84
PHP-Einf¨ uhrung - Lesson 3 - Processing forms Alexander Lichter June 27, 2017
PHP-Einfuhrung - Lesson 3 - Processing forms
Alexander Lichter
June 27, 2017
Content of this lesson
1. Recap
2. Security notice
3. Functions
4. Understanding of HTTP Requests
5. PHP Superglobals
6. Form Handling
7. Input Validation and Security
1
Recap
A short recap
Well.. essentially we learned most of the basic control structures and can
write somewhat mighty programs.
But these are not dynamic enough at
the moment, because we cannot process user input yet! That’s what we
want to change in this lesson.
2
A short recap
Well.. essentially we learned most of the basic control structures and can
write somewhat mighty programs. But these are not dynamic enough at
the moment, because we cannot process user input yet! That’s what we
want to change in this lesson.
2
Security notice
Security notice
As you’ve seen in the content overview, our last chapter is Input
Validation and Security. All code examples before this chapter lack on
security and validation methods.
Please, do not use them in production,
otherwise you open the box of Pandora for your (live) website!
3
Security notice
As you’ve seen in the content overview, our last chapter is Input
Validation and Security. All code examples before this chapter lack on
security and validation methods. Please, do not use them in production,
otherwise you open the box of Pandora for your (live) website!
3
Functions
Functions
Before diving into forms, we need to learn another important control
structure to stop repeating our codes and make it easier, shorter and
better!
Functions!
1 <?php
2 f u n c t i o n ou tpu tG r e e t i n g ( $name ) {3 echo ”Hey $name” ;
4 }5 ou tPutGre e t i ng ( ” Pete r ” ) ; // C a l l the f u n c t i o n
6
Each function has a name after the function keyword, 0 to n arguments,
a function body (that is executed when the function is called) and
sometimes a return value
4
Functions
Before diving into forms, we need to learn another important control
structure to stop repeating our codes and make it easier, shorter and
better! Functions!
1 <?php
2 f u n c t i o n ou tpu tG r e e t i n g ( $name ) {3 echo ”Hey $name” ;
4 }5 ou tPutGre e t i ng ( ” Pete r ” ) ; // C a l l the f u n c t i o n
6
Each function has a name after the function keyword, 0 to n arguments,
a function body (that is executed when the function is called) and
sometimes a return value
4
Functions
Before diving into forms, we need to learn another important control
structure to stop repeating our codes and make it easier, shorter and
better! Functions!
1 <?php
2 f u n c t i o n ou tpu tG r e e t i n g ( $name ) {3 echo ”Hey $name” ;
4 }5 ou tPutGre e t i ng ( ” Pete r ” ) ; // C a l l the f u n c t i o n
6
Each function has a name after the function keyword, 0 to n arguments,
a function body (that is executed when the function is called) and
sometimes a return value
4
Functions
Before diving into forms, we need to learn another important control
structure to stop repeating our codes and make it easier, shorter and
better! Functions!
1 <?php
2 f u n c t i o n ou tpu tG r e e t i n g ( $name ) {3 echo ”Hey $name” ;
4 }5 ou tPutGre e t i ng ( ” Pete r ” ) ; // C a l l the f u n c t i o n
6
Each function has a name after the function keyword, 0 to n arguments,
a function body (that is executed when the function is called) and
sometimes a return value
4
Functions with return value
To structure your code, it’s worth it to create function for repetitive tasks
1 <?php
2 f u n c t i o n sum( $x , $y ) {3 r e t u r n $x + $y ;
4 }5 echo ”9 + 5 = ” . sum (9 , 5 ) . ”<br>” ;
6 echo ”189 + 25 = ” . sum(189 ,25) ;
7
Keep that in mind!
5
Functions with return value
To structure your code, it’s worth it to create function for repetitive tasks
1 <?php
2 f u n c t i o n sum( $x , $y ) {3 r e t u r n $x + $y ;
4 }5 echo ”9 + 5 = ” . sum (9 , 5 ) . ”<br>” ;
6 echo ”189 + 25 = ” . sum(189 ,25) ;
7
Keep that in mind!
5
Functions with return value
To structure your code, it’s worth it to create function for repetitive tasks
1 <?php
2 f u n c t i o n sum( $x , $y ) {3 r e t u r n $x + $y ;
4 }5 echo ”9 + 5 = ” . sum (9 , 5 ) . ”<br>” ;
6 echo ”189 + 25 = ” . sum(189 ,25) ;
7
Keep that in mind!
5
Functions with default values
Arguments/Parameters can also have default values!
1 <?php
2 f u n c t i o n setType ( $name , $type = ”Student ” ) {3 echo ”$name i s c u r r e n t l y a $type ” ;
4 }5 setType ( ”Norbe r t ” ) ;
6 setType ( ”Klaus ” , ”Teacher ” ) ;
7
6
Functions with default values
Arguments/Parameters can also have default values!
