web forms in php forms recap way of allowing user interaction allows users to input data that can...
TRANSCRIPT
Web forms in PHP
Forms Recap Way of allowing user interaction Allows users to input data that can then
be processed by a program / stored in a back-end database etc
Large amounts of data can pass from the user to the server (parameters can be passed)
Used in areas like e-commerce
Forms – getting the input
Use a normal XHTML form to get user input, e.g.
… <form action = “processData.php" method = “post"> Surname: <input type = "text" name = “surname“ /> <br /><br /> Address: <input type = "text" name = “address“ /> <br /><br /> <input type = "submit" name = "submit" value = "Send“ /> </form> …
Forms – getting the Input
Different form elements can be used to collect input, e.g. <input type = “text” name = “surname” /> Also radio buttons, checkboxes, select lists, and hidden
Action – <form action = “processData.php" method = “post”> Appends data onto end of http request information Specifies the PHP script stored on the server that we want to
send the data to (e.g. processData.php), so that the script can get it and process it
Submit User completes the form and the request for the processing
script is sent to the server when the “submit” button is clicked The script will then run on the server
Forms 1 - requesting the form
Client requests the XHTML web form from the server, the server then sends the XHTML web form to the client browser where it is displayed
Browser Client (e.g. IE)
Response (the text/XHTML of the web form)
Web Server Software
e.g. Apache / IIS
Files in local_html:getDataFrm.htmlprocessData.php
Web
ServerRequest for getDataFrm.html
Forms 2 - sending data / the response
Data entered on the form is sent by the browser (in parameter name-value pairs) along with the request to the server for the PHP script when the form submit button is clicked
Browser Client (e.g. IE)
Request for processData.php (with parameter name-value pairs e.g.
surname – elvinaddress - SCEIS)
Response (text/XHTML)
Web Server
Web Server Software
e.g. Apache / IIS
Files in local_html:getDataFrm.htmlprocessData.php
PHP Processor
Web
Server
Parameter name-value pairs
Form data is sent in name-value pairs e.g. surname-bloggs, game-chess
name – the name of the form component specified by the name part of the tag, e.g. …
<input type = “text” name = “surname” /><select name = “game”> <option value = “chess”>Chess</option>
<option value = “drafts”>Drafts</option></select>
… value – this is the value entered or selected by the user for the
particular form component
GET and POST
HTTP governs how web browsers request files from web servers and how servers send files back
There are two HTTP methods to pass parameters to the server (to be processed by scripts):
GET GET requests encode form parameters in the URI (in a query
string) i.e. they append data to the URI, e.g.
appendExample.php?surname=kasparov, game=chess
POST For posting lots of data to the server Sends data within the body of an HTTP request Not sent via the URI, therefore invisible in the browser
It is possible to use either with XHTML web forms
Getting and processing data
The $_POST and $_GET arrays can be used by a PHP script to access form parameters
The keys are the parameter names Example: the PHP code for the processData.php script
<?php $surname = $_POST[‘surname’]; $game = $_POST[‘game’]; echo “Surname: $surname <br />"; echo “Game: $game”;?>
Here the parameter values from POST for “surname” and “game” are first copied into variables, and then sent back to the browser in the response for display
The response will vary depending on what the user entered You need to use $_POST (or $_GET) for every INPUT field in
the web form
Forms: an overview
Remember Forms allow users to input data Parameter name-value pairs are passed with the request
to the server This data can be processed by the script
e.g. get it using $_POST (or $_GET) and store it in variables The data can be processed in any way that you like,
including display back to the browser (using echo) via the response
The data sent to the form can vary, and therefore so can the response The particular response is not saved in a file, it is only seen
by the browser that requested the script from the server
Using GET: example
Data parameters encoded in the URI (in a Query String) Example:
<a href = “http://localhost/viewp.php?productID=75”>Product 75</a>
Processing PHP script (viewp.php):
$prodID = $_GET['productID'];
echo "Product Id: $prodID - ";
if ($prodID == "55")
echo "Blue shirt with polka dots";
if ($prodID == "75")
echo "Batman outfit";
Query String
On condition …
Conditional statements allow decision making depending on conditions Allows programs to be dynamic,
executing different pieces of code depending on a condition
Conditional statements include if/else switch
if statement: making decisions Use: evaluate truth of expression (condition). Format of if
if (expression) statement
else alternative statement if the expression was false
elseif format:if (expression 1)
statement 1elseif (expression 2)
statement 2else
default statement if both expressions were false What operators are there?
e.g. !=, <, >, >=, <=, ==, &&, AND, ||, OR
Example web site
Requests and passes parameters to loginEX.php
Code for loginEx.php
…$userN = $_POST[‘username’];$pass = $_POST[‘password’];
echo "Hello $userN <br />";
if ($pass == “adminpass") {echo "<a href = \”secureMenu.html\”>Enter</a> secure Menu
area";}elseif ($pass == "bob") {
echo “Successful login <a href = \”custMenu.php\”>Enter</a> site";}else {
echo "Password invalid. Try <a href =\“loginFormEx.html\”>again</a>";}…
Some string functions
strlen(x) - no of characters in a string strpos(x, “a”) - returns the position, e.g. of a substr(x, start [, length]) - copies piece of string substr_replace(x, y, start[, length]) - replaces x with y strrev(x) - reverses the string
trim(x) - removes white space ltrim(x) - removes white space from start of string rtrim(x) - removes white space from end of string
strtolower(x) - to lower case strtoupper(x) - to upper case ucfirst(x) - makes first character upper case ucwords(x) - first character of each word to uppercase
Improving the login system
Validating input How could we:
Check if the user name was of the correct length?
Remove white space? Remove the effect of case?
Code for loginEx2.php… $userN = trim($_POST['username']); if (strlen($userN) !=5) echo "User names must be exactly 5 characters long. Please try again"; else { $pass = strtolower(trim($_POST['password'])); echo "Hello $userN <br />";
if ($pass == "adminpass") {echo "<a href = \"secureMenu.html\">Enter</a> secure Menu area";
} elseif ($pass == "bob") {
echo "Successful login <a href = \"custMenu.php\">Enter</a> site"; } else {
echo "Password invalid. Try <a href =\"loginFormEx2.html\">again</a>"; } } …
Further validation
Requests and passes parameters to changePassEx.php
•How could we:Check that anything had been entered?Check whether the two entries match?
Code for changePassEx.php
Another example using control structures and string functions
if ((strlen($_POST['newP1']) == 0) && (strlen($_POST['newP2']) == 0)) { echo "You have not entered a new password. Try again";}elseif ((strlen($_POST['newP1']) == 0) || (strlen($_POST['newP2']) == 0)) { echo "You haven't entered the new password twice";}elseif (strcmp($_POST['newP1'], $_POST['newP2']) != 0) { echo "The passwords entered are not the same. Please try again. ";}else { echo "Thanks for the new password";}?>
switch statement
An alternative way of making conditional decisions Unlike with if /elseif, switch evaluates only one expression Used when a single value determines a choice
(and also used when if’s start to look confusing)switch (expression)
case value1: // code to execute if the expression evaluates to value1
break; case value2:
// code to execute if the expression evaluates to value2 break; case value3: // code to execute if the expression evaluates to value3 break; default:
// code to execute if none of the cases above are true
switch example: custMenu.php…Some code to display a menu, then<h1>Current Special Offers</h1>
<?php$month = date("n");switch ($month) { case 2:
echo "Love song album deals for Valentines day";
break; case 12:
echo "Festive season favourites at half price"; break; default:
echo "A general special offer";}?>…