Upload
shanon-sanders
View
217
Download
4
Embed Size (px)
Citation preview
Web Forms with PHP
COEN 351
Displaying and processing a simple form
if( array_key_exists(‘my name’,$_POST)) {
print “Hello, “.$_POST[‘my_name’];
} else {
print <<<_HTML_
<form method=“post” action=“$_SERVER[PHP_SELF]”>
Your name: <input type = “text” name = “my_name”>
<br/>
<input type = “submit” value=“Say Hello”>
</form>
_HTML_;
}
hello.php
Displaying and processing a simple form
Web Browser Web Server
Get /hello.php Check whether there is a variable my_name in $_POST hash
No: Send form
Displaying and processing a simple form
Web Browser Web Server
<form method …
</form>
No: Send formYour name:
Say Hello
Displaying and processing a simple form
Web Browser Web Server
Your name:
Say Hello
“POST /hello.php” my_name = Emil
Emil
Displaying and processing a simple form
Web Browser Web Server
Get /hello.php There is a value for my_nameHello, Emil
Displaying and processing a simple form
if( array_key_exists(‘my name’,$_POST)) {
print “Hello, “.$_POST[‘my_name’];
} else {
print <<<_HTML_
<form method=“post” action=“$_SERVER[PHP_SELF]”>
Your name: <input type = “text” name = “my_name”>
<br/>
<input type = “submit” value=“Say Hello”>
</form>
_HTML_;
}
hello.php
Displaying and processing a simple form $_Server is an auto-global array with
$_Server[’PHP_Self’] pathname part of the current request’s URL
QUERY_STRING part of the URL after ‘?’ character PATH_INFO extra path information tacked onto the end of
the URL after the name of the resource SERVER_NAME DOCUMENT_ROOT REMOTE_ADDR REMOTE_HOST HTTP_REFERER HTTP_USER_AGENT
$_POST array is an auto-global array: Keys are form element names Values are values of the form elements
Displaying and processing a simple form Example is of course horrendously
insecure Some functions needed for sanitization:
strip_tags removes all html tags html_entities replaces special html
characters with their entity equivalents: < to < > to $gt & to & “ to "