Forms User input HTML Forms Input is one

Forms User input

HTML Forms Input is one of the most important aspects of any program, in any programming language. How do you retrieve the information that a user has entered into your application? In HTML, input is received through forms which contain text fields, buttons and combo boxes. Once a form is complete a user can submit it. Each component of the form then has data associated with it, in which the user filled in. More about HTML forms: http: //www. tizag. com/html. T/forms. php

Using php or not? Normally the forms can be written with html without using php. Sometimes it is useful to build forms using php too e. g. when a form has a lot of same kind of lines or data is posted as arrays.

HTML Forms with php <? php echo("<form method="post" action="input. php">"); //Text fields echo("Enter Your name: <br /> <input type="text" name="Name” /><br />"); echo("Enter Your weight: <br /> <input type="text" name="Weight” /><br />"); echo("Enter Your height(m): <br /> <input type="text" name="Height” /><br />"); //Selection echo("Select sex: <br />"); echo("<select name="sex">"); echo("<option>Male</option>"); echo("<option>Boy</option>"); echo("<option>Female</option>"); echo("<option>Girl</option>"); echo("</select><br />"); echo("Select size: <br />"); //Option: echo("<input type="radio" name="size" value="small ” />Small <br />"); echo("<input type="radio" name="size" value="medium” />Medium <br />"); echo("<input type="radio" name="size" value="large” />Large <br />"); echo("<br /><input type="submit" name="submit" value="Submit” />"); echo("<br /><input type="reset" name="clear" value="Clear” />"); echo("</form> ");

or HTML Forms with html <h 2>** Team Data Input** </h 2> <form method="post" action="Task 30. php"> <p><b>Team's name </b> <input type="text" name="team. Name" size ="31” /> </p> <table border = "1"> <tr><th>Player</th><th>Points</th></tr> <td> <input type="text" name="player 1” /></td> <td><input type="text" name="points 1” /></td> </tr> <tr> <td><input type="text" name="player 2” /></td> <td><input type="tex" name="points 2"></td> </tr>

The <form> tag The form element creates a form for user input. A form can contain text fields, checkboxes, radio-buttons and more. Forms are used to pass user-data to a specified URL. Form can be written in html only or in PHP. <form method="post" action="Coin. php"> <h 2>Data for a coin</h 2> <table> <tr><th>Radius</th> <td> <input type="text" name="given. Radius" size="30” /></td></tr> <tr><th>Color</th> <td> <input type="text" name="given. Color" size="30” /></td></tr> <tr><th>Material</th> //2. Variables, from form ($_POST array) <td> <input type="text" name="given. Material" size="30” /></td></tr> $r=$_POST["given. Radius"]; //radius in millimeter </table> $c=$_POST["given. Color"]; //color <p><input type="submit" name="submit" value="Submit” /> $m=$_POST["given. Material"]; //material <input type="reset" name="clear" value="Clear” /></p> </form> $area = area. Circle($r); echo("<fieldset><legend><b>Coin</b></legend>"); echo("<p>Area of a <b>$c $m </b>coin with radius of <b>$r</b> millimeter is <b>$area</b> square millimeters. </p>"); echo("</fieldset>");

Works like this <form method="post" action="Coin. php"> <h 2>Data for a coin</h 2> <table> <tr><th>Radius</th> <td> <input type="text" name="given. Radius" size="30“ /> </td></tr> //2. Variables, from form ($_POST array) $r=$_POST["given. Radius"]; //radius in millimeter $c=$_POST["given. Color"]; //color $m=$_POST["given. Material"]; //material

post method <? php echo("<form method="post" action=“show. php">"); When a form is submitted, all HTML variables are passed to a PHP script and assigned their respective variable names. In our example, the input text field is named "Name" so when the form is submitted $Name will hold the value. The variable $submit, that corresponds to the input name="submit", will hold the value "click". In addition to adding the submit button, we must also add a destination for this information and specify how we want it to travel to that place. Adding the following attributes to your <form> will do just this. method - We will only be using the post functionality of method, which sends the data without displaying any of the information to the visitor. action - Specifies the URL to send the data to.

$_POST Variable n n n The $_POST Variable The $_POST variable is an array of variable names and values sent by the HTTP POST method. The $_POST variable is used to collect values from a form with method="post". Information sent from a form with the POST method is invisible to others and has no limits on the amount of information to send.

get method The HTTP method for sending data to the action URL. Default is get. method="get": This method sends the form contents in the URL: URL? name=value&name=value. Note: If the form values contains non-ASCII characters or exceeds 100 characters you MUST use method="post".

$_GET or $_POST Why use $_POST? Variables sent with HTTP POST are not shown in the URL Variables have no length limit However, because the variables are not displayed in the URL, it is not possible to bookmark the page. Why use $_GET? Note: When using the $_GET variable all variable names and values are displayed in the URL. So this method should not be used when sending passwords or other sensitive information! However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases. Note: The HTTP GET method is not suitable on large variable values; the value cannot exceed 100 characters.

$GET Variable n n The $_GET variable is an array of variable names and values sent by the HTTP GET method. The $_GET variable is used to collect values from a form with method="get". Information sent from a form with the GET method is visible to everyone (it will be displayed in the browser's address bar) and it has limits on the amount of information to send (max. 100 characters).

