The Building Blocks: Data Types, Literals, Variables, and Constants - Part 2/Page 5 | WebReference

The Building Blocks: Data Types, Literals, Variables, and Constants - Part 2/Page 5


[previous] [next]

The Building Blocks:
Data Types, Literals, Variables, and Constants - Part 2

Introduction to Form Variables

Now we are starting to get into what makes PHP so popular. As we mentioned in the introduction to this book, PHP was designed as a Web-based programming language to create dynamic Web content, to gather and manipulate information submitted by HTML forms. For now, because we are talking about variables, we will examine a simple form and how PHP collects and stores the form information in variables. Chapter 10, "More on PHP Forms," provides a comprehensive discussion on HTML forms and introduces the special global arrays used to process them in your PHP scripts.

The php.ini File and register_globals. Before getting started, there are some issues to be aware of based on the version of PHP you are using. The PHP initialization file, called php.ini, contains a directive called register_globals. Older versions of PHP (prior to 4.2.0) had this directive turned to "On" as the default, allowing PHP to create simple variables from form data. Since then, register_globals has been set to "Off" to avoid potential security breaches. If using PHP 5, you will have to turn this feature on before PHP can directly assign form input to simple global variables, or the data must be extracted programmatically. We discuss both ways to do this in the following section. The next excerpt is taken from the PHP 5 php.ini file, showing the line where register_globals is set. The default is "Off" and you should really try to adhere to this setting.

From the php.ini file:


; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
register_globals = Off

If you do not set register_globals to "On," add the following line to your PHP program:

The $_REQUEST superglobal array contains the information submitted to the server from the HTML form. After extracting this information, PHP will create simple variables corresponding to the form data as shown in Example 4.24. In Chapter 10, "More on PHP Forms," all aspects of extracting form data are discussed in detail. For now, assume register_globals is set to "On."

How PHP Handles Form Input. For each HTML form parameter, PHP creates a global variable by the same name and makes it available to your script. For example, consider this HTML input type for two text fields:

If you have a text field named "your_name", PHP will create a variable called $your_name. And if you have another text field named "your_phone", PHP will in turn, create a variable called $your_phone. The values assigned to the PHP variables are the same values the user entered in the HTML text fields when filling out the form.

Example 4.21 illustrates a simple HTML form consisting of two fields. The form starts with the opening <form> tag. The ACTION attribute of the form tag is assigned the name of the PHP script that will handle the form input: <form ACTION="php script">.

After the user fills out the form (see Figure 4.25) and presses the submit button, the values that he or she typed in the text boxes will be sent to the PHP script (see Example 4.22). The browser knows where to send the data based on the ACTION attribute of the

tag, but it also needs to know how to send the form data to the server. The how, or method, is also an attribute of the
tag, called the METHOD attribute. There are two popular HTTP methods used to send the form information to the server—the GET method (default) and the POST method. Because the GET method is the default, you don't have to explicitly assign it as an attribute. The browser just assumes that is the method you are using. The GET method tells the browser to send a URL-encoded string, called the query string, to the server. It attaches this encoded query string to the end of the URL in the browser's location box, prepended with a ?. It is the method used when doing searches or handling static pages and GET query strings are limited in size (see Figure 4.23).

If using the POST method, the METHOD attribute must be added to the HTML <form> tag METHOD="POST" (case insensitive). With the POST method, the browser sends an encoded message body in the HTTP header to the server so that it doesn't appear in the URL. It is not limited in size, but it can't be bookmarked or reloaded, and does not appear in the browser's history (see Figure 4.24).

When PHP gets the form input from the server, it takes care of decoding the query string or message body and assigning the respective input values to PHP variables as shown in Example 4.21. (For a complete discussion of the differences between the GET and POST methods, see https://www.cs.tut.fi/~jkorpela/forms/methods.html.)

Example 4.21

Explanation

  1. The HTML <form> tag starts the form. The URL of the script that will handle the form data is assigned to the action attribute. The "method" on how the data will be transmitted is assigned to the method attribute. Because the GET method is the default method for transmitting data to the server, you do not have to explicitly assign it as an attribute. This example is using the GET method.
  2. , 3 The HTML input type is a text box that is set to hold 50 characters. One is named "your_name" and the other is named "your_phone".
  3. After the user enters his or her name and phone number in the respective text boxes, and presses the submit button (see Figure 4.25), the browser will collect and URL encode the input data, then send it to the server. The server will hand it to the PHP script listed (see Example 4.22) in the action attribute on line 1. When PHP gets the input data, it will decode it, and create a variable called $your_name (the name of the first text box) and a variable called $your_phone (the name of the second text box) and give it the values that were entered in the form by the user.
  4. This </form> tag ends the HTML form.

