1. Form Processing in PHP
Dr. Charles Severance
www.wa4e.com
http://www.wa4e.com/code/forms
http://www.wa4e.com/code/forms.zip
2. PHP Global Variables
• Part of the goal of PHP is to make interacting with
HTTP and HTML as easy as possible.
• PHP processes the incoming HTTP request based on
the protocol specifications and drops the data into
various super global variables (usually arrays).
4. Web Server Database Server
Time
Apache
PHP
MySql
Browser
JavaScri
pt
D
O
M
php
code
static
files
RRC/HTTP SQL
Parse
Respons
e
Parse
Reques
t
ind.ph
p
$_GET
get-01.php?x=2
9. Web Server Database Server
Time
Apache
PHP
MySql
Browser
JavaScri
pt
D
O
M
php
code
static
files
RRC/HTTP SQL
Parse
Respons
e
Parse
Reques
t
form1.ph
p
$_POST
11. Forms GET vs. POST
Two ways the browser can send parameters to the web server
• GET - Parameters are placed on the URL which is retrieved.
• POST - The URL is retrieved and parameters are appended
to the request in the HTTP connection.
12. Passing Parameters to The
Server
GET /form1.php?guess=42
Accept: text/html
User-Agent: Lynx/2.4 libwww/2.14
POST /form3.php
Accept: text/html
User-Agent: Lynx/2.4 libwww/2.14
Content-type: application/x-www-form-urlencoded
Content-length: 13
guess=42
HTTP
Request
Browser
Web Server
<input type="text" name="guess" id="yourid" />
13. Web Server Database Server
Time
Apache
PHP
MySql
Browser
JavaScri
pt
D
O
M
php
code
static
files
RRC/HTTP SQL
Parse
Respons
e
Parse
Reques
t
form3.ph
p
$_POST
14. Rules of the POST/GET Choice
• POST is used when data is being created or modified.
• GET is used when you are reading or searching things.
• Web search spiders will follow GET URLs but generally not
POST URLs.
• GET URLs should be “idempotent” - the same URL should
give the “same thing” each time you access it.
• GET has an upper limit of the number of bytes of parameters
and values (think about 2K).
22. <p><label for="inp08">Tell us about yourself:<br/>
<textarea rows="10" cols="40" id="inp08" name="about">
I love building web sites in PHP and MySQL.
</textarea>
</p>
$_POST:
Array(
...
[about] => I love
building web sites in PHP
and MySQL.
[dopost] => Submit
...
)
more.php
24. <p>
<input type="submit" name="dopost" value="Submit"/>
<input type="button"
onclick="location.href='http://www.wa4e.com/'; return false;"
value="Escape">
</p>
$_POST:
Array(
...
[dopost] => Submit
...
)
On submit input types, the text is both in the UI and in $_POST so we tend to look for the key, not the value.
more.php
25. HTML5 Input Types
• HTML5 defines new input types
• Not all browsers support all input types
• They fall back to type="text"
• http://www.w3schools.com/html/
html5_form_input_types.asp
26. Select your favorite color:
<input type="color" name="favcolor" value="#0000ff"><br/>
Birthday:
<input type="date" name="bday" value="2013-09-02"><br/>
E-mail:
<input type="email" name="email"><br/>
Quantity (between 1 and 5):
<input type="number" name="quantity"
min="1" max="5"><br/>
Add your homepage:
<input type="url" name="homepage"><br>
Transportation:
<input type="flying" name="saucer"><br>
http://www.wa4e.com/code/forms/html5.php
Validation happens when you press
submit.
28. Persisting Form
Data
• When we submit forms and there
is an error, we just expect that the
data will remain in the form when
the page is redisplayed.
• The application needs to make
sure to put the previous values
back into the form.
35. Web Server Database Server
Time
Apache
PHP
MySql
Browser
JavaScri
pt
D
O
M
php
code
static
files
RRC/HTTP SQL
Parse
Respons
e
Parse
Reques
t
form3.ph
p
$_POST
36. Incoming Data Validation
Making sure all user data is present and the correct
format before proceeding
• Non-empty strlen($var) > 0
• A number is_numeric($var)
• An email address strpos($var, '@') > 0
• Or filter_var($var, FILTER_VALIDATE_EMAIL) !== false
• ....
40. Model-View-Controller
• A model that defines the elements of
a web application and how they
interact
• View – Produces output
• Model – Handles data
• Controller – Orchestration / Routing
https://en.wikipedia.org/wiki/Model-view-controller
41. Pattern: Processing POST
Data
• Many patterns
for handling
POST data
• No “rules”, just
“suggestions”
<?php
$guess = '';
$message = false;
if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters
$guess = $_POST['guess'] + 0;
if ( $guess == 42 ) {
$message = "Great job!";
} else if ( $guess < 42 ) {
$message = "Too low";
} else {
$message = "Too high...";
}
}
?>
<html>
<head>
<title>A Guessing game</title>
</head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php
if ( $message !== false ) {
echo("<p>$message</p>n");
}
?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
<?php echo 'value="' . htmlentities($guess) . '"';
?>
/></p>
<input type="submit"/>
</form>
</body>
Completely
process incoming
data (if any) -
produce no output
Produce the page
output
guess_mvc.php
What about
frameworks?
