Session 4: PHP FORMS

Forms allow the user to submit data to the server.

1. Form Handling
The primary way website users interact with PHP and MySQL is through the use of
HTML forms. These were introduced very early in the development of the World Wide Web
in 1993, even before the advent of e-commerce, and have remained a mainstay ever since, due
to their simplicity and ease of use.

Of course, improvements have been made over the years to add additional
functionality to HTML form handling. This chapter will therefore bring you up to speed with
state-of-the-art form handling and show you the best ways to implement forms for good
usability. and security. In addition, as you will see a little later, the HTML5 specification has
further improved the use of forms.

1.1. POST method

Information sent from a form with the POST method is invisible to others (all
names/values are embedded in the body of the HTTP request) and has no limit on the amount
of information to send. Additionally, POST supports advanced features such as multipart
binary input support when uploading files to the server.

1.2. GET method

Information sent from a form with the GET method is visible to everyone (all variable
names and values are displayed in the URL). GET also has limits on the amount of
information to send. The limit is around 2000 characters. However, since the variables are
displayed in the URL, it is possible to mark the page. This can be useful in some cases. GET
can be used to send non-sensitive data.

2. Create forms

Forms management is a multi-part process. First a form is created, in which a user can
enter the required details. This data is then sent to the web server, where it is interpreted, often
with error checking. If the PHP code identifies one or more fields to be re-entered, the form
may be redisplayed with an error message. When the code is satisfied with the accuracy of the
entry, it takes action that usually involves the database, such as entering the details of a
purchase.
 To build a form, you must have at least the following:

- An opening < form > and closing </ form > tag
- A submission type specifying a GET or POST method
- One or more input fields
- The destination URL to which the form data should be submitted
2.1. The elements of a form
We will list the elements of a form and the code that goes with it:
Text field: <input type=" text " name =" name ">

Email field: <input type="email" name ="email">

Long text: < textarea name ="comment" rows ="5" cols="40"></ textarea >

Radio buttons: <input type="radio" name ="sex" value=" female "> Female

< input type="radio" name ="sex" value="male">Male

Checkbox : <input type=" checkbox " id=" scales " name =" scales " checked >

< label for=" scales "> Scales </label> <input type=" checkbox " id=" horns " name =" horns
">

< label for=" horns "> Horns </label>

Password : <input type=" password " id=" pass " name =" password " minlength ="8"
required >

Search: <input type=" search " id="site- search " name ="q">

Phone: <input type="tel" id="phone" name =" phone"pattern = "[ 0-9]{3}-[0-9]{3}-[0-9]{4}"

required >

Submit : <input type=" submit " value="Submit form">

Date: <input type="date" id="start" name ="trip-start" value="2018-07-22" min="2018-01-

01" max="2018-12-31">

Example of a simple form:

< html >
< body >
< form action=" index.php " method ="post">
 Name: <input type=" text " name =" name " > <br>
Email: <input type=" text " name ="email" > <br>
< input type=" submit ">
</ form >
</body>
</html>
Example 2 To implement:
< form id=' register ' action=' register.php ' method ='post'
accept -charset ='UTF-8'>
< fieldset >
< legend > Register </ legend >
< input type=' hidden ' name =' submitted ' id=' submitted ' value='1'/>
< label for=' name ' > Your Full Name*: </label>
< input type=' text ' name =' name ' id=' name ' maxlength ="50" />
< label for='email' >Email Address *:</label>
< input type=' text ' name ='email' id='email' maxlength ="50" />
< label for=' username '> UserName *:</label>
< input type=' text ' name =' username ' id=' username ' maxlength ="50" />
< label for=' password ' > Password *:</label>
< input type=' password ' name =' password ' id=' password ' maxlength ="50" />
< input type=' submit ' name =' Submit ' value=' Submit ' />
</ fieldset >
</ form >
To view the submitted data, you can simply echo all the variables:

< html >

< body >

Your name is <? php echo $_POST[" name "]; ? > <br>

Your email is: <? php echo $_POST["email"]; ?>

</body>
 </html>

3. Form validation

Think SECURITY when processing PHP forms! we will see how to treat PHP forms
for security reasons. Proper form data validation is important to protect your form from
hackers and spammers.

The validation rules for the above form are as follows:

field Validation
Name Required . + Must -only contains letters and
whitespace
E-mail Required . + Must contain a valid email
address
Website Optional . If present , it must contain a valid
URL
How Optional . Multi-line input field ( textarea )
Gender Required . Must select one

3.1. Data Validation in PHP

We will also do two other things when the user submits the form:
- Trim unnecessary characters (extra space, tab, newline) from user input data (with
PHP trim( ) function)
- Remove backslashes (\) from user input data (with PHP function stripslashes ( ))

The next step is to create a function that will do all the checking for us (much more
convenient than writing the same code over and over again). We will name the function
test_input ( ) .

SAMPLE FORM:

< body >

< form action=" index.php " method ="post">
Name: <input type=" text " name =" name " > <br>
Email: <input type=" text " name ="email" > <br>
< input type=" submit ">
 </ form >
</body>
In the index.php file described in the action of the form, we can therefore do a
validation:

<? php

// define variables and set to empty values

$ name = $email " ";

if ($_SERVER["REQUEST_METHOD"] == "POST") {

$ name = test_input ($_POST[" name "] );

$email = test_input ($_POST["email"] );

function test_input ($data) {

$data = trim($data );

$data = stripslashes ($data );

$data = htmlspecialchars ($data );

return $data;

?>