PHP – Get & Post; Functions; and Arrays IS6116 – 07 th February 2011.
PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those...
Transcript of PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those...
![Page 1: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/1.jpg)
PHP-Einfuhrung - Lesson 3 - Processing forms
Alexander Lichter
June 27, 2017
![Page 2: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/2.jpg)
Content of this lesson
1. Recap
2. Security notice
3. Functions
4. Understanding of HTTP Requests
5. PHP Superglobals
6. Form Handling
7. Input Validation and Security
1
![Page 3: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/3.jpg)
Recap
![Page 4: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/4.jpg)
A short recap
Well.. essentially we learned most of the basic control structures and can
write somewhat mighty programs.
But these are not dynamic enough at
the moment, because we cannot process user input yet! That’s what we
want to change in this lesson.
2
![Page 5: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/5.jpg)
A short recap
Well.. essentially we learned most of the basic control structures and can
write somewhat mighty programs. But these are not dynamic enough at
the moment, because we cannot process user input yet! That’s what we
want to change in this lesson.
2
![Page 6: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/6.jpg)
Security notice
![Page 7: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/7.jpg)
Security notice
As you’ve seen in the content overview, our last chapter is Input
Validation and Security. All code examples before this chapter lack on
security and validation methods.
Please, do not use them in production,
otherwise you open the box of Pandora for your (live) website!
3
![Page 8: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/8.jpg)
Security notice
As you’ve seen in the content overview, our last chapter is Input
Validation and Security. All code examples before this chapter lack on
security and validation methods. Please, do not use them in production,
otherwise you open the box of Pandora for your (live) website!
3
![Page 9: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/9.jpg)
Functions
![Page 10: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/10.jpg)
Functions
Before diving into forms, we need to learn another important control
structure to stop repeating our codes and make it easier, shorter and
better!
Functions!
1 <?php
2 f u n c t i o n ou tpu tG r e e t i n g ( $name ) {3 echo ”Hey $name” ;
4 }5 ou tPutGre e t i ng ( ” Pete r ” ) ; // C a l l the f u n c t i o n
6
Each function has a name after the function keyword, 0 to n arguments,
a function body (that is executed when the function is called) and
sometimes a return value
4
![Page 11: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/11.jpg)
Functions
Before diving into forms, we need to learn another important control
structure to stop repeating our codes and make it easier, shorter and
better! Functions!
1 <?php
2 f u n c t i o n ou tpu tG r e e t i n g ( $name ) {3 echo ”Hey $name” ;
4 }5 ou tPutGre e t i ng ( ” Pete r ” ) ; // C a l l the f u n c t i o n
6
Each function has a name after the function keyword, 0 to n arguments,
a function body (that is executed when the function is called) and
sometimes a return value
4
![Page 12: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/12.jpg)
Functions
Before diving into forms, we need to learn another important control
structure to stop repeating our codes and make it easier, shorter and
better! Functions!
1 <?php
2 f u n c t i o n ou tpu tG r e e t i n g ( $name ) {3 echo ”Hey $name” ;
4 }5 ou tPutGre e t i ng ( ” Pete r ” ) ; // C a l l the f u n c t i o n
6
Each function has a name after the function keyword, 0 to n arguments,
a function body (that is executed when the function is called) and
sometimes a return value
4
![Page 13: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/13.jpg)
Functions
Before diving into forms, we need to learn another important control
structure to stop repeating our codes and make it easier, shorter and
better! Functions!
1 <?php
2 f u n c t i o n ou tpu tG r e e t i n g ( $name ) {3 echo ”Hey $name” ;
4 }5 ou tPutGre e t i ng ( ” Pete r ” ) ; // C a l l the f u n c t i o n
6
Each function has a name after the function keyword, 0 to n arguments,
a function body (that is executed when the function is called) and
sometimes a return value
4
![Page 14: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/14.jpg)
Functions with return value
To structure your code, it’s worth it to create function for repetitive tasks
1 <?php
2 f u n c t i o n sum( $x , $y ) {3 r e t u r n $x + $y ;
4 }5 echo ”9 + 5 = ” . sum (9 , 5 ) . ”<br>” ;
6 echo ”189 + 25 = ” . sum(189 ,25) ;
7
Keep that in mind!
