| Now that I have an HTML form, I'll write a bare-bones PHP script to handle it. When I say that this script will be handling the form, I mean that it will do something with the data it receives. In this chapter, the scripts will reiterate the data back to the Web browser, but in later examples, it will be stored in a MySQL database, checked against previously stored values, sent in emails, and more. Registering Globals In earlier versions of PHP, the register_globals setting was turned on by default. This feature gave PHP an ease of use by automatically turning form inputs into similarly named variables, like $name or $email (as opposed to having to refer to $_REQUEST['name'] and $_REQUEST['email'] first). As of version 4.2 of PHP, the developers behind PHP opted to turn this setting off by default because not relying on this feature improves the security of your scripts. Unfortunately, this also had the side effect that a lot of existing scripts no longer worked and many beginning programmers were stymied when they saw: blank values in their form results, error messages, or just blank pages. To work around this, there are two options. First, you could turn register_globals back on, assuming that you have administrative control over your PHP installation (see Appendix A, "Installation"). Second, you could start using the superglobal variables, such as $_REQUEST, $_GET, and $_POST, as you do in the first handle_form.php example. These variables will be more formally discussed in the "What Are Arrays?" section later in this chapter. In the meantime, rest assured that all the scripts in this book have been written with the assumption that register_globals is off in order to ensure maximum compatibility and security. |
The beauty of PHPand what makes it so easy to learn and useis how well it interacts with HTML forms. Rather than requiring a parsing routineas CGI scripts doto access form data, your PHP scripts store the information in special variables. For example, say you have a form with an input defined like so: <input type="text" name="weight"  size="20 />
The PHP page that receives the form data will assign what the user entered into this form element to a special variable called $_REQUEST['weight']. It is very important that the spelling and capitalization match exactly, as PHP is case-sensitive when it comes to variable names! $_REQUEST['weight'] can then be used like any other variable: printed, used in mathematical computations, concatenated, and so on. In this example, I'll use a shorthand to refer to these variables (see the "Registering Globals" sidebar for an explanation of why the shorthand is required) and then print out their values. To handle an HTML form 1. | Create a new PHP document in your text editor, beginning with the HTML (Script 2.2).
<!DOCTYPE html PUBLIC "-//W3C// DTD XHTML 1.0 Transitional//EN "http://www.w3.org/TR/xhtml1/DTD/ xhtml1-transitional.dtd> <html xmlns="http://www.w3.org/1999/ xhtml xml:lang="en" lang="en"> <head> <meta http-equiv="content-type"  content="text/html; charset=iso-8859-1 /> <title>Form Feedback</title> </head> <body>
Script 2.2. This script receives and prints out the information entered into an HTML form (Script 2.1). 
| 2. | Add the opening PHP tag and create a shorthand version of the form data variables.
<?php # Script 2.2 - handle_form.php $name = $_REQUEST['name']; $email = $_REQUEST['email']; $comments = $_REQUEST['comments'];
Following the rules outlined before, the data entered into the name form input, which has a name value of name, will be accessible through the variable $_REQUEST['name']. The data entered into the email form input, which has a name value of email, will be accessible through $_REQUEST['email']. The same applies to the entered comments data. Again, the spelling and capitalization of your variables here must exactly match the corresponding name values in the HTML form.
| 3. | Print out the received name, email, and comments values.
echo "<p>Thank you, <b>$name</b>, for the following comments:<br /> <tt>$comments</tt></p> <p>We will reply to you at <i>$email</i>.</p>\n;
The submitted values are simply printed out using the echo() statement, double quotation marks, and a wee bit of HTML formatting.
| 4. | Complete the HTML page.
</body> </html>
| 5. | Save the file as handle_form.php, upload to your Web server in the same directory as form.html, and test both documents in your Web browser (Figures 2.2 and 2.3).
Figure 2.2. To test handle_form.php, you must begin by filling out the form. 
Figure 2.3. Your script should display results like this. 
|
 Tips
$_REQUEST is a special variable type in PHP, available since version 4.1. It stores all of the data sent to a PHP page through either the GET or POST methods, as well as data accessible in cookies. If you see a blank page after submitting the form, first check the HTML source to look for HTML errors, and then confirm that display_errors is on in your PHP configuration (see Appendix A, "Installation"). If the PHP script shows blank spaces where the variables should have printed out, it means that the variables have no values. Likely causes are: you failed to enter a value in the form; you misspelled or mis-capitalized the variable names; or $_REQUEST is not available because you're using an outdated version of PHP. If you see any Undefined variable: variablename errors, this is because the variables you refer to have no value and PHP is set on the highest level of error reporting. See the previous Tip about why variables wouldn't have a value, and then either change the level of error_reporting for your server (see Appendix A) or change it for a particular script (see Chapter 6, "Error Handling and Debugging") to stop such errors in the future. For a comparison of how PHP handles the different form input types, print out the $_REQUEST['age'] and $_REQUEST['gender'] values (Figure 2.4). Figure 2.4. The values of gender and age correspond to those defined in the form's HTML. 
|
