1. No category

ECA 236 - Just Us Two Photography

ECA 236
Open Source Server Side Scripting
PHP Form Handling
Open Source Server Side Scripting
HTML Forms
field names
no
spaces
will match variable names (letters, numbers, underscores)
method
GET
POST
action
the
script to which data is sent
ECA 236
Open Source Server Side Scripting
2
accessing variables
<form method=”get” action=”test.php”>
First Name: <input type=”text” name=”first_name”><br />
Last Name: <input type=”text” name=”last_name”> <br />
<input type=”submit” name=”submit”>
</form>
Three ways to access form data:
1. $first_name and $last_name
variable names are the same as field names
 register_globals must be set to ON in php.ini
 least secure of the three ways

ECA 236
Open Source Server Side Scripting
3
accessing variables
cont …
<form method=”get” action=”test.php”>
First Name: <input type=”text” name=”first_name”><br />
Last Name: <input type=”text” name=”last_name”> <br />
<input type=”submit” name=”submit”>
</form>
2. superglobals: $_GET $_POST $_REQUEST
global associative arrays
 $first_name = $_GET[‘first_name’];
 only accepted variables are ones submitted through form
 introduced in PHP version 4

ECA 236
Open Source Server Side Scripting
4
accessing variables
cont …
<form method=”get” action=”test.php”>
First Name: <input type=”text” name=”first_name”><br />
Last Name: <input type=”text” name=”last_name”> <br />
<input type=”submit” name=”submit”>
</form>
3. $HTTP_GET_VARS
or
$HTTP_POST_VARS
associative arrays
 $first_name = $HTTP_GET_VARS[‘first_name’];
 PHP version 3 and earlier – still works in version 4
 may be unsupported by future versions

ECA 236
Open Source Server Side Scripting
5
self-submission
 set
the action of the form to itself
from a document named test.php, if we wanted to send
data to a separate form handler, the form would read:
<form method=”get” action=”newScript.php”>
to reference itself, set action to test.php:
<form method=”get” action=”test.php”>
ECA 236
Open Source Server Side Scripting
6
self-submission
cont …
 isset(
)
when passed a variable, isset( ) will return TRUE if that
variable is set to some value, FALSE if the variable is NULL
before form is submitted, all variables have a value of NULL
once submitted, variable will have one of the following values:
 information
entered by user
 empty string
 TRUE
ECA 236
Open Source Server Side Scripting
7
self-submission
cont …
<?php
if( isset( $_GET[‘submit’] ) ){
$first_name = $_GET[‘first_name’];
$last_name = $_GET[‘last_name’];
echo “Your name is $first_name $last_name”;
}
else{
?>
<form method=”get” action=”test.php”>
First Name: <input type=”text” name=”first_name”><br />
Last Name: <input type=”text” name=”last_name”> <br />
<input type=”submit” name=”submit” value=‘submit’>
</form>
<?php } ?>
8
ECA 236
Open Source Server Side Scripting
self-submission
cont …
A more efficient way of setting the action of a form to send
data to itself is to use the $PHP_SELF variable accessed
through the superglobal $_SERVER
$PHP_SELF will always contain the current script’s name
as the value
<form method=”get” action=”
<?php echo $_SERVER[‘PHP_SELF’]; ?>
”>
Notice that the reference to the variable must be placed
between the <?php ?> tagset
ECA 236
Open Source Server Side Scripting
9
validating form data
isset( )
returns
TRUE if variable holds a value
drawback: returns TRUE if it holds an empty string
if( isset( $first_name ) ) {
echo “Hello, $first_name.”;
}
else{
echo “You forgot to enter your first name.”;
}
ECA 236
Open Source Server Side Scripting
10
validating form data
empty( )
returns
TRUE if argument is
“ ” (an empty string)
 0 (zero as an integer)
 “0” (zero as a string)
 NULL
 FALSE
 array( ) (an empty array)

