Receiving Data from a Form in PHP

I l @ ve RuBoard

You've created your form. Now you need to write the HandleForm.php script, which will receive and process the data generated by the form.html page. Here is where the true simplicity of PHP is demonstrated.

Script 3.4. By taking the value of the `NAME=" Name "` element in your HTML form and adding a dollar sign, you create a variable that contains the value of what the user entered in that corresponding form field. This is true whether the HTML input type is TEXT, TEXTAREA, or a SELECT menu and is one of the reasons why PHP is so great for handling HTML forms (compared to, say, CGI scripts, which require parsing code).

graphics/03sc04.jpg

To create the HandleForm.php script:

Open your text editor and create a new document.
```
 <HTML><HEAD><TITLE>Form Results   </TITLE><BODY><?php /* This page   receives and handles the data   generated by "form.html". */ ?>   </BODY></HTML> 
```
This is the standard format for a PHP page (Script 3.4). We added the comment to tell us the purpose of the script. Even though the form.html page indicates where the data is sent to (via the ACTION attribute), we ought to make a comment here indicating the reverse.

Create a new line after the comment but before the closing PHP tag. Type

 print "Your first name is   $FirstName.<BR>\n";. print "Your last name is   $LastName.<BR>\n"; print "Your E-mail address is   $Email.<BR>\n"; print "This is what you had to   say:<BR>\n $Comments<BR>\n";

Save your script as HandleForm.php .
Upload your script to the server, making sure that it is saved within the same directory as form.html .
Test your script in your Web browser (Figures 3.3 and 3.4).

Figure 3.3. Whatever the user enters into the HTML form will be printed out to the Web browser by the HandleForm.php script (see Figure 3.4).

Figure 3.4. This is another application of the print statement discussed in Chapter 1, but it does constitute your first dynamically generated Web page. Later chapters will cover how to manipulate the data received as well as how to send it in an e-mail or enter it into a database.

The point of this exercise is to demonstrate how easily you can transfer data from an HTML form to a PHP page. The PHP script will store the data in corresponding variables , so $FirstName takes on the value of what the user inputted into the field labeled FirstName (you take the name of the field in the HTML, add a dollar sign, and then you have the variable with the corresponding value). The transfer is automatic and, unlike CGI scripts, no parsing is necessary.

Tip

Another benefit to using PHP to handle HTML forms is that data is automatically escaped in transit. For example, if I thought "form.html" was too simple! was entered as the comment, the $Comments variable will be equal to I thought \"form.html\" was too simple! so that it may be printed without complication (Figure 3.5).

Figure 3.5. PHP will automatically escape special characters entered into HTML. This is helpful when sending data back to the browser (as in this example where the quotation marks would interfere with the `print()` statement if not for being escaped) and when entering it into databases.

graphics/03fig05.jpg

Tip

If you wanted to pass a preset value along to your script, use the HIDDEN type of input within your HTML form. For example, the line <INPUT TYPE=HIDDEN NAME="ThisPage" VALUE="form.html"> inserted between the FORM tags would create a variable in your handling script called $ThisPage with the value of "form.html". Similarly, by telling PHP to

 print ("<INPUT TYPE=   HIDDEN NAME=\"FirstName\"   VALUE=\"$FirstName\">");

you can extend the life of the $FirstName variable by passing its value along.

Tip

Although you can have the same file both display a form and handle the form's output using PHP, it does make your scripts unnecessarily complicated and difficult to debug. In the interest of simplicity, we will use a separate file, aptly named HandleForm.php .

I l @ ve RuBoard

Figure 3.3. Whatever the user enters into the HTML form will be printed out to the Web browser by the `HandleForm.php` script (see Figure 3.4).

Figure 3.4. This is another application of the `print` statement discussed in Chapter 1, but it does constitute your first dynamically generated Web page. Later chapters will cover how to manipulate the data received as well as how to send it in an e-mail or enter it into a database.

Figure 3.5. PHP will automatically escape special characters entered into HTML. This is helpful when sending data back to the browser (as in this example where the quotation marks would interfere with the `print()` statement if not for being escaped) and when entering it into databases.

Receiving Data from a Form in PHP

Figure 3.3. Whatever the user enters into the HTML form will be printed out to the Web browser by the HandleForm.php script (see Figure 3.4).

Figure 3.4. This is another application of the print statement discussed in Chapter 1, but it does constitute your first dynamically generated Web page. Later chapters will cover how to manipulate the data received as well as how to send it in an e-mail or enter it into a database.

Figure 3.5. PHP will automatically escape special characters entered into HTML. This is helpful when sending data back to the browser (as in this example where the quotation marks would interfere with the print() statement if not for being escaped) and when entering it into databases.

Figure 3.3. Whatever the user enters into the HTML form will be printed out to the Web browser by the `HandleForm.php` script (see Figure 3.4).

Figure 3.4. This is another application of the `print` statement discussed in Chapter 1, but it does constitute your first dynamically generated Web page. Later chapters will cover how to manipulate the data received as well as how to send it in an e-mail or enter it into a database.

Figure 3.5. PHP will automatically escape special characters entered into HTML. This is helpful when sending data back to the browser (as in this example where the quotation marks would interfere with the `print()` statement if not for being escaped) and when entering it into databases.