1 <?php
2 f u n c t i o n setType ( $name , $type = ”Student ” ) {3 echo ”$name i s c u r r e n t l y a $type ” ;
4 }5 setType ( ”Norbe r t ” ) ;
6 setType ( ”Klaus ” , ”Teacher ” ) ;
7
6
Functions with default values
Arguments/Parameters can also have default values!
1 <?php
2 f u n c t i o n setType ( $name , $type = ”Student ” ) {3 echo ”$name i s c u r r e n t l y a $type ” ;
4 }5 setType ( ”Norbe r t ” ) ;
6 setType ( ”Klaus ” , ”Teacher ” ) ;
7
6
Understanding of HTTP
Requests
HTTP - The protocol of the Internet
HTTP (short for Hypertext Transport Protocol) is used for
communicating between a client and the server.
It is a request-response protocol: By entering an URL in your browser,
your browser perfoms a GET request to the server and displays the
response, which can be HTML, a file (which you can download) or
anything else. The response also contains a status code (200 means OK
for example, you all know some more I guess). You can add to your
request body data by using a POST request.
There are some more methods than just GET and POST, but we will
cover those in a later lesson.
7
HTTP - The protocol of the Internet
HTTP (short for Hypertext Transport Protocol) is used for
communicating between a client and the server.
It is a request-response protocol: By entering an URL in your browser,
your browser perfoms a GET request to the server and displays the
response, which can be HTML, a file (which you can download) or
anything else. The response also contains a status code (200 means OK
for example, you all know some more I guess).
You can add to your
request body data by using a POST request.
There are some more methods than just GET and POST, but we will
cover those in a later lesson.
7
HTTP - The protocol of the Internet
HTTP (short for Hypertext Transport Protocol) is used for
communicating between a client and the server.
It is a request-response protocol: By entering an URL in your browser,
your browser perfoms a GET request to the server and displays the
response, which can be HTML, a file (which you can download) or
anything else. The response also contains a status code (200 means OK
for example, you all know some more I guess). You can add to your
request body data by using a POST request.
There are some more methods than just GET and POST, but we will
cover those in a later lesson.
7
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
Visibility
Yes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
Bookmarked
Yes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser History
Creates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache
Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length
Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
button
Nothing special Resend alert
8
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
PHP Superglobals
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
Superglobals - Example
Assuming you call the following script with the parameters
?name=Alex&age=20&lesson=3
1 <?php
2 echo ”Name : ” . $ GET [ ’ name ’ ] . ”<br>” ;
3 echo ”Age : ” . $ REQUEST [ ’ age ’ ] . ”<br>” ;
4 //Would not work because the HTTP method i s GET
5 // echo ” Lesson : ” . $ POST [ ’ l e s s o n ’ ] . ”<br>”;
6 echo ” Lesson : ” . $ GET [ ’ l e s s o n ’ ] . ”<br>” ;
7 echo ” S c r i p t name : ” . $ SERVER [ ’PHP SELF ’ ] . ”<br>” ;
8
It will print out the values from the query string and the filename of the
executing script (through $ SERVER[’PHP SELF’]).
11
Form Handling
Our first form
Now we will write our first script that handles form user input. First of
all, we need.. a form!
1 <html>
2 <body>
3
4 <form a c t i o n=”welcome . php” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
As you see, there is no PHP code included yet. It is a simple form that
uses the POST method to send name and e-mail. It will redirect to
welcome.php, because that is the value of the action parameter
12
Our first form
Now we will write our first script that handles form user input. First of
all, we need.. a form!
1 <html>
2 <body>
3
4 <form a c t i o n=”welcome . php” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
As you see, there is no PHP code included yet. It is a simple form that
uses the POST method to send name and e-mail. It will redirect to
welcome.php, because that is the value of the action parameter
12
Our first form
Now we will write our first script that handles form user input. First of
all, we need.. a form!
1 <html>
2 <body>
3
4 <form a c t i o n=”welcome . php” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
As you see, there is no PHP code included yet. It is a simple form that
uses the POST method to send name and e-mail. It will redirect to
welcome.php, because that is the value of the action parameter12
Our first form
If we submit the form now.. it will most likely throw a 404 error, because
our PHP script does not exist yet. Well, you know how to use
superglobals, so write your own welcome.php that does something with
the form data!
1 <html>
2 <body>
3
4 Welcome <?= $ POST [ ”name” ] ; ?><br>
5 Your e−mai l i s : <?= $ POST [ ” ema i l ” ] ; ?>
6
7 </body>
8 </html>
9
As you see, I am using other PHP open/close tags here. You can use
them like this when you want to echo/print something. It’s pretty nice
for ”one-liners” ;)
13
Our first form
If we submit the form now.. it will most likely throw a 404 error, because
our PHP script does not exist yet. Well, you know how to use
superglobals, so write your own welcome.php that does something with
the form data!