returns
FALSE if it holds a non-empty, non-zero value
if( empty( $first_name ) ) {
echo “Please enter your first name”;
}
ECA 236
Open Source Server Side Scripting
11
validating form data
cont …
strlen( )
returns
the length of a string
can be used to test for empty strings
if( strlen( $first_name ) > 0 ){
echo “Hello, $first_name.”;
}
else{
echo “You forgot to enter your first name.”;
}
ECA 236
Open Source Server Side Scripting
12
validating form data
trim(
cont …
)
removes
white space from both ends of a variable
can be used to eliminate empty strings, and remove
extraneous white space at beginning and end of
variables
$first_name = trim( $_GET[‘first_name’] );
ECA 236
Open Source Server Side Scripting
13
validating form data
cont …
radio buttons
<form method=”post” action="<?php echo $_SERVER['PHP_SELF'];?>">
Male:<input type=”radio” name=”gender” value=”male” />
Female:<input type=”radio” name=”gender” value=”female” />
<input type = “submit” name=“submit” />
</form>
<?php
if( isset( $_POST[‘gender’] ) ){
if( $_POST[‘gender’] == “male” || $_POST[‘gender’] == “female” ){
echo “You claim to be a $_POST[‘gender’]; }
else { echo “Please enter a correct value.”; }
}
else { echo “Please enter a correct value.”; } ?>
ECA 236
Open Source Server Side Scripting
14
validating form data
Purpose of
cont …
validation
make
sure the script has all the information
it needs to do what it was designed to do
ensure the data is of the right type
added level of security by reducing user
error and user maliciousness
ECA 236
Open Source Server Side Scripting
15
sending values manually
Two other ways to pass variables and values
1. HTML form hidden input type
<input type=”hidden” name=”author” value=”Michael” />
<input type=”hidden” name=”subject” value=”PHP” />
<input type=”hidden” name=”toAddress” value=”[email protected]” />
ECA 236
Open Source Server Side Scripting
16
sending values manually
2.
cont …
Append name=value pair to anchor tags
<a href=”test.php?author=Michael”>Click Here for author</a>
<a href=”test.php?subject=PHP”>Click Here for Subject</a>
to access these variables use $_GET or
$_REQUEST superglobal
$author = $_REQUEST[‘author’];
ECA 236
Open Source Server Side Scripting
17
error handling
 ERRORS:
fatal run-time errors, such as calling a function
which does not exist – cause immediate termination
 WARNINGS:
non-fatal run-time errors, such as trying to
include( ) a file that does not exist
 NOTICES:
less serious warnings which may result from a
bug in your code, but may actually be intentional ( such as
using an uninitialized variable)
ECA 236
Open Source Server Side Scripting
18
error handling
cont …
E_ERROR
1
Fatal run-time errors
E_WARNING
2
Run-time warnings ( non-fatal errors )
E_PARSE
4
Compile-time parse errors
E_NOTICE
8
Notices (may or may not be a problem )
E_CORE_ERROR
16
Fatal start-up errors
E_CORE_WARNING
32
Non-fatal start-up errors
E_COMPILE_ERROR
64
Fatal compile-time errors
E_COMPILE_WARNING
128
Non-fatal compile-time errors
E_USER_ERROR
256
User-generated error messages
E_USER_WARNING
512
User-generated warnings
E_USER_NOTICE
1024 User-generated notices
E_ALL
All errors, warnings, and notices
ECA 236
Open Source Server Side Scripting
19
error handling
cont …
 default error handling is set to E_ALL & ~E_NOTICE
or E_ALL
// beginning test
echo “<p>. . . begin test . . .</p>”;
// include a non-existent variable
echo “<p>The variable $no_such_var is not initialized.</p>”;
// end test
echo “<p>. . . end test . . . </p>“;
. . . begin test . . .
Notice: undefined variable: no_such_var in test_error.php
The variable is not initialized.
. . . end test . . .
ECA 236
Open Source Server Side Scripting
20
error handling
 example
cont …
of a WARNING
// beginning test
echo “<p>. . . begin test . . .</p>”;
// include a non-existent file
include( ‘no_such_file.inc’ );
// print more test
echo “<p>. . . end test . . . </p>“;
. . . begin test . . .
