ECA 236 Open Source Server Side Scripting PHP

HTML Forms tfield names tno spaces twill match variable names (letters, numbers, underscores) tmethod

accessing variables <form method=”get” action=”test. php”> First Name: <input type=”text” name=”first_name”><br /> Last Name:

accessing variables cont … <form method=”get” action=”test. php”> First Name: <input type=”text” name=”first_name”><br />

self-submission t set the action of the form to itself from a document named

self-submission cont … t isset( ) when passed a variable, isset( ) will return

$self-submission cont … <? php if( isset( $_GET[‘submit’] ) ){ $first_name = $_GET[‘first_name’]; $last_name$

self-submission cont … A more efficient way of setting the action of a form

validating form data tisset( ) treturns TRUE if variable holds a value tdrawback: returns

validating form data tempty( ) treturns TRUE if argument is t “ ” (an

validating form data cont … tstrlen( ) treturns the length of a string tcan

validating form data cont … ttrim( ) tremoves white space from both ends of

validating form data cont … radio buttons <form method=”post” action="<? php echo $_SERVER['PHP_SELF']; ?

validating form data cont … t. Purpose of validation tmake sure the script has

sending values manually Two other ways to pass variables and values 1. HTML form

sending values manually 2. cont … Append name=value pair to anchor tags <a href=”test.

error handling t ERRORS: fatal run-time errors, such as calling a function which does

error handling cont … E_ERROR 1 Fatal run-time errors E_WARNING 2 Run-time warnings (

error handling cont … t default error handling is set to E_ALL & ~E_NOTICE

error handling cont … t example of a WARNING // beginning test echo “<p>.

error handling cont … t example of fatal error // beginning test echo “<p>.

error handling cont … tin a live, production site tturn off error reporting tcreate

error handling in php. ini tchange level of error reporting in php. ini file

error handling functions terror_reporting( ) one argument: level of error reporting // turn off

error handling functions terror_reporting( ) // turn on all error reporting error_reporting( E_ALL );

error handling functions ttemporarily shut off error handling with @ operator // beginning text

error handling functions tset_error_handler( ) one argument: name of custom function tcustom error handler

error handling functions tset_error_handler( ) // define custom error handler set_error_handler( ‘custom. Error’ );

error handling functions tset_error_handler( ) setting all 5 arguments // define custom error handler

$error handling functions tset_error_handler( ) further customization function custom. Error( $type, $msg) { switch($

error handling functions tset_error_handler( ) tthe default error handlers for E_ERROR and E_PARSE cannot

Slides: 32

Download presentation

ECA 236 Open Source Server Side Scripting PHP Form Handling Open Source Server Side Scripting

HTML Forms tfield names tno spaces twill match variable names (letters, numbers, underscores) tmethod t. GET t. POST taction tthe script to which data is sent ECA 236 Open Source Server Side Scripting 2

accessing variables <form method=”get” action=”test. php”> First Name: <input type=”text” name=”first_name”><br /> Last Name: <input type=”text” name=”last_name”> <br /> <input type=”submit” name=”submit”> </form> Three ways to access form data: 1. $first_name and $last_name t variable names are the same as field names t register_globals must be set to ON in php. ini t least secure of the three ways ECA 236 Open Source Server Side Scripting 3

accessing variables cont … <form method=”get” action=”test. php”> First Name: <input type=”text” name=”first_name”><br /> Last Name: <input type=”text” name=”last_name”> <br /> <input type=”submit” name=”submit”> </form> 2. superglobals: $_GET $_POST $_REQUEST t global associative arrays t $first_name = $_GET[‘first_name’]; t only accepted variables are ones submitted through form ECA 236 Open Source Server Side Scripting t introduced in PHP version 4 4

accessing variables cont … <form method=”get” action=”test. php”> First Name: <input type=”text” name=”first_name”><br /> Last Name: <input type=”text” name=”last_name”> <br /> <input type=”submit” name=”submit”> </form> 3. $HTTP_GET_VARS or $HTTP_POST_VARS t associative arrays t $first_name = $HTTP_GET_VARS[‘first_name’]; t PHP version 3 and earlier – still works in version 4 t may be unsupported by future versions ECA 236 Open Source Server Side Scripting 5

self-submission t set the action of the form to itself from a document named test. php, if we wanted to send data to a separate form handler, the form would read: <form method=”get” action=”new. Script. php”> to reference itself, set action to test. php: <form method=”get” action=”test. php”> ECA 236 Open Source Server Side Scripting 6

self-submission cont … t isset( ) when passed a variable, isset( ) will return TRUE if that variable is set to some value, FALSE if the variable is NULL before form is submitted, all variables have a value of NULL once submitted, variable will have one of the following values: t information entered by user ECA 236 Open Source Server Side Scripting 7

$self-submission cont … <? php if( isset( $_GET[‘submit’] ) ){ $first_name = $_GET[‘first_name’]; $last_name$

self-submission cont … <? php if( isset( $_GET[‘submit’] ) ){ $first_name = $_GET[‘first_name’]; $last_name = $_GET[‘last_name’]; echo “Your name is $first_name $last_name”; } else{ ? > <form method=”get” action=”test. php”> First Name: <input type=”text” name=”first_name”><br /> Last Name: <input type=”text” name=”last_name”> <br /> <input type=”submit” name=”submit” value=‘submit’> </form> <? php } ? > 8 ECA 236 Open Source Server Side Scripting

self-submission cont … A more efficient way of setting the action of a form to send data to itself is to use the $PHP_SELF variable accessed through the superglobal $_SERVER $PHP_SELF will always contain the current script’s name as the value <form method=”get” action=” <? php echo $_SERVER[‘PHP_SELF’]; ? > ”> Notice that the reference to the variable must be placed between the <? php ? > tagset ECA 236 Open Source Server Side Scripting 9

validating form data tisset( ) treturns TRUE if variable holds a value tdrawback: returns TRUE if it holds an empty string if( isset( $first_name ) ) { echo “Hello, $first_name. ”; } else{ echo “You forgot to enter your first name. ”; } ECA 236 Open Source Server Side Scripting 10

validating form data tempty( ) treturns TRUE if argument is t “ ” (an empty string) t 0 (zero as an integer) t “ 0” (zero as a string) t NULL t FALSE t array( ) (an empty array) treturns FALSE if it holds a non-empty, non- zero value if( empty( $first_name ) ) { echo “Please enter your first name”; } ECA 236 Open Source Server Side Scripting 11

validating form data cont … tstrlen( ) treturns the length of a string tcan be used to test for empty strings if( strlen( $first_name ) > 0 ){ echo “Hello, $first_name. ”; } else{ echo “You forgot to enter your first name. ”; } ECA 236 Open Source Server Side Scripting 12

validating form data cont … ttrim( ) tremoves white space from both ends of a variable tcan be used to eliminate empty strings, and remove extraneous white space at beginning and end of variables $first_name = trim( $_GET[‘first_name’] ); ECA 236 Open Source Server Side Scripting 13

validating form data cont … radio buttons <form method=”post” action="<? php echo $_SERVER['PHP_SELF']; ? >"> Male: <input type=”radio” name=”gender” value=”male” /> Female: <input type=”radio” name=”gender” value=”female” /> <input type = “submit” name=“submit” /> </form> <? php if( isset( $_POST[‘gender’] ) ){ if( $_POST[‘gender’] == “male” || $_POST[‘gender’] == “female” ){ echo “You claim to be a $_POST[‘gender’]; } else { echo “Please enter a correct value. ”; } 14 ECA 236 Open Source Server Side Scripting

validating form data cont … t. Purpose of validation tmake sure the script has all the information it needs to do what it was designed to do tensure the data is of the right type tadded level of security by reducing user error and user maliciousness ECA 236 Open Source Server Side Scripting 15

sending values manually Two other ways to pass variables and values 1. HTML form hidden input type <input type=”hidden” name=”author” value=”Michael” /> <input type=”hidden” name=”subject” value=”PHP” /> <input type=”hidden” name=”to. Address” value=”mbarath@neo. rr. com” /> ECA 236 Open Source Server Side Scripting 16

sending values manually 2. cont … Append name=value pair to anchor tags <a href=”test. php? author=Michael”>Click Here for author</a> <a href=”test. php? subject=PHP”>Click Here for Subject</a> to access these variables use $_GET or $_REQUEST superglobal $author = $_REQUEST[‘author’]; ECA 236 Open Source Server Side Scripting 17

error handling t ERRORS: fatal run-time errors, such as calling a function which does not exist – cause immediate termination t WARNINGS: non-fatal run-time errors, such as trying to include( ) a file that does not exist t NOTICES: less serious warnings which may result from a bug in your code, but may actually be intentional ( such as using an uninitialized variable) ECA 236 Open Source Server Side Scripting 18

error handling cont … E_ERROR 1 Fatal run-time errors E_WARNING 2 Run-time warnings ( non-fatal errors ) E_PARSE 4 Compile-time parse errors E_NOTICE 8 Notices (may or may not be a problem ) E_CORE_ERROR 16 Fatal start-up errors E_CORE_WARNING 32 Non-fatal start-up errors E_COMPILE_ERROR 64 Fatal compile-time errors E_COMPILE_WARNING 128 Non-fatal compile-time errors E_USER_ERROR 256 User-generated error messages E_USER_WARNING 512 User-generated warnings E_USER_NOTICE 1024 User-generated notices E_ALL ECA 236 All errors, warnings, and notices Open Source Server Side Scripting 19

