PHP and Form Processing CS 3520 Idea We
- Slides: 41
PHP and Form Processing CS 3520
Idea • We have an HTML form that when user clicks on it in their browser a CGI HTTP request is created by the browser and sent to the server in the URL of the action statement of the form for processing -- • Server o e. g. Apache gets request for a PHP file to run and then it knows where its PHP interpreter is and runs the code and Returns the results to the requesting Client <form action=http: //puzzle. sci. csueastbay. edu /~netid/cart. php method=“POST”> puzzle. sci. csueastbay. edu Server, Asking it to run cart. php
Recall • In this class we are considering sending data from a client (like from a form) via either CGI GET or POST methods!!!
PHP Form Handling The PHP superglobals $_GET to collect form-data. and $_POST are used Example where we send to welcome. php the name and email from a POST form. <html> <body> <form action="welcome. php" method="post"> Name: <input type="text" name="name"> E-mail: <input type="text" name="email"> <input type="submit"> </form> </body> </html> Slide 4 of 40
welcome. php <html> <body> <? php $name=$_POST["name"]; $email=$_POST["email"]; //retrieve the CGI data associated with name //retrieve the CGI data associated with email echo "Your name is ". $name. "<br/>"; echo "Your email is ". $email. "<br/>"; ? > </body> </html> User types into the form Name: Lynne E-mail: ll@gmail. com What client Sees: Your name is Lynne Your email is ll@gmail. com Slide 5 of 40
welcome. php <html> <body> <? php if(isset($_POST["name"]) && isset($_POST["email"]) { $name=$_POST["name"]; $email=$_POST["email"]; Check first to see if the data exists in the _POST array echo "Your name is ". $name. "<br/>"; echo "Your email is ". $email. "<br/>"; } ? > </body> </html> Slide 6 of 40
GET method example <html> <body> <form action="welcome. php" method= "get"> Name: <input type="text" name="name"> E-mail: <input type="text" name="email"> <input type="submit"> </form> </body> </html> Slide 7 of 40
<html> <body> <? php $name=$_GET["name"]; $email=$_GET["email"]; echo "Your name is ". $name. "<br/>"; echo "Your email is ". $email. "<br/>"; ? > </body> </html> Slide 8 of 40
Another Example – with pull down (select) lists
CENG 449 Lecture 11 Slide 10 of 40
Select Forms: <html> <body> <h 4>Art Supply Order Form</h 4> <form action="process. php" method="post"> <select name="item"> <option>Paint</option> <option>Brushes</option> <option>Erasers</option> </select> Quantity: <input name="quantity" type="text" /> <input type="submit" /> </form> </body> </html> Slide 11 of 40
process. php <html> <body> <? php $quantity = $_POST['quantity']; $item = $_POST['item']; echo "You ordered ". $quantity. " ". $item. ". "; echo "Thank you for ordering!"; ? > </body> </html> Slide 12 of 40
CENG 449 Lecture 11 Slide 13 of 40
Another Example- with radio buttons
Slide 15 of 40
<html> <body> <h 3>PHP HTML Form radio button Example</h 3> <form name="info. Form" method="POST" action=“example. php"> Enter Your Full Name : <input name="Full. Name" type="text" placeholder="Fullname"><br/> You are : <input name="Your. Gender" type="radio" value="male" > Male <input name="Your. Gender" type="radio" value="female" > Female <br/> <input name="Btn. Submit" type="submit" value="Submit"> </form> </body> </html> Slide 16 of 40
example. php <html> <body> <? php if(isset($_POST['Btn. Submit'])) { echo "<h 3>Your form data as bellow</h 3>"; echo "</br>Your Name: {$_POST['Full. Name']}"; echo "</br>Your are: {$_POST['Your. Gender']}"; echo "<hr>"; } ? > </body> </html> Slide 17 of 40
Slide 18 of 40
Another example with checkboxes
Slide 20 of 40
Checkbox example: <html> <body> <h 3>PHP HTML Form checkbox Example</h 3> <form action="process. php" method="post"> <input type="checkbox" name="gender" value="Male">Male</input> <input type="checkbox" name="gender" value="Female">Female</input> <input type="submit" name="submit" value="Submit"/> </form> </body> </html> Slide 21 of 40
process. php <html> <body> <? php if (isset($_POST['gender'])) { echo "Your gender is "; echo $_POST['gender']; // Displays value of checked checkbox. } ? > </body> </html> Slide 22 of 40
Slide 23 of 40
More Examples –with buttons
Slide 25 of 40
<html> <body> <h 3>PHP HTML Form button Example</h 3> <form name="info. Form" method="POST" action="process. php"> Enter Your Name : <input name="Full. Name" type="text" placeholder="Name"><br/> Enter Your Sur. Name : <input name="Sur. Name" type="text" placeholder="Surname"><br/> <input type="submit" name="save" value="Save"> <input type="submit" name="clear" value="Clear"> <input type="submit" name="update" value="Update"> </form> </body> </html> Slide 26 of 40
process. php <html> <body> <? php if (isset($_POST['save'])) { echo "Save button is pressed! "; } if (isset($_POST['clear'])) { echo "Clear button is pressed! "; } if (isset($_POST['update'])) { echo "Update button is pressed! "; } ? > </body> </html> Slide 27 of 40
Slide 28 of 40
Example with checkboxes
Slide 30 of 40
Mulltiple Selection Check. Box: <!DOCTYPE html> <body> <p> Please select your book types: </p> <form name="form 1" action="process. php" method="POST"> <input type="checkbox" name="book[]" value="Drama"> Drama <br/> <input type="checkbox" name="book[]" value="Action and Adventure"> Action and Adventure <br/> <input type="checkbox" name="book[]" value="Romance"> Romance <br/> <input type="checkbox" name="book[]" value="Mystery"> Mystery <br/> <input type="checkbox" name="book[]" value="Horror"> Horror <br/> <input type="checkbox" name="book[]" value="Guide"> Guide <br/> <input type="checkbox" name="book[]" value="Science"> Science <br/> <input type="checkbox" name="book[]" value="History"> History <br/> <input type="submit" value="SUBMIT"> </form> </body> </html> Slide 31 of 40
<? php $book. Array=$_POST['book']; echo "Your selected books are <br/>"; foreach ($book. Array as $a. Book) { echo "$a. Book "; } ? > Slide 32 of 40
Slide 33 of 40
Security? ? ?