Warning: main(no_such_file.inc): failed to open stream:
No such file or directory in testError.php on line 26
. . . end test . . .
ECA 236
Open Source Server Side Scripting
21
error handling
 example
cont …
of fatal error
// beginning test
echo “<p>. . . begin test . . .</p>”;
// call to a non-existent function
no_such_function( );
// print more test
echo “<p>. . . end test . . . </p>“;
. . . begin test . . .
Fatal error: Call to undefined function: no_such_function()
in testError.php on line 29
ECA 236
Open Source Server Side Scripting
22
error handling
in
cont …
a live, production site
turn
off error reporting
create custom error messages
during
site development
use
highest level of error reporting
display notices, warnings, and errors
to
change level of error reporting
reconfigure
php.ini
PHP functions
ECA 236
Open Source Server Side Scripting
23
error handling in php.ini
change level
of error reporting in php.ini file
error_reporting = E_ALL
; or other appropriate value
turn error
display functionality on or off
error_display = Off
ECA 236
Open Source Server Side Scripting
24
error handling functions
error_reporting( )
one argument: level of error reporting
// turn off all error reporting
error_reporting( 0 );
// beginning text
echo “<p>. . . begin text . . .</p>”;
// call to a non-existent function
no_such_function( );
// print more text
echo “<p>. . . end text . . . </p>“;
. . . begin text . . .
ECA 236
Open Source Server Side Scripting
25
error handling functions
error_reporting( )
// turn on all error reporting
error_reporting( E_ALL );
// beginning text
echo “<p>. . . begin text . . .</p>”;
// call to an undeclared variable
echo $undeclared_var;
// print more text
echo “<p>. . . end text . . . </p>“;
. . . begin text . . .
Notice: Undefined variable: undeclared_var in testError.php on line 77
. . . end text . . .
ECA 236
Open Source Server Side Scripting
26
error handling functions
temporarily shut off error
handling with @ operator
// beginning text
echo “<p>. . . begin text . . .</p>”;
// call to a non-existent function
@no_such_function( );
// print more text
echo “<p>. . . end text . . . </p>“;
. . . begin text . . .
ECA 236
Open Source Server Side Scripting
27
error handling functions
set_error_handler( )
one argument: name of custom function
custom
error handler function takes at least 2, up to 5
arguments
 error
type
 error message
optional:
 file name
 line number
 current PHP variables
ECA 236
Open Source Server Side Scripting
28
error handling functions
set_error_handler( )
// define custom error handler
set_error_handler( ‘customError’ );
// create custom function to handle errors
function customError( $type, $msg ) {
echo "<h1>Error!</h1>";
echo "<p>Error code: $type <br />";
echo "Error msg: $msg </p>";
echo "<p>Please contact your system administrator.</p>";
}
Error!
Error code: 2
Error msg: main(no_such_file.inc): failed to open stream: No such file or directory
Please contact your system administrator.
ECA 236
Open Source Server Side Scripting
29
error handling functions
set_error_handler( )
setting all 5 arguments
// define custom error handler
set_error_handler( ‘customError’ );
// create custom function to handle errors
function customError( $type, $msg, $file, $line, $vars ) {
// statements . . .
}
ECA 236
Open Source Server Side Scripting
30
error handling functions
set_error_handler( )
further customization
function customError( $type, $msg) {
switch( $type ){
case E_NOTICE:
// do nothing
break;
case E_WARNING:
echo “<p>A non-fatal error occurred: $msg </p>”;
break;
case E_ERROR:
die( “<p>A fatal error occurred: $msg </p>” );
break;
}
ECA 236
Open Source Server Side Scripting
31
error handling functions
set_error_handler( )
the
default error handlers for E_ERROR and E_PARSE
cannot be overwritten by a user-defined function.
ECA 236
Open Source Server Side Scripting
32

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz