<< PHP/HTML Forms | PHP Tutorials

PHP POST and GET

Like the lesson before this we will talk about HTML forms but not how to make them - how to process them. There are two methods discussed, the GET method and the POST method. Both have similar syntax so you can process the form exactly the same way. The only thing is, POST method is a bit more secure as it isn't sent via the URL. For example:


Name:


Enter something in that text box and then click submit. If you look in the URL at the end you should see something like ?name=whatever+you+entered. That means it is using the GET method. If you use the post method, that would not show up in the URL, but the PHP code would still be able to read it.

Superglobals

Since this tutorial deals with PHP 4+ I'll be talking about these as superglobals. What are superglobals? They are simply variables pre-set by the PHP engine that can be accessed from anywhere in the script. Two of them are the variables that hold form data sent by an HTML form. They are, $_GET and $_POST. That's right those two variables will hold all the information sent by the form (depending on the method).

Now these two variables are associative arrays, which you should have learned about in my PHP array tutorial. The key (or label) for each form field is the name. If that didn't make sense, take the form above. The name of that text box is 'name'. Since it's set via the GET method I'd use this to get the value:

<?php
$name_entered = $_GET['name'];
?>

Now $name_entered would contain the name that you entered. If it was sent by the POST method you could just replace the $_GET with $_POST and it will work.

Processing Checkboxes

The method I showed above will work with text boxes, text areas, select-ones and radio buttons. It won't work with checkboxes as they were sent as an array. Therefore with need a special method of reading them. In this case, we will use the for loop which you should have learned about in my PHP for loop tutorial. Here is some example code for ya:

<?php
$colors = $_POST['color'];
$number_chosen = count($colors);
?>
You chose the following colors:<br />
<?php
for ($x = 0; $x < $number_chosen; $x++) {
echo "{$colors[$x]}<br />";
}
?>

What the end users will see (if Red and Green were chosen):

You chose the following colors:
Red
Green

This file can be named notexistant.php and can be used with the checkbox example in the last lesson :O Anyway as you see, only the checked checkboxes will show up in the array.

Form Security

If you plan on inserting form data in a database (such as MySQL) or outputting the information on a page you have to take certain actions to make sure someone won't try to hack your site. There are several functions available that will help you. Here is a list:

  • addslashes() - Useful for inserting data into databases
  • htmlentities() - Useful for outputting the user content
  • htmlspecialchars() - Useful for outputting the user content
  • *mysql_real_escape_string() - Useful for inserting data into databases

The addslashes() will escape any quotes in a string so the user can't break your SQL code and insert their own. The htmlentities() function will convert all applicable characters to HTML entities. The htmlspecialchars() is exactly the same as htmlentities() except it only converts &, ', ", <, and >. The mysql_real_escape_string() is special because it requires a connection to a database. Essentially it does the same thing as addslashes(). Here is an example of them all and what they would output:

<?php
$text = $_POST['text'];
echo addslashes($text) . '<br />';
echo htmlentities($text) . '<br />';
echo htmlspecialchars($text) . '<br />';
echo htmlentities($text, ENT_QUOTES);
?>

If the text was I'd like to know some <html> & some other <stuff> this would be shown:

I\'d like to know some & some other
I'd like to know some <html> & some other <stuff>
I'd like to know some <html> & some other <stuff>
I'd like to know some <html> & some other <stuff>

Now let's look at the source code:

I\'d like to know some <html> & some other <stuff>
I'd like to know some &lt;html&gt; &amp; some other &lt;stuff&gt;
I'd like to know some &lt;html&gt; &amp; some other &lt;stuff&gt;
I&#039;d like to know some &lt;html&gt; &amp; some other &lt;stuff&gt;

End of Tutorial

Yay! The tutorial is done! I hope you learned something, and maybe you will come back and read my advanced tutorials later. Good luck ;)

<< PHP/HTML Forms | PHP Tutorials