Figure 4.25 The HTML form has been filled out by a user.

Example 4.22

(The PHP Script)

or in the HTML document use the PHP shortcut tags:

Explanation

  1. The browser bundles up the input data, encodes it, and attaches it as a query string to the URL as:

    ?https://localhost/exemples/ch4variables/form_example.php? your_name=Samual+B.+Johnson+Jr.&your_phone=222-444-8888

    PHP decodes the query string; that is, it removes the + signs and & and any other encoding characters, and then creates global variables, called $your_name and $your_phone, and assigns values based on the user input. In this example, the values of the variables are printed as part of the PHP script.

  2. You can also use the shortcut tags within the HTML document to display the value of the PHP variables. The output is displayed in the browser, as shown in Figure 4.26.

Figure 4.26 Output from the PHP script in Example 4.22.

Extracting the Data by Request. In the previous example, we used the default GET method to send form input to the server. We also assumed the register_globals in the php.ini file was turned "On," allowing PHP to create simple global variables with the form data. In the following example, we assume that register_globals is turned "Off" (the recommended and default setting) and that the method is POST, the more commonly used method when working with form input, as shown in Figure 4.24. This method sends the form input as a message body in the HTTP header to the server and does not append the data to the URL in the browser. Even though the input data is sent using a different method, it is received in the same URL-encoded format. When register_globals is turned off, PHP provides special variables, called arrays, to store the form information. Because we do not cover arrays until Chapter 8, "Arrays," we will create simple variables to hold input data from the form, but first must explicitly extract the data from a special global array called $_REQUEST. This special array contains all of the input data for both GET and POST methods, and once it is extracted will be assigned to PHP variables with the same name as was given to the corresponding input devices in the HTML form.

Example 4.23

(The HTML Form Source)

Explanation

  1. The HTML <form> tag starts the form. The URL of the script that will handle the form data is assigned to the action attribute. The "method" on how the data will be transmitted is assigned to the method attribute. The POST method is used here. This is the most common method for processing forms. The form input is sent in an HTTP header to the server.
  2. , 3, 4 The input devices are three text boxes for accepting user input. The name attribute is assigned the names of the respective boxes, your_name, your_phone, and your_email (see Figure 4.27). These same names will be used as variable names in the PHP program, /phpforms/form1.php, listed in the forms action attribute.
  3. When the user presses the submit button, the form input is encoded and sent to the server. The form input will not be visible in the URL as it is with the GET method.
  4. This marks the end of the form.

Figure 4.27 Data has been entered into the HTML form.

Example 4.24

(The PHP program)

Explanation

  1. If the register_globals directive in the php.ini file is set to "Off," the built-in PHP extract() function can be used to get the form input stored in $_REQUEST, an array that contains input received from both GET and POST methods. The extract() function will convert the input into variables of the same name as the input devices in the HTML file. The EXTR_SKIP flag ensures that if there is a collision, that is, you have already defined a variable with the that name somewhere in your PHP program, it won't be overwritten.
  2. The variables $your_name, $your_phone, and $your_email_addr were created by the extract() function and named after the text boxes originally named in the HTML form. The output is displayed in the browser, as in Figure 4.28.

Figure 4.28 After PHP processes the input data from the form.

Predefined Variables. PHP provides a number of predefined variables (see Table 4.6 and Figure 4.29), some that are not fully documented because they depend on which server is running, its configuration, and so on. Some are defined in the php.ini file. These variables describe the environment, server, browser, version number, configuration file, and so on.

Table 4.6 Predefined Variables

Variable What It Does
AUTH_TYPE If running the Apache server as a module, this is set to the authentication type.
DOCUMENT_ROOT The full path of the Web's document root, normally where HTML pages are stored and defined in the server's configuration file.
HTTP_USER_AGENT Identifies the type of Web browser to the server when it requests a file.
HTTP_REFERER The full URL of the page that contained the link to this page. Of course if there isn't a referring page, this variable would not exist.
REMOTE ADDRESS The remote IP address of the client machine that requested the page.

There many more predefined variables; which ones are set depends on your PHP configuration. The function phpinfo() can be used to retrieve built-in variables that have been set.

This chapter is excerpted from the book titled, PHP and MySQL by Example, authored by Ellie Quigley. Copyright 2007 Pearson Education, Inc., published by Prentice Hall Professional, November, 2006. ISBN 0131875086.

[previous] [next]

URL: