Web forms in PHP

Forms Recap Way of allowing user interaction Allows users to input data that can then

be processed by a program / stored in a back-end database etc

Large amounts of data can pass from the user to the server (parameters can be passed)

Used in areas like e-commerce

Forms – getting the input

Use a normal XHTML form to get user input, e.g.

… <form action = “processData.php" method = “post"> Surname: <input type = "text" name = “surname“ /> <br /><br /> Address: <input type = "text" name = “address“ /> <br /><br /> <input type = "submit" name = "submit" value = "Send“ /> </form> …

Forms – getting the Input

Different form elements can be used to collect input, e.g. <input type = “text” name = “surname” /> Also radio buttons, checkboxes, select lists, and hidden

Action – <form action = “processData.php" method = “post”> Appends data onto end of http request information Specifies the PHP script stored on the server that we want to

send the data to (e.g. processData.php), so that the script can get it and process it

Submit User completes the form and the request for the processing

script is sent to the server when the “submit” button is clicked The script will then run on the server

Forms 1 - requesting the form

Client requests the XHTML web form from the server, the server then sends the XHTML web form to the client browser where it is displayed

Browser Client (e.g. IE)

Response (the text/XHTML of the web form)

Web Server Software

e.g. Apache / IIS

Files in local_html:getDataFrm.htmlprocessData.php

Web

ServerRequest for getDataFrm.html

Forms 2 - sending data / the response

Data entered on the form is sent by the browser (in parameter name-value pairs) along with the request to the server for the PHP script when the form submit button is clicked

Browser Client (e.g. IE)

Request for processData.php (with parameter name-value pairs e.g.

surname – elvinaddress - SCEIS)

Response (text/XHTML)

Web Server

Web Server Software

e.g. Apache / IIS

Files in local_html:getDataFrm.htmlprocessData.php

PHP Processor

Web

Server

Parameter name-value pairs

Form data is sent in name-value pairs e.g. surname-bloggs, game-chess

name – the name of the form component specified by the name part of the tag, e.g. …

<input type = “text” name = “surname” /><select name = “game”> <option value = “chess”>Chess</option>

<option value = “drafts”>Drafts</option></select>

… value – this is the value entered or selected by the user for the

particular form component

GET and POST

HTTP governs how web browsers request files from web servers and how servers send files back

There are two HTTP methods to pass parameters to the server (to be processed by scripts):

GET GET requests encode form parameters in the URI (in a query

string) i.e. they append data to the URI, e.g.

appendExample.php?surname=kasparov, game=chess

POST For posting lots of data to the server Sends data within the body of an HTTP request Not sent via the URI, therefore invisible in the browser

It is possible to use either with XHTML web forms

Getting and processing data

The $_POST and $_GET arrays can be used by a PHP script to access form parameters

The keys are the parameter names Example: the PHP code for the processData.php script

<?php $surname = $_POST[‘surname’]; $game = $_POST[‘game’]; echo “Surname: $surname <br />"; echo “Game: $game”;?>

Here the parameter values from POST for “surname” and “game” are first copied into variables, and then sent back to the browser in the response for display

The response will vary depending on what the user entered You need to use $_POST (or $_GET) for every INPUT field in

the web form

Forms: an overview

Remember Forms allow users to input data Parameter name-value pairs are passed with the request

to the server This data can be processed by the script

e.g. get it using $_POST (or $_GET) and store it in variables The data can be processed in any way that you like,

including display back to the browser (using echo) via the response

The data sent to the form can vary, and therefore so can the response The particular response is not saved in a file, it is only seen

by the browser that requested the script from the server

Using GET: example

Data parameters encoded in the URI (in a Query String) Example:

<a href = “http://localhost/viewp.php?productID=75”>Product 75</a>

Processing PHP script (viewp.php):

$prodID = $_GET['productID'];

echo "Product Id: $prodID - ";

if ($prodID == "55")

echo "Blue shirt with polka dots";

if ($prodID == "75")

echo "Batman outfit";

Query String

On condition …

Conditional statements allow decision making depending on conditions Allows programs to be dynamic,

executing different pieces of code depending on a condition

Conditional statements include if/else switch

if statement: making decisions Use: evaluate truth of expression (condition). Format of if

if (expression) statement

else alternative statement if the expression was false

elseif format:if (expression 1)

statement 1elseif (expression 2)

statement 2else

default statement if both expressions were false What operators are there?

e.g. !=, <, >, >=, <=, ==, &&, AND, ||, OR

Example web site

Requests and passes parameters to loginEX.php

Code for loginEx.php

…$userN = $_POST[‘username’];$pass = $_POST[‘password’];

echo "Hello $userN <br />";

if ($pass == “adminpass") {echo "<a href = \”secureMenu.html\”>Enter</a> secure Menu

area";}elseif ($pass == "bob") {

echo “Successful login <a href = \”custMenu.php\”>Enter</a> site";}else {

echo "Password invalid. Try <a href =\“loginFormEx.html\”>again</a>";}…

Some string functions

strlen(x) - no of characters in a string strpos(x, “a”) - returns the position, e.g. of a substr(x, start [, length]) - copies piece of string substr_replace(x, y, start[, length]) - replaces x with y strrev(x) - reverses the string

trim(x) - removes white space ltrim(x) - removes white space from start of string rtrim(x) - removes white space from end of string

strtolower(x) - to lower case strtoupper(x) - to upper case ucfirst(x) - makes first character upper case ucwords(x) - first character of each word to uppercase

Improving the login system

Validating input How could we:

Check if the user name was of the correct length?

Remove white space? Remove the effect of case?

Code for loginEx2.php… $userN = trim($_POST['username']); if (strlen($userN) !=5) echo "User names must be exactly 5 characters long. Please try again"; else { $pass = strtolower(trim($_POST['password'])); echo "Hello $userN <br />";

if ($pass == "adminpass") {echo "<a href = \"secureMenu.html\">Enter</a> secure Menu area";

} elseif ($pass == "bob") {

echo "Successful login <a href = \"custMenu.php\">Enter</a> site"; } else {

echo "Password invalid. Try <a href =\"loginFormEx2.html\">again</a>"; } } …

Further validation

Requests and passes parameters to changePassEx.php

•How could we:Check that anything had been entered?Check whether the two entries match?

Code for changePassEx.php

Another example using control structures and string functions

if ((strlen($_POST['newP1']) == 0) && (strlen($_POST['newP2']) == 0)) { echo "You have not entered a new password. Try again";}elseif ((strlen($_POST['newP1']) == 0) || (strlen($_POST['newP2']) == 0)) { echo "You haven't entered the new password twice";}elseif (strcmp($_POST['newP1'], $_POST['newP2']) != 0) { echo "The passwords entered are not the same. Please try again. ";}else { echo "Thanks for the new password";}?>

switch statement

An alternative way of making conditional decisions Unlike with if /elseif, switch evaluates only one expression Used when a single value determines a choice

(and also used when if’s start to look confusing)switch (expression)

case value1: // code to execute if the expression evaluates to value1

break; case value2:

// code to execute if the expression evaluates to value2 break; case value3: // code to execute if the expression evaluates to value3 break; default:

// code to execute if none of the cases above are true

switch example: custMenu.php…Some code to display a menu, then<h1>Current Special Offers</h1>

<?php$month = date("n");switch ($month) { case 2:

echo "Love song album deals for Valentines day";

break; case 12:

echo "Festive season favourites at half price"; break; default:

echo "A general special offer";}?>…