error handling cont … t default error handling is set to E_ALL & ~E_NOTICE or E_ALL // beginning test echo “<p>. . . begin test. . . </p>”; // include a non-existent variable echo “<p>The variable $no_such_var is not initialized. </p>”; // end test echo “<p>. . . end test. . . </p>“; . . . begin test. . . Notice: undefined variable: no_such_var in test_error. php The variable is not initialized. . end test. . . ECA 236 Open Source Server Side Scripting 20

error handling cont … t example of a WARNING // beginning test echo “<p>. . . begin test. . . </p>”; // include a non-existent file include( ‘no_such_file. inc’ ); // print more test echo “<p>. . . end test. . . </p>“; . . . begin test. . . Warning: main(no_such_file. inc): failed to open stream: No such file or directory in test. Error. php on line 26 . . . end test. . . ECA 236 Open Source Server Side Scripting 21

error handling cont … t example of fatal error // beginning test echo “<p>. . . begin test. . . </p>”; // call to a non-existent function no_such_function( ); // print more test echo “<p>. . . end test. . . </p>“; . . . begin test. . . Fatal error: Call to undefined function: no_such_function() in test. Error. php on line 29 ECA 236 Open Source Server Side Scripting 22

error handling cont … tin a live, production site tturn off error reporting tcreate custom error messages tduring site development tuse highest level of error reporting tdisplay notices, warnings, and errors tto change level of error reporting treconfigure php. ini t. PHP functions ECA 236 Open Source Server Side Scripting 23

error handling in php. ini tchange level of error reporting in php. ini file error_reporting = E_ALL ; or other appropriate value tturn error display functionality on or off error_display = Off ECA 236 Open Source Server Side Scripting 24

error handling functions terror_reporting( ) one argument: level of error reporting // turn off all error reporting error_reporting( 0 ); // beginning text echo “<p>. . . begin text. . . </p>”; // call to a non-existent function no_such_function( ); // print more text echo “<p>. . . end text. . . </p>“; . . . begin text. . . ECA 236 Open Source Server Side Scripting 25

error handling functions terror_reporting( ) // turn on all error reporting error_reporting( E_ALL ); // beginning text echo “<p>. . . begin text. . . </p>”; // call to an undeclared variable echo $undeclared_var; // print more text echo “<p>. . . end text. . . </p>“; . . . begin text. . . Notice: Undefined variable: undeclared_var in test. Error. php on line 77 . . . end text. . . ECA 236 Open Source Server Side Scripting 26

error handling functions ttemporarily shut off error handling with @ operator // beginning text echo “<p>. . . begin text. . . </p>”; // call to a non-existent function @no_such_function( ); // print more text echo “<p>. . . end text. . . </p>“; . . . begin text. . . ECA 236 Open Source Server Side Scripting 27

error handling functions tset_error_handler( ) one argument: name of custom function tcustom error handler function takes at least 2, up to 5 arguments terror type terror message optional: tfile name tline number tcurrent PHP variables ECA 236 Open Source Server Side Scripting 28

error handling functions tset_error_handler( ) // define custom error handler set_error_handler( ‘custom. Error’ ); // create custom function to handle errors function custom. Error( $type, $msg ) { echo "<h 1>Error!</h 1>"; echo "<p>Error code: $type <br />"; echo "Error msg: $msg </p>"; echo "<p>Please contact your system administrator. </p>"; } Error! Error code: 2 Error msg: main(no_such_file. inc): failed to open stream: No such file or directory Please contact your system administrator. ECA 236 Open Source Server Side Scripting 29

error handling functions tset_error_handler( ) setting all 5 arguments // define custom error handler set_error_handler( ‘custom. Error’ ); // create custom function to handle errors function custom. Error( $type, $msg, $file, $line, $vars ) { // statements. . . } ECA 236 Open Source Server Side Scripting 30

$error handling functions tset_error_handler( ) further customization function custom. Error( $type, $msg) { switch($

error handling functions tset_error_handler( ) further customization function custom. Error( $type, $msg) { switch( $type ){ case E_NOTICE: // do nothing break; case E_WARNING: echo “<p>A non-fatal error occurred: $msg </p>”; break; case E_ERROR: die( “<p>A fatal error occurred: $msg </p>” ); break; } ECA 236 Open Source Server Side Scripting 31

error handling functions tset_error_handler( ) tthe default error handlers for E_ERROR and E_PARSE cannot be overwritten by a userdefined function. ECA 236 Open Source Server Side Scripting 32