5
![Page 15: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/15.jpg)
Functions with return value
To structure your code, it’s worth it to create function for repetitive tasks
1 <?php
2 f u n c t i o n sum( $x , $y ) {3 r e t u r n $x + $y ;
4 }5 echo ”9 + 5 = ” . sum (9 , 5 ) . ”<br>” ;
6 echo ”189 + 25 = ” . sum(189 ,25) ;
7
Keep that in mind!
5
![Page 16: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/16.jpg)
Functions with return value
To structure your code, it’s worth it to create function for repetitive tasks
1 <?php
2 f u n c t i o n sum( $x , $y ) {3 r e t u r n $x + $y ;
4 }5 echo ”9 + 5 = ” . sum (9 , 5 ) . ”<br>” ;
6 echo ”189 + 25 = ” . sum(189 ,25) ;
7
Keep that in mind!
5
![Page 17: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/17.jpg)
Functions with default values
Arguments/Parameters can also have default values!
1 <?php
2 f u n c t i o n setType ( $name , $type = ”Student ” ) {3 echo ”$name i s c u r r e n t l y a $type ” ;
4 }5 setType ( ”Norbe r t ” ) ;
6 setType ( ”Klaus ” , ”Teacher ” ) ;
7
6
![Page 18: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/18.jpg)
Functions with default values
Arguments/Parameters can also have default values!
1 <?php
2 f u n c t i o n setType ( $name , $type = ”Student ” ) {3 echo ”$name i s c u r r e n t l y a $type ” ;
4 }5 setType ( ”Norbe r t ” ) ;
6 setType ( ”Klaus ” , ”Teacher ” ) ;
7
6
![Page 19: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/19.jpg)
Functions with default values
Arguments/Parameters can also have default values!
1 <?php
2 f u n c t i o n setType ( $name , $type = ”Student ” ) {3 echo ”$name i s c u r r e n t l y a $type ” ;
4 }5 setType ( ”Norbe r t ” ) ;
6 setType ( ”Klaus ” , ”Teacher ” ) ;
7
6
![Page 20: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/20.jpg)
Understanding of HTTP
Requests
![Page 21: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/21.jpg)
HTTP - The protocol of the Internet
HTTP (short for Hypertext Transport Protocol) is used for
communicating between a client and the server.
It is a request-response protocol: By entering an URL in your browser,
your browser perfoms a GET request to the server and displays the
response, which can be HTML, a file (which you can download) or
anything else. The response also contains a status code (200 means OK
for example, you all know some more I guess). You can add to your
request body data by using a POST request.
There are some more methods than just GET and POST, but we will
cover those in a later lesson.
7
![Page 22: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/22.jpg)
HTTP - The protocol of the Internet
HTTP (short for Hypertext Transport Protocol) is used for
communicating between a client and the server.
It is a request-response protocol: By entering an URL in your browser,
your browser perfoms a GET request to the server and displays the
response, which can be HTML, a file (which you can download) or
anything else. The response also contains a status code (200 means OK
for example, you all know some more I guess).
You can add to your
request body data by using a POST request.
There are some more methods than just GET and POST, but we will
cover those in a later lesson.
7
![Page 23: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/23.jpg)
HTTP - The protocol of the Internet
HTTP (short for Hypertext Transport Protocol) is used for
communicating between a client and the server.
It is a request-response protocol: By entering an URL in your browser,
your browser perfoms a GET request to the server and displays the
response, which can be HTML, a file (which you can download) or
anything else. The response also contains a status code (200 means OK
for example, you all know some more I guess). You can add to your
request body data by using a POST request.
There are some more methods than just GET and POST, but we will
cover those in a later lesson.
