other_page.php method= POST/GET>
Form Elements...
</form>
Form Designing: HTML
<!DOCTYPE HTML>
<html>
<body>

<form action="welcome.php" method="post">

Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>

</body>
</html>
To display the submitted data you could
simply echo all the variables.
The "welcome.php" looks like this:

<html>
<body>
Welcome
<?php
echo $_POST["name"];
?>
<br> Your email address is:
<?php
echo $_POST["email"];
?>
</body>
</html>
Advantages of Using POST
Method
• POST Method can send data without any limitation on size.
• Since the encoded information is embedded in the body of the HTTP
request, it is not visible in the URL, hence the POST Method is
preferred while sharing sensitive information.
• It can also send binary data with the help of POST Method.
Disadvantages of Using POST
Method
• Since it does not embed data submitted by the POST Method in the
URL, hence it is not possible to bookmark the page.
• POST requests do not get stored in browser history.
• POST requests are not cached.
the method is set to GET instead of POST:

• <!DOCTYPE HTML>
<html>
<body>
<form action="welcome_get.php" method="get">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
"welcome_get.php”
<html>
<body>
Welcome
<?php
echo $_GET["name"];
?>
<br> Your email
address is:
<?php
echo $_GET["email"];
?>
</body>
</html>
Advantages of Using GET
Method
• Since the FORM data sent by the GET Method is appended in the URL,
the webpage can be bookmarked with specific query string values.
• Any request made using GET Method remains in the browser history.
• GET Method requests can be cached.
Disadvantages of Using GET
Method
• Since the data sent by the GET method is displayed in the URL of the
webpage, it is not recommended to use GET Method while sending
sensitive information.
• The GET method has a limitation of 2048 characters while sending
data.
GET vs. POST
• Both GET and POST create an array (e.g. array( key1 => value1, key2 => value2, key3 =>
value3, ...)). This array holds key/value pairs, where keys are the names of the form
controls and values are the input data from the user.
• Both GET and POST are treated as $_GET and $_POST.
• These are superglobals, which means that they are always accessible, regardless of
scope - and you can access them from any function, class or file without having to do
anything special.
• $_GET is an array of variables passed to the current script via the URL parameters.
• GET may be used for sending non-sensitive data.
Note: GET should NEVER be used for sending passwords or other sensitive information

• $_POST is an array of variables passed to the current script via the HTTP POST method.
Simple HTML code:
Name: <input type="text" name="name">
E-mail: <input type="text" name="email">
Website: <input type="text" name="website">
Comment: <textarea name="comment" rows="5"
cols="40"></textarea>
Gender:
<input type="radio" name="gender" value="female">Female
<input type="radio" name="gender" value="male">Male
<input type="radio" name="gender" value="other">Other
Form element:

<form method="post" action=“

<?php
echo htmlspecialchars($_SERVER["PHP_SELF"]);
?>“
>
What is the $_SERVER["PHP_SELF"] variable?

The $_SERVER["PHP_SELF"] is a super global variable that returns

the filename of the currently executing script.
What is the htmlspecialchars() function?

The htmlspecialchars() function converts special characters into

HTML entities.
This means that it will replace HTML characters like < and > with &lt;
and &gt;.
This prevents attackers from exploiting the code by injecting HTML or
Javascript code (Cross-site Scripting attacks) in forms.
Validate Form Data With PHP

Do two more things when the user submits the form:

1.Strip unnecessary characters (extra space, tab, newline)
from the user input data (with the PHP trim() function)
2.Remove backslashes \ from the user input data
(with the PHP stripslashes() function)
Validation on name:
<?php
if(isset($_POST["name"]) || isset($_POST["age"]) ) {
if (preg_match("/[^A-Za-z'-]/",$_POST['name'] )) {
die ("invalid name and name should be alpha");
}
echo "Hello ". $_POST['name']. "<br />";
echo "Age: ". $_POST['age']. " years old.";
exit();
}
?>
Index.php
<html>
<body>
<form action = "<?php $_PHP_SELF ?>" method = "POST">
Name: <input type = "text" name = "name" />
Age: <input type = "text" name = "age" />
<input type = "submit" />
</form>
</body>
</html>
Validation on Password
<div class="container">
<form action="/action_page.php">
<label for="usrname">Username</label>
<input type="text" id="usrname" name="usrname" required>

<label for="psw">Password</label>
< input type="password" id="psw" name="psw" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must contain at least
one number and one uppercase and lowercase letter, and at least 8 or more characters" required>

<input type="submit" value="Submit">

</form>
</div>

<div id="message">
<h3>Password must contain the following:</h3>
<p id="letter" class="invalid">A <b>lowercase</b> letter</p>
<p id="capital" class="invalid">A <b>capital (uppercase)</b> letter</p>
<p id="number" class="invalid">A <b>number</b></p>
<p id="length" class="invalid">Minimum <b>8 characters</b></p>
</div>
Clear Input Field on Focus
• Example
<!-- When the input field gets focus, replace its current value with an
empty string -->
<input type="text" onfocus="this.value=''" value="Blabla">
• New Database Using phpMyAdmin.
• Database name: Image_Upload
• Table name: Image
Steps to Exceed the Size of
Image Upload
• The program depicted above can upload a file of up to 2MB in size. This is the default file size in PHP. This size limit can
be updated and exceeded according to your choice. To increase the size limit for file upload, follow the steps discussed
below:
1. Go to the C drive and open the folder named WAMP or XAMPP server.
2. Click on “bin” to open this folder.
3. Open the folder named as the PHP version (the version which you are using).
4. In this folder, search and go to “php.ini”.
5. Now search for the variables:
• upload_max_size = 100M
• post_max_filesize = 100M
6. Update the new values of these variables and save them.
7. Now go to this path: “C:\wamp64\bin\apache\apache2.4.27\bin”.
8. Search and go to “php.ini” and make the same changes.
9. Save the changes.
10. Finally, restart your WAMP or XAMPP server.
11. Run your code on the server.