1 <html>
2 <body>
3
4 Welcome <?= $ POST [ ”name” ] ; ?><br>
5 Your e−mai l i s : <?= $ POST [ ” ema i l ” ] ; ?>
6
7 </body>
8 </html>
9
As you see, I am using other PHP open/close tags here. You can use
them like this when you want to echo/print something. It’s pretty nice
for ”one-liners” ;)
13
Our first form
If we submit the form now.. it will most likely throw a 404 error, because
our PHP script does not exist yet. Well, you know how to use
superglobals, so write your own welcome.php that does something with
the form data!
1 <html>
2 <body>
3
4 Welcome <?= $ POST [ ”name” ] ; ?><br>
5 Your e−mai l i s : <?= $ POST [ ” ema i l ” ] ; ?>
6
7 </body>
8 </html>
9
As you see, I am using other PHP open/close tags here. You can use
them like this when you want to echo/print something. It’s pretty nice
for ”one-liners” ;)13
Form evaluation in the same script
There is also a way to evaluate the form input on the same page.
First of
all, you need to set the action to the script itself. How you can do that?
1 <html>
2 <body>
3
4 <form a c t i o n=”<?= $ SERVER [ ’ PHP SELF ’ ] ?>” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
And now you need to differ if the form was sent yet or not....
14
Form evaluation in the same script
There is also a way to evaluate the form input on the same page. First of
all, you need to set the action to the script itself. How you can do that?
1 <html>
2 <body>
3
4 <form a c t i o n=”<?= $ SERVER [ ’ PHP SELF ’ ] ?>” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
And now you need to differ if the form was sent yet or not....
14
Form evaluation in the same script
There is also a way to evaluate the form input on the same page. First of
all, you need to set the action to the script itself. How you can do that?
1 <html>
2 <body>
3
4 <form a c t i o n=”<?= $ SERVER [ ’ PHP SELF ’ ] ?>” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
And now you need to differ if the form was sent yet or not....
14
Form evaluation in the same script
There is also a way to evaluate the form input on the same page. First of
all, you need to set the action to the script itself. How you can do that?
1 <html>
2 <body>
3
4 <form a c t i o n=”<?= $ SERVER [ ’ PHP SELF ’ ] ?>” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
And now you need to differ if the form was sent yet or not....
14
Form evaluation in the same script
You can do that by creating a condition on the HTTP request method
1 <?php
2
3 i f ( $ SERVER [ ”REQUEST METHOD” ] == ”POST” ) {4 // Eva l ua t e form he r e
5 } e l s e {6
7 //Show form he re
8 }9
It’s your turn again! Refactor your welcome.php and merge it in the same
script you use to display the form
15
Form evaluation in the same script
You can do that by creating a condition on the HTTP request method
1 <?php
2
3 i f ( $ SERVER [ ”REQUEST METHOD” ] == ”POST” ) {4 // Eva l ua t e form he r e
5 } e l s e {6
7 //Show form he re
8 }9
It’s your turn again! Refactor your welcome.php and merge it in the same
script you use to display the form
15
Form evaluation in the same script
You can do that by creating a condition on the HTTP request method
1 <?php
2
3 i f ( $ SERVER [ ”REQUEST METHOD” ] == ”POST” ) {4 // Eva l ua t e form he r e
5 } e l s e {6
7 //Show form he re
8 }9
It’s your turn again! Refactor your welcome.php and merge it in the same
script you use to display the form
15
Input Validation and Security
Form Security - PHP SELF
The most important topic on form handling is Security.
We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
Form Security - Your task
Alright. You final task this week: Create a little calculator that takes two
numbers and calculates all basic results by using forms!
HINTS:
• Use radio buttons for the arithmetic methods (+, -, *, /, %, **)
• Think about error handling. What could go wrong?
• Sanitize your input!
18
Form Security - Your task
Alright. You final task this week: Create a little calculator that takes two
numbers and calculates all basic results by using forms!
HINTS:
• Use radio buttons for the arithmetic methods (+, -, *, /, %, **)
• Think about error handling. What could go wrong?
• Sanitize your input!
18
Form Security - Your task
Alright. You final task this week: Create a little calculator that takes two
numbers and calculates all basic results by using forms!
HINTS:
• Use radio buttons for the arithmetic methods (+, -, *, /, %, **)
• Think about error handling. What could go wrong?
• Sanitize your input!
18
Form Security - Your task
Alright. You final task this week: Create a little calculator that takes two
numbers and calculates all basic results by using forms!
HINTS:
• Use radio buttons for the arithmetic methods (+, -, *, /, %, **)
• Think about error handling. What could go wrong?
• Sanitize your input!
18