7
![Page 24: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/24.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 25: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/25.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 26: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/26.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
Visibility
Yes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 27: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/27.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 28: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/28.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
Bookmarked
Yes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 29: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/29.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 30: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/30.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser History
Creates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 31: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/31.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 32: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/32.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache
Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 33: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/33.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 34: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/34.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length
Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 35: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/35.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 36: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/36.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
button
Nothing special Resend alert
8
![Page 37: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/37.jpg)
GET vs POST
Well, let’s compare GET and POST now, so we can evaluate when we
use each method. PHP let us choose between those two when sending a
form. The default method is GET by the way
Attribute GET POST
VisibilityYes, query string in
URL
No, query string only
in Request body
BookmarkedYes, bookmarking is
possibleNot possible
Browser HistoryCreates browser his-
tory entryNo history entries
Cache Cacheable Not cacheable
Length Limited Unlimited
Reload/Back
buttonNothing special Resend alert
8
![Page 38: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/38.jpg)
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
![Page 39: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/39.jpg)
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
![Page 40: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/40.jpg)
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
![Page 41: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/41.jpg)
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
![Page 42: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/42.jpg)
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
![Page 43: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/43.jpg)
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
![Page 44: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/44.jpg)
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
![Page 45: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/45.jpg)
GET vs POST
Alright, now you know what is the difference. So to put it in a nutshell,
let’s list the use cases.:
GET
• Filtering
• Searching
• Redirect through forms
POST
• Sending data that should not appear in the URL (sensitive data like
passwords eg.)
• Actually all other use cases :D
9
![Page 46: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/46.jpg)
PHP Superglobals
![Page 47: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/47.jpg)
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
![Page 48: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/48.jpg)
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
![Page 49: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/49.jpg)
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
![Page 50: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/50.jpg)
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
![Page 51: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/51.jpg)
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
![Page 52: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/52.jpg)
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
![Page 53: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/53.jpg)
Superglobals
Superglobals are variables that are accessible regardless of the scope.
They are automatically set by PHP itself. You can alter them though!
• $ SERVER holds all information about the request headers, script
location and similar
• $ POST and $ GET hold the corresponding data sent by the
request
• $ COOKIE has the cookie data of the request
• $ REQUEST holds all data of $ POST, $ GET and $ COOKIE
• $ SESSION stores user-based data (e.g. when they log in)
• $ ENV is responsible for all environment variables
10
![Page 54: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/54.jpg)
Superglobals - Example
Assuming you call the following script with the parameters
?name=Alex&age=20&lesson=3
1 <?php
2 echo ”Name : ” . $ GET [ ’ name ’ ] . ”<br>” ;
3 echo ”Age : ” . $ REQUEST [ ’ age ’ ] . ”<br>” ;
4 //Would not work because the HTTP method i s GET
5 // echo ” Lesson : ” . $ POST [ ’ l e s s o n ’ ] . ”<br>”;
6 echo ” Lesson : ” . $ GET [ ’ l e s s o n ’ ] . ”<br>” ;
7 echo ” S c r i p t name : ” . $ SERVER [ ’PHP SELF ’ ] . ”<br>” ;
8
It will print out the values from the query string and the filename of the
executing script (through $ SERVER[’PHP SELF’]).
11
![Page 55: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/55.jpg)
Form Handling
![Page 56: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/56.jpg)
Our first form
Now we will write our first script that handles form user input. First of
all, we need.. a form!
1 <html>
2 <body>
3
4 <form a c t i o n=”welcome . php” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
As you see, there is no PHP code included yet. It is a simple form that
uses the POST method to send name and e-mail. It will redirect to
welcome.php, because that is the value of the action parameter
12
![Page 57: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/57.jpg)
Our first form
Now we will write our first script that handles form user input. First of
all, we need.. a form!
1 <html>
2 <body>
3
4 <form a c t i o n=”welcome . php” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
As you see, there is no PHP code included yet. It is a simple form that
uses the POST method to send name and e-mail. It will redirect to
welcome.php, because that is the value of the action parameter
12
![Page 58: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/58.jpg)
Our first form
Now we will write our first script that handles form user input. First of
all, we need.. a form!
