Computer Science Canada [Tutorial] Handling Forms |
Author: | rdrake [ Fri Nov 04, 2005 7:50 am ] | ||||
Post subject: | [Tutorial] Handling Forms | ||||
One of the greatest things about PHP is its ability to easily handle forms. Input from one page is sent to another, and can easily be accessed with PHP. Here's a typical example of a form.
Input Types
Now, we have our form created. When 'OK' is clicked, it will send the value of the 'name' box to 'process.php' using the 'GET' method. You're probably wondering what the difference is between the methods? GET is used for simple things. It sends the information through the URL at the top, and can easily be viewed by anyone who is sitting at the computer. Not only that, but it is restricted to a certain length so it's no good for long inputs. POST hides the information and is sent 'behind the scenes' without the user realizing it. This method also allows for much longer input, such as this post I'm posting now. Let's create our process.php file to handle the input.
You can change the 'name' inside the square brackets to whatever you need it to be. $_GET[''] can be changed to $_POST[''], depending on how you make your form. Ours is GET, so we use the first one. Things like check boxes are handled similarly. Only they won't have a changing value like text boxes and others, just a 1 or 0. This indicates whether or not they were selected. I think that just about covers it. Any more questions, just ask. |
Author: | wtd [ Fri Nov 04, 2005 2:14 pm ] |
Post subject: | |
You should discuss validation of input. |
Author: | rdrake [ Fri Nov 04, 2005 3:54 pm ] | ||||||||||||||||
Post subject: | |||||||||||||||||
wtd wrote: You should discuss validation of input. Good idea. Was kinda in a rush to write it, so I'll add it now.
So you have the $_GET['name'] variable set? Now, there are a variety of functions we can perform on it. For this tutorial, I will assign the variable to another, $name, for simplicity sake.
Ok, now we have a value which is not empty nor surrounded by whitespace. Now what? We can also check to see what kind of value the field contains. Why? Well if we want an employee number, we obviously don't want it to be a string, so we can make sure it is indeed a number. For numbers,
A careful combination of these techniques will help you both validate your input and protect your site from attack. Your site will remain more secure if you follow the golden rule, never trust anything a user inputs without checking it first. |
Author: | beard0 [ Mon Nov 07, 2005 3:40 pm ] |
Post subject: | |
$_REQUEST is very useful - it can be used for posts and gets - as well as cookies. I find it very useful, as a form which started out as being a GET may change into a POST without needing to then change your php. |
Author: | wtd [ Mon Nov 07, 2005 5:04 pm ] |
Post subject: | |
One place you might want input validation: Let's say you're building a "Contact Us" form. You want someone to be able to e-mail anyone in the company. The naive approach is just have the user submit the e-mail address of the person they're contacting. But then they can send e-mail to anyone in the world using your page. They can turn you into a spam machine. Instead, you have them submit the name of the person, then compare it against a set of known names. If it's a valid name, you send the e-mail to the corresponding address. If not you reprint the form with an error notice. |
Author: | robotforce [ Sat Apr 07, 2012 6:30 am ] | ||||
Post subject: | Re: [Tutorial] Handling Forms | ||||
rdrake @ Fri Nov 04, 2005 7:50 am wrote: One of the greatest things about PHP is its ability to easily handle forms. Input from one page is sent to another, and can easily be accessed with PHP.
Here's a typical example of a form.
Input Types
Now, we have our form created. When 'OK' is clicked, it will send the value of the 'name' box to 'process.php' using the 'GET' method. You're probably wondering what the difference is between the methods? GET is used for simple things. It sends the information through the URL at the top, and can easily be viewed by anyone who is sitting at the computer. Not only that, but it is restricted to a certain length so it's no good for long inputs. POST hides the information and is sent 'behind the scenes' without the user realizing it. This method also allows for much longer input, such as this post I'm posting now. Let's create our process.php file to handle the input.
You can change the 'name' inside the square brackets to whatever you need it to be. $_GET[''] can be changed to $_POST[''], depending on how you make your form. Ours is GET, so we use the first one. Things like check boxes are handled similarly. Only they won't have a changing value like text boxes and others, just a 1 or 0. This indicates whether or not they were selected. I think that just about covers it. Any more questions, just ask. Can you please do let me know what is the difference between get and post method. In what condition we use get method ? Thanks in advance |
Author: | Nick [ Sat Apr 07, 2012 10:58 am ] |
Post subject: | RE:[Tutorial] Handling Forms |
notice the URL of this page? Specifically the "?p=258731". This shows the page is using get. The difference is whether the data is passed through the URL or if it is hidden by the user. So if I wanted a page that is meant to be shared, such as pastebin, I'd use get. If I was redirected a form with a password which is not meant to be shared (privacy reasons) I'd use post. |
Author: | 2goto1 [ Sat Apr 07, 2012 11:36 am ] |
Post subject: | Re: [Tutorial] Handling Forms |
robotforce @ Sat Apr 07, 2012 6:30 am wrote: Can you please do let me know what is the difference between get and post method. In what condition we use get method ? Thanks in advance The HTTP get method is generally recommended when you want view a page that doesn't alter state in any way. The HTTP post method is generally recommended when you need an action that alters state - create, update, and delete actions are the typical candidates for HTTP posts. An HTTP get is a good candidate for a "view forum thread" action, since viewing a forum thread generally doesn't alter state, so it's a good candidate for the HTTP get method. Delete forum threads buttons, create forum threads buttons, and update forum threads buttons are excellent candidates for HTTP post methods. Realistically state can be altered with the HTTP get method. For example, viewing a forum thread may cause a log to be saved on the server of that forum thread view. Or viewing a product on an e-commerce website may cause the product that you viewed to be saved on the server side in order for the e-commerce website to show you better recommended products that you might be interested in. In general this is an acceptable type of state change that HTTP gets can support. In general avoid supporting create, update, or delete operations with HTTP gets. If you need to ensure search engine optimization, you'll generally need to use HTTP gets. HTTP posts are usually not search engine friendly because good search engines don't post data to forms as they're indexing web pages. Search engines tend to follow HTML links, which are all HTTP get operations. If you have a forum topic that spans 10 pages and you want all 10 pages to be accessible to a search engine, you have to make them all accessible with HTML links in order for search engines to navigate to those additional pages and index their content. Hope that helps a bit. If you Google the topic you'll find a ton of information that can help you to understand the difference more. |