48. Summary
• Forms, $_GET and $_POST
• Form fields
• New form fields in HTML5
• Sanitizing HTML
• Data Validation
• Model-View-Controller
49. Acknowledgements / Contributions
These slides are Copyright 2010- Charles R. Severance
(www.dr-chuck.com) as part of www.wa4e.com and made
available under a Creative Commons Attribution 4.0
License. Please maintain this last slide in all copies of the
document to comply with the attribution requirements of
the license. If you make a change, feel free to add your
name and organization to the list of contributors on this
page as you republish the materials.
Initial Development: Charles Severance, University of
Michigan School of Information
Insert new Contributors and Translators here including
names and dates
Continue new Contributors and Translators here
Editor's Notes
#49:Note from Chuck. Please retain and maintain this page as you remix and republish these materials. Please add any of your own improvements or contributions.
![<p>Many field types...</p>
<form method="post" action="more.php">
<p><label for="inp01">Account:</label>
<input type="text" name="account" id="inp01" size="40" ></p>
<p><label for="inp02">Password:</label>
<input type="password" name="pw" id="inp02" size="40" ></p>
<p><label for="inp03">Nick Name:</label>
<input type="text" name="nick" id="inp03" size="40" ></p>
$_POST:
Array
(
[account] => Beth
[pw] => 12345
[nick] => BK
[when] => pm
...
)
more.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-17-320.jpg)
![<p>Preferred Time:<br/>
<input type="radio" name="when" value="am">AM<br>
<input type="radio" name="when" value="pm" checked>PM</p>
$_POST:
Array(
...
[nick] => BK
[when] => pm
[class] => si502
...
)
more.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-18-320.jpg)
![<p>Classes taken:<br/>
<input type="checkbox" name="class1" value="si502" checked>
SI502 - Networked Tech<br>
<input type="checkbox" name="class2" value="si539">
SI539 - App Engine<br>
<input type="checkbox" name="class3">
SI543 - Java<br> </p>
$_POST:
Array(
...
[when] => pm
[class1] => si502
[soda] => 0
...
)
$_POST:
Array(
...
[when] => pm
[class3] => on
[soda] => 0
...
)](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-19-320.jpg)
![<p><label for="inp06">Which soda:
<select name="soda" id="inp06">
<option value="0">-- Please Select --</option>
<option value="1">Coke</option>
<option value="2">Pepsi</option>
<option value="3">Mountain Dew</option>
<option value="4">Orange Juice</option>
<option value="5">Lemonade</option>
</select>
</p>
$_POST:
Array(
...
[class] => si502
[soda] => 0
[snack] => peanuts
...
)
The values can be any string, but numbers are used quite often.
more.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-20-320.jpg)
![<p><label for="inp07">Which snack:
<select name="snack" id="inp07">
<option value="">-- Please Select --</option>
<option value="chips">Chips</option>
<option value="peanuts" selected>Peanuts</option>
<option value="cookie">Cookie</option>
</select>
</p>
$_POST:
Array(
...
[class] => si502
[soda] => 0
[snack] => peanuts
...
)
more.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-21-320.jpg)
![<p><label for="inp08">Tell us about yourself:<br/>
<textarea rows="10" cols="40" id="inp08" name="about">
I love building web sites in PHP and MySQL.
</textarea>
</p>
$_POST:
Array(
...
[about] => I love
building web sites in PHP
and MySQL.
[dopost] => Submit
...
)
more.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-22-320.jpg)
![<p><label for="inp09">Which are awesome?<br/>
<select multiple="multiple" name="code[]" id="inp09">
<option value="python">Python</option>
<option value="css">CSS</option>
<option value="html">HTML</option>
<option value="php">PHP</option>
</select> $_POST:
Array(
...
[code] => Array
(
[0] => css
[1] => html
)
[dopost] => Submit
...
)
more.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-23-320.jpg)
![<p>
<input type="submit" name="dopost" value="Submit"/>
<input type="button"
onclick="location.href='http://www.wa4e.com/'; return false;"
value="Escape">
</p>
$_POST:
Array(
...
[dopost] => Submit
...