1 <html>
2 <body>
3
4 <form a c t i o n=”welcome . php” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
As you see, there is no PHP code included yet. It is a simple form that
uses the POST method to send name and e-mail. It will redirect to
welcome.php, because that is the value of the action parameter12
![Page 59: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/59.jpg)
Our first form
If we submit the form now.. it will most likely throw a 404 error, because
our PHP script does not exist yet. Well, you know how to use
superglobals, so write your own welcome.php that does something with
the form data!
1 <html>
2 <body>
3
4 Welcome <?= $ POST [ ”name” ] ; ?><br>
5 Your e−mai l i s : <?= $ POST [ ” ema i l ” ] ; ?>
6
7 </body>
8 </html>
9
As you see, I am using other PHP open/close tags here. You can use
them like this when you want to echo/print something. It’s pretty nice
for ”one-liners” ;)
13
![Page 60: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/60.jpg)
Our first form
If we submit the form now.. it will most likely throw a 404 error, because
our PHP script does not exist yet. Well, you know how to use
superglobals, so write your own welcome.php that does something with
the form data!
1 <html>
2 <body>
3
4 Welcome <?= $ POST [ ”name” ] ; ?><br>
5 Your e−mai l i s : <?= $ POST [ ” ema i l ” ] ; ?>
6
7 </body>
8 </html>
9
As you see, I am using other PHP open/close tags here. You can use
them like this when you want to echo/print something. It’s pretty nice
for ”one-liners” ;)
13
![Page 61: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/61.jpg)
Our first form
If we submit the form now.. it will most likely throw a 404 error, because
our PHP script does not exist yet. Well, you know how to use
superglobals, so write your own welcome.php that does something with
the form data!
1 <html>
2 <body>
3
4 Welcome <?= $ POST [ ”name” ] ; ?><br>
5 Your e−mai l i s : <?= $ POST [ ” ema i l ” ] ; ?>
6
7 </body>
8 </html>
9
As you see, I am using other PHP open/close tags here. You can use
them like this when you want to echo/print something. It’s pretty nice
for ”one-liners” ;)13
![Page 62: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/62.jpg)
Form evaluation in the same script
There is also a way to evaluate the form input on the same page.
First of
all, you need to set the action to the script itself. How you can do that?
1 <html>
2 <body>
3
4 <form a c t i o n=”<?= $ SERVER [ ’ PHP SELF ’ ] ?>” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
And now you need to differ if the form was sent yet or not....
14
![Page 63: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/63.jpg)
Form evaluation in the same script
There is also a way to evaluate the form input on the same page. First of
all, you need to set the action to the script itself. How you can do that?
1 <html>
2 <body>
3
4 <form a c t i o n=”<?= $ SERVER [ ’ PHP SELF ’ ] ?>” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
And now you need to differ if the form was sent yet or not....
14
![Page 64: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/64.jpg)
Form evaluation in the same script
There is also a way to evaluate the form input on the same page. First of
all, you need to set the action to the script itself. How you can do that?
1 <html>
2 <body>
3
4 <form a c t i o n=”<?= $ SERVER [ ’ PHP SELF ’ ] ?>” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
And now you need to differ if the form was sent yet or not....
14
![Page 65: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/65.jpg)
Form evaluation in the same script
There is also a way to evaluate the form input on the same page. First of
all, you need to set the action to the script itself. How you can do that?
1 <html>
2 <body>
3
4 <form a c t i o n=”<?= $ SERVER [ ’ PHP SELF ’ ] ?>” method=” pos t ”>
5 Your name : < i n pu t type=” t e x t ” name=”name”><br>
6 Your e−mai l : < i n pu t type=” t e x t ” name=” ema i l ”><br>
7 < i n pu t type=” submit ”>
8 </form>
9
10 </body>
11 </html>
12
And now you need to differ if the form was sent yet or not....