Input form

show. php echo("Enter Your name: <br /> <input type="text" name="Name” /> "); echo("Enter Your weight: <br /> <input type="text" name="Weight” /> "); echo("Enter Your height(m): <br /> <input type="text" name="Height” /> "); Input text field value called Name is copied to array $_POST with index ”Name” available on page show. php echo ("Name: $_POST[“Name”]<br />"); echo ("Weight: $_POST[“Weight”]<br />"); echo ("Height: $_POST[“Height”]<br />"); echo ("Sex: $_POST[“Sex”]<br />"); echo ("Size: $ _POST[“Size“]);

Forms and Arrays for($i=0; $i<PERSONS; $i++){ echo("<tr>". "<td><input type="text" name=“given. Names[]“ /></td>". "<td><input type="text" name=“give. Weights[]“/></td>". "<td><input type="text" name=“given. Heights[]“/></td>". "</tr>"); }$names = $_POST[”given. Names”]; $heights = $_POST[”given. Heights”]; $weights = $_POST[”given. Weights”]; echo("<table border="box""); echo("<tr><th>Person</th><th>Height (m)</th><th>Weight (kg)</th><th>BM Index</th>". "<th>Description</th></tr>"); for($i=0; $i<count($names); $i++){ echo("<tr><td>$names[$i]</td><td>$heights[$i]</td>". } echo("</table>"); "<td>$weights[$i]</td><td>$formatted. Index[$i]</td>". "<td>$bmi. Text[$i]</td></tr>");

Testing of Inputted Values Test. Ok. php

Input. Test. php <? php $error. Message = ''; // isset(), returns true if not NULL so the age is given if(! isset($age)) { // is the given age positive if ($age>=0) { header('Location: Tested. Ok. php'); exit; } else { $error. Message = "Sorry, given age must be a positive number. "; }}? > <html> <head> <title> Input value testing. </title> <meta http-equiv="Content-Type" content="text/html"> </head> <body> <? php if ($error. Message != '') { echo("<p><font color="#aa 0000"> $error. Message</font></b></p>"); } ? > <h 1>Input value testing. </h 1> <hr> Input. Test. php Tested. Ok. php <form action="Input. Test. php" method="post"> <h 3> Your name<br /> <input type="text" name="name" /> </h 3> <h 3> Age<br /> <input type="text" name="age" /> </h 3> <p> <input type="submit" value="Ok" /> <input type="reset" value="Clear" /> </p> </form>… Tested. Ok. php <title>Tested and Ok. </title> </head> <body> <h 2>Given age is tested and is ok. </h 2> <? php include("w 3 c. html"); ? > </body> </html>

$_POST for Security Reasons n Data sent from a input form with GET- tai POST-method are collected to global variables. The common way is to name the input field as the variable used. This creates a global E. g. <? php echo "Name: $name "; echo "Email: $email "; ? > n Using global variables is working only if php is configured to use globals (setting register_globals). n In new PHP versions this setting is not automatically on. In this case the values must be fetched from global arrays: n The array consists all the variables sent. $_GET => with GET-method sent variables $_POST => with POST-method sent variables n n n n PHP-developers are recommended to start using these arrays because the use of global variables is a security risk! Now you should start using: : <? php echo "Name: ". $_POST[“name"]. " "; echo "Email: ". $_POST["email"]; ? >

Java. Script for testing forms

Java. Scripting <form action="Tested. Ok. php" method="post" name = "input. Form" on. Submit="return sending(input. Form); "> <table> <!--Input fields--> <tr><td>Firstname (1 -25 chars)</td> <td><input type="text" name="name" size="50" maxlength="50“/></td></tr> <tr><td>Age (1 -120 years): </td> <td><input type="text" name="age" size="50" maxlength="50“/ ></td></tr> function sending(input. Form) { <tr><td>Email (optional)</td> <td><input type="text" name="email" size="50" maxlength="50“/></td></tr> if (name_ok(input. Form. name) && age_ok(input. Form. age) && email_ok(input. Form. email)) <!--Submit and reset--> { <tr><td><input type="submit" value="Submit“ /> if (confirm("Do you want to sent the inputted data? ")) <input type="reset" value="Reset“ /></tr> return true; </table> else </form> return false; } else return false; } </script>

Security with forms Test SQL injection n Do some Java. Script testing already on client side n Test all data again on server side n Use complete Regular Expressions n Accept forms only from the same server n No mail() forms n No files See SECURITY in PHP Bible page 531 -> See helpdesk notes n

$_SERVER['PHP_SELF'] $_SERVER It is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the » CGI 1. 1 specification, so you should be able to expect those. PHP_self The filename of the currently executing script, relative to the document root.

<form method="post" action = "<? php echo $_SERVER['PHP_SELF'] ? >"> <h 2>Data for a room</h 2> <table> <tr><th>Width</th> <td> <input type="text" name="given. Width" size="30"></input></td></tr> <tr><th>Length</th> <td> <input type="text" name="given. Length" size="30"></input></td></tr> </table> <p><input type="submit" name="submit" value="Submit"></input> <input type="reset" name="clear" value="Clear"></input></p> </form>

Test $_POST[’submit’] To avoid unwanted calculation without filled form, test if submit button is clicked <? php if(! isset($_POST['submit'])){ //If submit is NOT clicked echo("<h 3>Go back: fill the form and submit it </h 3>"); }else{ //START: submit is clicket //1. Included files include ("calculation. inc"); //2. Arrays are received from input form $names=$_POST['names. F']; $heights=$_POST['heights. F']; $weights=$_POST['weights. F'];