One of main advantages PHP is how it works with HTML forms. The key here is that each form element is automatically made available to your PHP programs. For detailed information see the section on using forms in PHP. Here is an example of an HTML form:
Example #1 The simplest HTML form
There is nothing special about this form. This is a normal HTML form without any special tags. When the user fills out the form and clicks the submit button, the action.php page will be called. This file might contain something like:
Beispiel #2 Rendering form data
Hello,
.
To youyears.
Sample output from this program:
Hello Sergey. You are 30 years old.
If you do not take into account pieces of code with htmlspecialchars() and (int), the principle of operation of this code should be simple and clear. htmlspecialchars() ensures that "special" HTML characters are properly encoded so that malicious HTML or Javascript is not inserted into your page. The age field, which we know must be a number, we can simply convert to integer, which will automatically get rid of unwanted characters. PHP can also do this automatically with the filter extension. The $_POST["name"] and $_POST["age"] variables are automatically set for you by PHP. Earlier we used the $_SERVER superglobal, but here we also use the $_POST superglobal, which contains all the POST data. notice, that sending method(method) of our form is POST. If we were to use the method GET, then our form information would be in the $_GET superglobal. Alternatively, you can use the $_REQUEST variable if the data source is irrelevant. This variable contains a mix of GET, POST, COOKIE data.
15 years ago
According to the HTTP specification, you should use the POST method when you"re using the form to change the state of something on the server end. For example, if a page has a form to allow users to add their own comments, like this page here, the form should use POST. which is why these pages aren't bookmarked or cached.
You should use the GET method when your form is, well, getting something off the server and not actually changing anything. For example, the form for a search engine should use GET, since searching a Web site should not be changing anything that the client might care about, and bookmarking or caching the results of a search-engine query is just as useful as bookmarking or caching a static HTML page.
2 years ago
Worth clarifying:
POST is not more secure than GET.
The reasons for choosing GET vs POST involve various factors such as intent of the request (are you "submitting" information?), the size of the request (there are limits to how long a URL can be, and GET parameters are sent in the URL), and how easily you want the Action to be shareable -- Example, Google Searches are GET because it makes it easy to copy and share the search query with someone else simply by sharing the URL.
Security is only a consideration here due to the fact that a GET is easier to share than a POST. Example: you don't want a password to be sent by GET, because the user might share the resulting URL and inadvertently expose their password.
However, a GET and a POST are equally easy to intercept by a well-placed malicious person if you don't deploy TLS/SSL to protect the network connection itself.
All Forms sent over HTTP (usually port 80) are insecure, and today (2017), there aren't many good reasons for a public website to not be using HTTPS (which is basically HTTP + Transport Layer Security).
As a bonus, if you use TLS you minimize the risk of your users getting code (ADs) injected into your traffic that wasn't put there by you.
In this lesson, we will learn about the function mail(), on the example of creating forms feedback in PHP with the subsequent sending of the received data by mail.
To do this, we will create two files - format.php and mail.php. The first file will contain only a form with fields for user input. Inside the tag form- button "Send" and attribute action, which refers to the handler - mail.php, it is to it that the data from the form is accessed when the button is pressed "Send". In our example, form data is sent to a web page called "/mail.php". This page contains a script for PHP which handles the form data:
This is how the form looks visually in the browser.
Next, write the code for the file mail.php. We come up with the names for the variables themselves. AT PHP variable starts with sign $ , followed by the name of the variable. Text value variable is enclosed in quotes. With the help of variables, the contents of the form are sent to the administrator's email, simply by substituting the name of the form element - value in square brackets name.
$to=" [email protected]"; // email of the recipient of the data from the form
$tema = "PHP Contact Form"; // subject of the received email
$message = "Your name: ".$_POST["name"]."
";//assign the value obtained from the form name=name to the variable
$message .= "Email: ".$_POST["email"]."
"; //obtained from the form name=email
$message .= "Phone number: ".$_POST["phone"]."
"; //obtained from the form name=phone
$message .= "Message: ".$_POST["message"]."
