Web Forms with PHP

COEN 351

Displaying and processing a simple form

if( array_key_exists(‘my name’,$_POST)) {

print “Hello, “.$_POST[‘my_name’];

} else {

print <<<_HTML_

<form method=“post” action=“$_SERVER[PHP_SELF]”>

Your name: <input type = “text” name = “my_name”>

<br/>

<input type = “submit” value=“Say Hello”>

</form>

_HTML_;

}

hello.php

Displaying and processing a simple form

Web Browser Web Server

Get /hello.php Check whether there is a variable my_name in $_POST hash

No: Send form

Displaying and processing a simple form

Web Browser Web Server

<form method …

</form>

No: Send formYour name:

Say Hello

Displaying and processing a simple form

Web Browser Web Server

Your name:

Say Hello

“POST /hello.php” my_name = Emil

Emil

Displaying and processing a simple form

Web Browser Web Server

Get /hello.php There is a value for my_nameHello, Emil

Displaying and processing a simple form

if( array_key_exists(‘my name’,$_POST)) {

print “Hello, “.$_POST[‘my_name’];

} else {

print <<<_HTML_

<form method=“post” action=“$_SERVER[PHP_SELF]”>

Your name: <input type = “text” name = “my_name”>

<br/>

<input type = “submit” value=“Say Hello”>

</form>

_HTML_;

}

hello.php

Displaying and processing a simple form $_Server is an auto-global array with

$_Server[’PHP_Self’] pathname part of the current request’s URL

QUERY_STRING part of the URL after ‘?’ character PATH_INFO extra path information tacked onto the end of

the URL after the name of the resource SERVER_NAME DOCUMENT_ROOT REMOTE_ADDR REMOTE_HOST HTTP_REFERER HTTP_USER_AGENT

$_POST array is an auto-global array: Keys are form element names Values are values of the form elements

Displaying and processing a simple form Example is of course horrendously

insecure Some functions needed for sanitization:

strip_tags removes all html tags html_entities replaces special html

characters with their entity equivalents: < to &lt > to $gt & to &amp “ to &quot