Section 5.3. User Input


5.3. User Input

Now that you know how to embed PHP code, you probably want to program some kind of user-specified action. For instance, the book webshop needs a login and registration system that requires user action, so we will implement this system as an example. This system requires an HTML form and a place to store the data collected by the form. Because this chapter does not deal with storing data in a database, only an API function is provided when data needs to be stored. After reading some of the later chapters, you will be able to fill these in yourself.

We require four things from the user when he or she registers for the shop: email address, first name, last name, and requested password. The HTML code for a form to collect this information looks like this:

 <html> <head><title>Register</title></head> <body>     <h1>Registration</h1>     <form method="get" action="register.php">         <table>         <tr><td>E-mail address:</td>             <td><input type='text' name='email'/></td></tr>         <tr><td>First name:</td>             <td><input type='text' name='first_name'/></td></tr>         <tr><td>Last name:</td>             <td><input type='text' name='last_name'/></td></tr>         <tr><td>Password:</td>             <td><input type='password' name='password'/></td></tr>         <tr>             <td colspan='2'>             <input type='submit' name='register' value='Register'/>             </td>         </tr>         </table>     </form> </body> </html> 

The lines that handle the form data are highlighted in bold. The form tag is the first bold line: <form method="get" action="register.php">. We specify get for the first attribute in the form tagthe method attribute. The HTTP GET method encodes the form data in the URL, making it visible in the browser address window and making it possible to bookmark the result of the form. Another possible method is the POST method. Because we use some sensitive data (requested password), we are better off using the POST method. The POST method encodes the form data in the body of the HTTP request so that the data is not shown in the URL and cannot be bookmarked.

The script that processes the form data can use the $_GET built-in array to process data from a form that uses the GET method and the $_POST built-in array for data from a form that uses the POST method. If you want to use both $_GET and $_POST for some postings, you can use $_REQUEST, which contains all $_GET, $_POST, and $_COOKIE elements merged into one array. If the same element exists in more than one array, the variables_order setting in the php.ini file determines which element has precedence. In this configuration setting, G represents $_GET, P represents $_POST, C represents $_COOKIE, E represents $_ENV, and S represents $_SERVER. Variables are added to $_REQUEST in the order specified by the variables_order setting. Variables added later override variables with the same name that were added earlier. The default setting is EGPCS, which means that POST variables override GET variables with the same name.

The elements of the form are defined by the input tags. The form highlights (via the bold lines) three different types of input tags. The first type (type='text') is a simple text field, with the name email. The name is needed to use the posted data in your PHP script that processes the form data. The name attribute is the key in the $_POST or $_GET array (for example, $_POST['email']). The second type of input tag (type='password') is the same type as the text type, except that, for security reasons, all data the user types is displayed on-screen as *. This does not mean, of course, that the form collects the asterisks and sends them with the form. It just means that the text is displayed as asterisks so no one can see the user's password. The third type (type='submit') is rendered as a submit button that a user presses to actually submit the data entered into the form. The name of the submit button is the array key for the element where the value is stored (for example, $_POST['register'] equals 'Register') when the browser posts the form back to the web server. The full form as shown in a web browser looks similar to Figure 5.1.

Figure 5.1. Full form as shown in a web browser.


The action attribute of the <form> tag specifies the file to which the filled-in form is postedin our case, register.php. PHP makes available the data from all the various form elements in the designated script. To process data, we need to change our form a little more. We only want the registration form to be shown if it is being displayed for the first time, not if it has already been filled in and submitted by a user. That is, we want to display the form only if the processing script didn't receive any submitted data. We can tell whether the form has been submitted by a user by testing whether the submit button has been pressed. To do so, between the <body> tag and the <h1>Registration</h1> line, we add the following code:

 <?php         if (!isset ($_POST['register']) ||($_POST['register'] != 'Register')) { ?> 

This line checks whether the 'register' key exists in the $_POST array. Because the $_POST array contains all fields from the posted form, the $_POST array will contain an element with the key register if the submit button has been pressed. If we use the GET method, we would use the same test on the $_GET array. Both arrays are superglobals, available in every function, without needing to be declared 'global' with the global keyword. After checking if the 'register' key exists in the array, we check if the value of the array element equals 'Register', just to be sure.

Between the </form> and </body> tag we add the following:

 <?php     } else { ?> E-mail: <?php echo $_POST['email']; ?><br /> Name: <?php echo $_POST['first_name']. ' '. $_POST['last_name']; ?><br /> Password: <?php echo $_POST['password']; ?><br /> <?php     } ?> 

This piece of code is executed if the form was filled out. As you can see, we simply echo all the form values by echoing the elements from the $_POST array. Dealing with user input data is not much harder than this, but...



    PHP 5 Power Programming
    PHP 5 Power Programming
    ISBN: 013147149X
    EAN: 2147483647
    Year: 2003
    Pages: 240

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net