PHP loeng 2 html headtitleRandomtitlehead body pI have
PHP loeng 2
<html> <head><title>Random</title></head> <body> <p>I have randomly selected the number <? php $choice = rand(1, 100); echo $choice; ? >. Its square root is <? php echo sqrt($choice); ? >. </p> </body> </html>
Accessing user information. Creating forms <form method="post" action="random. php"> <p>Range Start: <input type="text" name="begin" /></p> <p>Range End: <input type="text" name="end" /></p> <p><input type="submit" value="Generate" /></p> </form>
Accessing user information. Continue <? php import_request_variables("pg", "form_"); ? > <html> <head> <title>Generate Random Number</title> </head> <body> <p>From the range <? php echo $form_begin; ? > to <? php echo $form_end; ? > I have selected the random number <? php echo rand($form_begin, $form_end); ? >. </p> </body> </html>
Input validation. The preg_match function • if(preg_match("/^[0 -9]{5}$/", $form_zipcode)) { echo "The ZIP code must be a 5 -digit number. "; } sequence of digits will return 1 if that sequence appears anywhere in the string starting and ending with a slash ('/') ^ start of string
Regular Expressions. Continue with validation if(preg_match("^[A-Z]{2}$", $lname)) { echo "The ZIP code must be a 5 -digit number. "; }
Regular Expressions () []. {} ? * + ^ $ grouping range of characters any character copies of the preceding pattern zero or one of the preceding pattern any number of the preceding pattern (including zero) at least one of the preceding pattern start of string end of string treat next character literally instead of as a special symbol
Simple contact form <html><body> <form action="myform. php" method="post"> <p>Your Name: <input type="text" name="yourname" /><br /> E-mail: <input type="text" name="email" /></p> <p>Do you like this website? <input type="radio" name="likeit" value="Yes" checked="checked" /> Yes <input type="radio" name="likeit" value="No" /> No <input type="radio" name="likeit" value="Not sure" /> Not sure</p> <p>Your comments: <br /> <textarea name="comments" rows="10" cols="40"></textarea></p> <p><input type="submit" value="Send it!"></p> </form> </body></html>
All variables passed to the current script via the HTTP POST method are stored in associative array $_POST.
Simple contact form. Script <html> <body> Your name is: <? php echo $_POST['yourname']; ? ><br /> Your e-mail: <? php echo $_POST['email']; ? ><br /> Do you like this website? <? php echo $_POST['likeit']; ? ><br /> Comments: <br /> <? php echo $_POST['comments']; ? > </body> </html>
Validating forms with PHP. htmlspecialchars() <? php $yourname = htmlspecialchars($_POST['yourname']); $email = htmlspecialchars($_POST['email']); $likeit = htmlspecialchars($_POST['likeit']); $comments = htmlspecialchars($_POST['comments']); ? > <html><body> Your name is: <? php echo $yourname; ? ><br /> Your e-mail: <? php echo $email; ? ><br /> Do you like this website? <? php echo $likeit; ? ><br /> Comments: <br /> <? php echo $comments; ? > </body></html> This function will replace HTML chars like < and > to their HTML version < and > .
Why we need the htmlspecialchars() ? Example. <script>location. href('http: //www. SPAM. com')</script> < script> location. href('http: //www. SPAM. com')< /script>
What else to check? Let's do two more things: 1. strip unnecessary characters from the data. 2. if quotes are escaped with a slash let's remove that.
<? php $yourname = check_input($_POST['yourname']); $email = check_input($_POST['email']); $likeit = check_input($_POST['likeit']); $comments = check_input($_POST['comments']); ? > <html><body> Your name is: <? php echo $yourname; ? ><br /> Your e-mail: <? php echo $email; ? ><br /> Do you like this website? <? php echo $likeit; ? ><br /> Comments: <br /> <? php echo $comments; ? > </body></html> <? php function check_input($data){ $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; }? >
Let's edit the check_input function from the previous page function check_input($data, $problem=' ') { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); if ($problem && strlen($data) == 0) { die($problem); } return $data; By default $problem is empty } $yourname = check_input($_POST['yourname'], "Enter your name");
<? php $yourname = check_input($_POST['yourname'], "Enter your name"); $email = check_input($_POST['email']); $likeit = check_input($_POST['likeit']); $comments = check_input($_POST['comments'], "Write your comments"); ? > <html><body> Your name is: <? php echo $yourname; ? ><br /> Your e-mail: <? php echo $email; ? ><br /> Do you like this website? <? php echo $likeit; ? ><br /> Comments: <br /> <? php echo $comments; ? > </body></html> <? php function check_input($data, $problem=''){ $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); if ($problem && strlen($data) == 0) { die($problem); } return $data; } ? >
<? php function check_input($data, $problem='') { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); if ($problem && strlen($data) == 0) { show_error($problem); } return $data; } function show_error($my. Error) { ? > <html> <body> <b>Please correct the following error: </b><br /> <? php echo $my. Error; ? > </body> </html> <? php exit(); } ? >
Validate e-mail address $email = htmlspecialchars($_POST['email']); if (!preg_match("/([w-]+@[w-]+. [w-]+)/", $email)) { die("E-mail address not valid"); Character Description }. a single character p+ It matches any string containing at least one p. w w match any word character [a-z. A-Z 0 -9_] - matches the character - literally s a whitespace character (space, tab, newline) S non-whitespace character d a digit (0 -9) D a non-digit w a word character (a-z, A-Z, 0 -9, _) W a non-word character
FILTER_VALIDATE <!DOCTYPE html> <html><body> <? php // Variable to check $email = "john. doe@example. com"; // Validate email if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) { echo("$email is a valid email address"); } else { echo("$email is not a valid email address"); } ? > </body></html>
Validate URL address $url = htmlspecialchars($_POST['website']); if (!preg_match("/^(https? : //+[w-]+. [w-]+)/i", $url)) { die("URL address not valid"); }
Digits 0 -9 only if (preg_match("/D/", $age)) { die("Please enter numbers only for Age"); }
Letters a-z and A-Z only (no spaces, digits or any other characters) if (preg_match("/[^a-z. A-Z]/", $text)) { die("Please enter letters a-z and A-Z only!"); }
- Slides: 23