)
On submit input types, the text is both in the UI and in $_POST so we tend to look for the key, not the value.
more.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-24-320.jpg)
![<?php
$oldguess = isset($_POST['guess']) ? $_POST['guess'] : '';
?>
<p>Guessing game...</p>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess"
size="40" value="<?= $oldguess ?>"/></p>
<input type="submit"/>
</form>
form4.php
Review: Ternary Operation
“Persisting”
Form Data
Across
Requests
<?= $oldguess ?>
<?php echo($oldguess); ?>](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-29-320.jpg)
![Pattern: Processing POST
Data
• Many patterns
for handling
POST data
• No “rules”, just
“suggestions”
<?php
$guess = '';
$message = false;
if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters
$guess = $_POST['guess'] + 0;
if ( $guess == 42 ) {
$message = "Great job!";
} else if ( $guess < 42 ) {
$message = "Too low";
} else {
$message = "Too high...";
}
}
?>
<html>
<head>
<title>A Guessing game</title>
</head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php
if ( $message !== false ) {
echo("<p>$message</p>n");
}
?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
<?php echo 'value="' . htmlentities($guess) . '"';
?>
/></p>
<input type="submit"/>
</form>
</body>
Completely
process incoming
data (if any) -
produce no output
Produce the page
output
guess_mvc.php
What about
frameworks?](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-41-320.jpg)
![<?php
$oldguess = '';
$message = false;
if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters
$oldguess = $_POST['guess'] + 0;
if ( $oldguess == 42 ) {
$message = "Great job!";
} else if ( $oldguess < 42 ) {
$message = "Too low";
} else {
$message = "Too high...";
}
}
?>
<html>
<head>
<title>A Guessing game</title>
</head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php
if ( $message !== false ) {
echo("<p>$message</p>n");
}
?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
value="<?= htmlentities($oldguess) ?>"/></p>
<input type="submit"/>
</form>
</body>
Model
View
Controller
Context
guess_mvc.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-42-320.jpg)
![<?php
$oldguess = '';
$message = false;
if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters
$oldguess = $_POST['guess'] + 0;
if ( $oldguess == 42 ) {
$message = "Great job!";
} else if ( $oldguess < 42 ) {
$message = "Too low";
} else {
$message = "Too high...";
}
}
?>
<html>
<head>
<title>A Guessing game</title>
</head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php
if ( $message !== false ) {
echo("<p>$message</p>n");
}
?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
value="<?= htmlentities($oldguess) ?>"/></p>
<input type="submit"/>
</form>
</body>
No
HTML
No
Database
Controller
Context
guess_mvc.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-43-320.jpg)
![<?php
$guess = '';
$message = false;
if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters
$guess = $_POST['guess'] + 0;
if ( $guess == 42 ) {
$message = "Great job!";
} else if ( $guess < 42 ) {
$message = "Too low";
} else {
$message = "Too high...";
}
}
?>
<html>
<head>
<title>A Guessing game</title>
</head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php
if ( $message !== false ) {
echo("<p>$message</p>n");
}
?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
value="<?= htmlentities($oldguess) ?></p>
<input type="submit"/> <input type="submit"/>
</form>
</body>
<?php
$oldguess = '';
$message = false;
if ( isset($_POST['guess']) ) {
// Nifty trick
$oldguess = $_POST['guess'] + 0;
if ( $oldguess == 42 ) {
$message = "Great job!";
} else if ( $oldguess < 42 ) {
$message = "Too low";
} else {
$message = "Too high...";
}
}
?>
<html> ...
guess_mvc.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-44-320.jpg)
![<?php
$guess = '';
$message = false;
if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters
$guess = $_POST['guess'] + 0;
if ( $guess == 42 ) {
$message = "Great job!";
} else if ( $guess < 42 ) {
$message = "Too low";
} else {
$message = "Too high...";
}
}
?>
<html>
<head>
<title>A Guessing game</title>
</head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php
if ( $message !== false ) {
echo("<p>$message</p>n");
}
?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
value="<?= htmlentities($oldguess) ?></p>
<input type="submit"/> <input type="submit"/>
</form>
</body>
...
?>
<html>
<head>
<title>A Guessing game</title>
</head>
<body style="font-family: sans-serif;">
<p>Guessing game...</p>
<?php
if ( $message !== false ) {
echo("<p>$message</p>n");
}
?>
<form method="post">
<p><label for="guess">Input Guess</label>
<input type="text" name="guess" id="guess" size="40"
value="<?= htmlentities($oldguess) ?>"></p>
<input type="submit"/>
</form>
</body>](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-45-320.jpg)
![<?php
$oldguess = '';
$message = false;
if ( isset($_POST['guess']) ) {
// Nifty trick
$oldguess = $_POST['guess'] + 0;
if ( $oldguess == 42 ) {
$message = "Great job!";
} else if ( $oldguess < 42 ) {
$message = "Too low";
} else {
$message = "Too high...";
}
}
?>
<html> ...
Note: This code is a little sloppy in terms of its data validation. guess_mvc.php](https://image.slidesharecdn.com/php-04-forms-250220172821-bb8dd77b/85/PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-PHP-04-Forms-46-320.jpg)
