Читать книгу PHP Programming for Beginners. Key Programming Concepts. How to use PHP with MySQL and Oracle databases (MySqli, PDO) - Sergey D Skudaev - Страница 18

$_GET and $_POST methods

Оглавление

Here you will learn how to use the request variables $_GET and $_POST. These variables provide you with different ways to transfer data from one web page to another. Let’s look at the two methods, starting with GET. First, let’s create a simple HTML form.

$_GET []

<html>

<head>

<title> Form Methods

</title>

</head>

<body>

<form method=“get” action="actionpage.php”>

<p> <input type=“text” name=“greeting” size=“15”> </p>

<p> <input type=“text” name=“name” size=“15”> </p>

<p> <input type=“submit” name=“submit” value=“Salutation”> </p>

</form>

</body>

</html>


Save it as a form_methods.php file in the Apache htdocs/post folder created by you.

And now, we’ll create a actionpage.php file for the Output: data transferred from the form.


<?

echo $_GET [‘greeting’];

echo $_GET [‘name’];

echo”! ”;

?>


Save this file in the same directory as the form_methods.php file. This form looks like the following:


Figure 1. A simple HTML form


Let us enter a greeting and a name and click the Salutation button.

You can see that the data sent from a form with the GET method is displayed in the browser’s address bar:

http://localhost/post/formoutputpage.php? <=>


greeting=Hello&name=Emily&submit=Salutation


The Output web page displays Hello Emily!

$_POST []

Now let’s use the POST method instead of the GET method. Edit form_method.php form.


<html>

<head>

<title> Form Methods </title>

</head>

<body>

<form method=“post” action="formoutputpage.php”>

<p> <input type=“text” name=“greeting” size=“15”> </p>

<p> <input type=“text” name=“name” size=“15”> </p>

<p> <input type=“submit” name=“submit” value=“Salutation”> </p>

</form>

</body>

</html>


Edit formoutputpage.php file as follow:


<?

echo $_POST [‘greeting’];

echo “”. $_POST [‘name’];

echo”! ”;

?>


The browser address bar displays formoutputpage.php, but no data transferred using the POST method is visible, so the web page output remains the same:

Hello Emily!


You don’t have to create a second page to read data submitted with form because it is possible to submit the form to the same page. To do this use super global $_SERVER [“PHP_SELF”].


<?php


$self=$_SERVER [“PHP_SELF”];


$greeting=“”;

$name=“”;


If (isset ($_POST [‘greeting’]))

$greeting=$_POST [‘greeting’];


If (isset ($_POST [‘name’]))

$name=$_POST [‘name’];


if (($name!=“”) && ($greeting!=“”))

echo $greeting.””. $name;


?>

<html>

<head>

<title> Form Methods

</title>

</head>

<body>

<?php

print (”<form method=“post” action=“”. $self.””>”);

?>

<p> <input type=“text” name=“greeting”

size=“15”> </p> 21

<p> <input type=“text” name=“name” size=“15”> </p>

<p> <input type=“submit” name=“submit”

value=“Salutation”> </p>

</form>

</body>

</html>

The htmlentities () function

The htmlentities () function is used for security reasons. It converts all characters to HTML entities.

For example, the '<' character will be converted to HTML '&lt;”

If you add the ENT_QUOTES parameter, it will convert double quotes and single quotes to HTML entities.


<?php


$string='<a href="configure-all.com”> Web programming and design </a>”;


echo htmlentities ($string, ENT_QUOTES). "<br>”;


?>


Output (on the browser screen)

<a href="configure-all.com”> Web programming and design </a>.


If you view source you will see HTML characters:

&lt; a href=&quot;configure-all.com&quot;&gt; Web programming and design&lt;/a&gt; <br>


The filter_var function (since PHP 5.2.0)

The filter_var function validates user input. Read more on the PHP.net website.

http://us.php.net/manual/en/filter.filters.validate.php

The example below validates the email address entered by a user.


<?php


function valid_email ($email) {


// filter_var returns false if email is invalid.


$email=filter_var ($email, FILTER_VALIDATE_EMAIL);


If (!$email)


echo “Email is invalid!”;


else


echo $email;


}


valid_email ("master@configure-all.com”);


echo "<br>”;


valid_email ("masterconfigure-all.com”);


?>


Output:

1. master@configure-all.com

2. “Email is not valid!”

When you pass an invalid email address to filter_var function (at the second echo) an empty string is returned.

Read about all exiting validate and sanitize filters on the PHP.net website.

Validate filters


FILTER_VALIDATE_BOOLEAN

FILTER_VALIDATE_EMAIL

FILTER_VALIDATE_FLOAT

FILTER_VALIDATE_INT

FILTER_VALIDATE_IP

FILTER_VALIDATE_REGEXP

FILTER_VALIDATE_URL

Sanitize filters


$email=‘maste” rconfi <> gur/e-all.com’;

echo filter_var ($email, FILTER_SANITIZE_EMAIL);


Output: master@configure-all.com


FILTER_SANITIZE_EMAIL

FILTER_SANITIZE_ENCODED

FILTER_SANITIZE_MAGIC_QUOTES

FILTER_SANITIZE_NUMBER_FLOAT

FILTER_SANITIZE_NUMBER_INT

FILTER_SANITIZE_SPECIAL_CHARS

FILTER_SANITIZE_FULL_SPECIAL_CHARS

FILTER_SANITIZE_STRING

FILTER_SANITIZE_STRIPPED

FILTER_SANITIZE_URL

FILTER_UNSAFE_RAW


Let us return to accessing the variables value submitted to the form using the POST method.


If (isset ($_POST [‘lastname’]))

$lastname= ($_POST [‘lastname’];


If you didn’t declare variables before the if statement, you will receive a notice displayed by PHP:


“Notice: Undefined variable name in C:\Apache2.2\htdocs\test\post.php on line 9”


The notice is displayed because the $lastname variable will be defined inside the if statement only. To have it defined anyplace on the page, you must declare it outside the if statement.


$lastname=“”;


if (isset ($_POST [‘lastname’]))


$lastname= ($_POST [‘lastname’];


Now, no notice message will be displayed.

PHP Programming for Beginners. Key Programming Concepts. How to use PHP with MySQL and Oracle databases (MySqli, PDO)

Подняться наверх