Security • Option 1: Some SIMPLE things to do with PHP • Option 2: Use SSL and HTTPS
Option 1: Some special ideas • Simple ideas to avoid SOME hacking/attacks possible with forms.
Secure input data To prevent hackers entering your system, use the following approach while inputting the data from user --- strip any incoming CGI data of spaces, etc…see below <? php // define variables and set to empty values $name = $email = $gender = $comment = $website = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $name = test_input($_POST["name"]); $email = test_input($_POST["email"]); $website = test_input($_POST["website"]); $comment = test_input($_POST["comment"]); $gender = test_input($_POST["gender"]); } function test_input($data) { $data = trim($data); // avoids the blank spaces at the beginning and at the end $data = stripslashes($data); // stripes slashes $data = htmlspecialchars($data); // convers special characters such as < return $data; } ? > Slide 37 of 40
What is the htmlspecialchars() function? The htmlspecialchars() function converts special characters to HTML entities. This means that it will replace HTML characters like < and > with < and > . This prevents attackers from exploiting the code by injecting HTML or Javascript code (Cross-site Scripting attacks) in forms. See: http: //www. w 3 schools. com/php_form_validation. asp for an example Slide 38 of 40
<html> <body> SILLY code that displays the form and then the data afterwards as text that was previously typed in --- shows using the htmlspecialchars function <form method="post" action="<? php echo htmlspecialchars($_SERVER["PHP_SELF"]); ? >"> <p>First name: <input type="text" name="firstname" /></p> <p>Last name: <input type="text" name="lastname" /></p> <input type="submit" name="submit" value="Submit" /> </form> </html> <? php NOTE: $_SERVER[“PHP_SELF”] Is equal to the php you are currently processing, code you are in if(isset($_POST['firstname']) && isset($_POST['lastname'])) { echo("First name: ". $_POST['firstname']. " n"); echo("Last name: ". $_POST['lastname']. " n"); } ? > Slide 39 of 40
Slide 40 of 40
<? php if(isset($_POST['firstname']) && isset($_POST['lastname'])) { echo("First name: ". $_POST['firstname']. " n"); echo("Last name: ". $_POST['lastname']. " n"); } ? > <html> <body> <form method="post" action="<? php echo htmlspecialchars($_SERVER["PHP_SELF"]); ? >"> <p>First name: <input type="text" name="firstname" /></p> <p>Last name: <input type="text" name="lastname" /></p> <input type="submit" name="submit" value="Submit" /> </form> </html> Slide 41 of 40
- John deere 3520
- Bmed 3520
- John deere 3520
- Colhedora de cana 3520
- Colhedora de cana john deere 3520
- Colhedora de cana john deere 3520 manutenção
- Colhedora john deere 3520
- Códigos de falha da colhedora 3520
- Nmq john deere
- Cs 3520
- Cs 3520
- Colhedora de cana 3520
- Bmed 3520
- Www.facebook.com.php
- Php php://input
- Is theme and main idea the same thing
- Supporting idea
- Is the main idea the theme
- Unrelated sentences in paragraphs
- What is the implied main idea of the passage
- Neighborhood averaging in image processing
- Examples of secondary processing
- Batch processing and interactive processing
- Expository preaching vs. exegetical preaching
- Gwcp 1042
- Top down processing
- Bottom up processing vs top down processing
- Bottom up and top down processing
- Point processing in image enhancement
- Histogram processing in digital image processing
- Parallel processing vs concurrent processing
- A generalization of unsharp masking is
- Point processing
- Morphological dilation
- Bottom up vs top down psychology
- Present continuous affirmative negative interrogative
- Php input array
- What is displacement current
- Vertex form
- Would contracted form
- Canonical vs standard form
- Https://slidetodoc.com/php-and-my-sql-david-lash-module-3/