PHP Forms and User Input
PHP Form Handling
The most important thing to notice when dealing with HTML forms and PHP is that any form element in an HTML page will automatically be available to your PHP scripts.Form example:
<html>
<body>
<form action="welcome.php" method="post">
Name: <input type="text" name="name" />
Age: <input type="text" name="age" />
<input type="submit" />
</form>
</body>
</html>
|
The "welcome.php" file looks like this:
<html>
<body>
Welcome <?php echo $_POST["name"]; ?>.<br />
You are <?php echo $_POST["age"]; ?> years old.
</body>
</html>
|
A sample output of the above script may be:
Welcome John.
You are 28 years old.
|
Form Validation
User input should be validated on the browser whenever possible (by client scripts (JavaScript)). Browser validation is faster and you reduce the server load.You should consider using server validation if the user input will be inserted into a database. A good way to validate a form on the server is to post the form to itself, instead of jumping to a different page. The user will then get the error messages on the same page as the form. This makes it easier to discover the error.
PHP $_GET
The $_GET Variable
The $_GET variable is an array of variable names and values sent by the HTTP GET method.The $_GET variable is used to collect values from a form with method="get". Information sent from a form with the GET method is visible to everyone (it will be displayed in the browser's address bar) and it has limits on the amount of information to send (max. 100 characters).
Example
<form action="welcome.php" method="get">
Name: <input type="text" name="name" />
Age: <input type="text" name="age" />
<input type="submit" />
</form>
|
http://www.w3schools.com/welcome.php?name=Peter&age=37
|
Welcome <?php echo $_GET["name"]; ?>.<br />
You are <?php echo $_GET["age"]; ?> years old!
|
Why use $_GET?
Note: When using the $_GET variable all variable names and values are displayed in the URL. So this method should not be used when sending passwords or other sensitive information! However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases.Note: The HTTP GET method is not suitable on large variable values; the value cannot exceed 100 characters.
The $_REQUEST Variable
The PHP $_REQUEST variable contains the contents of both $_GET, $_POST, and $_COOKIE.The PHP $_REQUEST variable can be used to get the result from form data sent with both the GET and POST methods.
Example
Welcome <?php echo $_REQUEST["name"]; ?>.<br />
You are <?php echo $_REQUEST["age"]; ?> years old!
|
PHP $_POST
The $_POST Variable
The $_POST variable is an array of variable names and values sent by the HTTP POST method.The $_POST variable is used to collect values from a form with method="post". Information sent from a form with the POST method is invisible to others and has no limits on the amount of information to send.
Example
<form action="welcome.php" method="post">
Enter your name: <input type="text" name="name" />
Enter your age: <input type="text" name="age" />
<input type="submit" />
</form>
|
When the user clicks the "Submit" button, the URL will not contain any form data, and will look something like this:
http://www.w3schools.com/welcome.php
|
Welcome <?php echo $_POST["name"]; ?>.<br />
You are <?php echo $_POST["age"]; ?> years old!
|
Why use $_POST?
- Variables sent with HTTP POST are not shown in the URL
- Variables have no length limit
The $_REQUEST Variable
The PHP $_REQUEST variable contains the contents of both $_GET, $_POST, and $_COOKIE.The PHP $_REQUEST variable can be used to get the result from form data sent with both the GET and POST methods.
Example
Welcome <?php echo $_REQUEST["name"]; ?>.<br />
You are <?php echo $_REQUEST["age"]; ?> years old!
|
You may like:
.jpg)
0 comments:
Post a Comment