"; //obtained from the form name=message
$headers = "MIME-Version: 1.0" . "\r\n"; // header matches format plus newline character
$headers .= "Content-type: text/html; charset=utf-8" . "\r\n"; // indicates the type of content being sent
mail($to, $tema, $message, $headers); //sends the values of the variables to the recipient's email
?>
So the data from the array $_POST will be passed to the corresponding variables and sent to the mail using the function mail. Let's fill out our form and hit the submit button. Don't forget to include your e-mail. The letter arrived immediately.
JavaScript is blocked in your browser. Allow JavaScript for this site to work!
Working with Forms
HTML forms are used to send data from the user of the Web page to the server. PHP provides a number of special tools for working with forms.
Predefined Variables
PHP has a number of predefined variables that do not change when all applications run in a particular environment. They are also called environment variables or environment variables. They reflect the settings of the Apache Web server environment, as well as information about the request. this browser. It is possible to get the values of the URL, query string, and other elements of the HTTP request.
All predefined variables are contained in the $GLOBALS associative array. In addition to environment variables, this array also contains global variables defined in the program.
Example 1
"; ?>
As a result, a list of all global variables will appear on the screen, including environment variables. The most commonly used ones are:
| Variable | Description | Content |
|---|---|---|
| $_SERVER["HTTP_USER_AGENT"] | Client name and version | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| $_SERVER["REMOTE_ADDR"] | IP address | 144.76.78.3 |
| getenv("HTTP_X_FORWARDED_FOR") | Internal client IP address | |
| $_SERVER["REQUEST_METHOD"] | Request method (GET or POST ) | GET |
| $_SERVER["QUERY_STRING"] | On a GET request, the encoded data passed along with the URL | |
| $_SERVER["REQUEST_URL"] | Full client address including query string | |
| $_SERVER["HTTP_REFERER"] | URL of the page from which the request was made | |
| $_SERVER["PHP_SELF"] | Path to the executable program | /index.php |
| $_SERVER["SERVER_NAME"] | Domain | website |
| $_SERVER["REQUEST_URI"] | Path | /php/php_form.php |
Handling user input
The PHP input handler can be separated from the HTML text containing the input forms, or placed on the same page.
Example 2
There is no data transfer button here, because. a form consisting of one field is submitted automatically when a key is pressed
When processing an element with a multi-value selection, to access all the selected values, you must add a pair of square brackets to the element name. To select multiple items, hold down the Ctrl key.
Example 3.1
EXAMPLE 3.1 RESULT:
Example 3.2
- "; foreach ($Item as $value) echo "
- $value"; echo "
Example 4. Accepting values from checkboxes
$v) ( if($v) echo "You know programming language $k!"; else echo "You don't know the programming language $k.
"; } } ?>
EXAMPLE 4 RESULT:
Example 5
"; ?>It is possible to process forms without caring about the actual field names.
To do this, you can use (depending on the transfer method) the associative array $HTTP_GET_VARS or $HTTP_POST_VARS . These arrays contain name/value pairs for each element of the submitted form. If you don't care, you can use the $_REQUEST associative array.
Example 6
"; ?>
Example 7. Handling a button click using the "@" operator.
Using the header() function, by sending the browser the "Location" header, you can redirect the user to a new page.
For example:
Transferring a file to the server. Upload file. UpLoad
PHP allows you to send files to the server. The HTML form for file submission must contain the argument enctype="multipart/form-data" .
In addition, the form must have a hidden field named max_file_size before the file copy field. This hidden field should contain the maximum size of the transferred file (usually no more than 2 MB).
The file transfer field itself is a normal INPUT element with the argument type="file" .
For example:
After a file is uploaded to the server, it is given a unique name and stored in the temporary directory. The full path to the file is written to a global variable whose name matches the name of the field for transferring this file. In addition, PHP stores some additional information about the passed file in other global variables:
Example 8
"; echo "size: ".$_FILES["userfile"]["size"]."
"; echo "type: ".$_FILES["userfile"]["type"]."
"; } ?>
Examples of uploading files to the server
If there are problems with the conversion of the uploaded file by the server, the symbol with the code 0x00 replaced with a space (character with code 0x20), add to the file httpd.conf from the Apache directory (/usr/local/apache) the following lines.