14
![Page 66: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/66.jpg)
Form evaluation in the same script
You can do that by creating a condition on the HTTP request method
1 <?php
2
3 i f ( $ SERVER [ ”REQUEST METHOD” ] == ”POST” ) {4 // Eva l ua t e form he r e
5 } e l s e {6
7 //Show form he re
8 }9
It’s your turn again! Refactor your welcome.php and merge it in the same
script you use to display the form
15
![Page 67: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/67.jpg)
Form evaluation in the same script
You can do that by creating a condition on the HTTP request method
1 <?php
2
3 i f ( $ SERVER [ ”REQUEST METHOD” ] == ”POST” ) {4 // Eva l ua t e form he r e
5 } e l s e {6
7 //Show form he re
8 }9
It’s your turn again! Refactor your welcome.php and merge it in the same
script you use to display the form
15
![Page 68: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/68.jpg)
Form evaluation in the same script
You can do that by creating a condition on the HTTP request method
1 <?php
2
3 i f ( $ SERVER [ ”REQUEST METHOD” ] == ”POST” ) {4 // Eva l ua t e form he r e
5 } e l s e {6
7 //Show form he re
8 }9
It’s your turn again! Refactor your welcome.php and merge it in the same
script you use to display the form
15
![Page 69: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/69.jpg)
Input Validation and Security
![Page 70: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/70.jpg)
Form Security - PHP SELF
The most important topic on form handling is Security.
We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
![Page 71: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/71.jpg)
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
![Page 72: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/72.jpg)
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
![Page 73: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/73.jpg)
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
![Page 74: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/74.jpg)
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
![Page 75: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/75.jpg)
Form Security - PHP SELF
The most important topic on form handling is Security. We will start
with the $ SERVER["PHP SELF"] variable, which can be abused easily
when not properly secured.
DEMO
How to fix this:
1 <form method=” pos t ” a c t i o n=”<?php echo h tm l s p e c i a l c h a r s (
$ SERVER [ ”PHP SELF” ] ) ;?>”>
2
htmlspecialchars ”escapes” the whole string. It makes all HTML entities
harmless without removing characters.
16
![Page 76: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/76.jpg)
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
![Page 77: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/77.jpg)
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
![Page 78: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/78.jpg)
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
![Page 79: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/79.jpg)
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
![Page 80: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/80.jpg)
Form Security - Sanitize input
Now we need to sanitize our input. Imagine someone submits HTML
code as his ”email”. When we display the code without sanitizing, it
could be abused.
1 <?php
2 f u n c t i o n s a n i t i z e I n p u t ( $data ) {3 $data = t r im ( $data ) ;
4 $data = s t r i p s l a s h e s ( $data ) ;
5 $data = h tm l s p e c i a l c h a r s ( $data ) ;
6 r e t u r n $data ;
7 }8
• trim removes whitespaces before and after the data
• stripslashes removes all slashes as the function says
It is important to sanitize all of your input!
17
![Page 81: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/81.jpg)
Form Security - Your task
Alright. You final task this week: Create a little calculator that takes two
numbers and calculates all basic results by using forms!
HINTS:
• Use radio buttons for the arithmetic methods (+, -, *, /, %, **)
• Think about error handling. What could go wrong?
• Sanitize your input!
18
![Page 82: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/82.jpg)
Form Security - Your task
Alright. You final task this week: Create a little calculator that takes two
numbers and calculates all basic results by using forms!
HINTS:
• Use radio buttons for the arithmetic methods (+, -, *, /, %, **)
• Think about error handling. What could go wrong?
• Sanitize your input!
18
![Page 83: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/83.jpg)
Form Security - Your task
Alright. You final task this week: Create a little calculator that takes two
numbers and calculates all basic results by using forms!
HINTS:
• Use radio buttons for the arithmetic methods (+, -, *, /, %, **)
• Think about error handling. What could go wrong?
• Sanitize your input!
18
![Page 84: PHP-Einführung - Lesson 3 - Processing forms · 2017. 6. 27. · PHP let us choose between those two when sending a form. The default method is GET by the way Attribute GET POST](https://reader035.fdocuments.in/reader035/viewer/2022071603/613e7f0369193359046d286b/html5/thumbnails/84.jpg)
Form Security - Your task
Alright. You final task this week: Create a little calculator that takes two
numbers and calculates all basic results by using forms!
HINTS:
• Use radio buttons for the arithmetic methods (+, -, *, /, %, **)
• Think about error handling. What could go wrong?
• Sanitize your input!
18