Learnit Training

4. Forms

On many websites, forms are used today to give visitors to the website the opportunity to interact with the website. Here are a few examples that you might find familiar with.

They all have that there are boxes where you can type something in, that you can click on the mouse somewhere to continue (login/Send/Search) and that on the page where you came up something happened with what you filled in. In this chapter we will work on a form similar to that of the Telegraph website.

4.1. The HTML behind a form

Even though HTML is supposed to be known in this course, it is well conceivable that the HTML for forms is a bit weggezakt as it is as good as useless without the help of a language like PHP. The form we're going to work with looks like this:

Form

Contract 5.1.

  1. Download the code for this form by right-clicking here and choosing "Save Target as" (or in Firefox: "Koppelink Save As").
  2. Save the form. html file in c:\xampp\htdocs\phpcursus\4\ (or in c:\MIJN\EIGEN\MAP\htdocs\phpcursus\4\ If you had modified Xampp's installation folder).
  3. View the form at http://localhost/phpcursus/4/form.html.
  4. Request the source code of the form (Image > source), and study it. Below we discuss one and the other.

A first line that may be noticeable, but in any case important, is this:

<form name="reactie_formulier" method="post" action="verwerk.php">

What it Method attribute does we discuss so. The Actionattribute indicates where, after pressing the Send button, the browser should be sent; Processing. php So in this case. What we should do then we discuss'll.

There are two tags:

<input type="text" name="naam" />

These tags form the input fields; The fields where text can be typed. It is important that they all get a unique name.

A last notable tag is:

<input  type="submit" value="verstuur" />

This is a special type of the previous one, ensuring that the form is sent to the page specified in Action.

4.2. Get and Post

There are two ways to send the form, these ways are called methods. The example uses the Post Method.

Contract 5.2.

  1. Open phpcursus\4\form.html in Notepad
  2. Verify that the attribute Method is set to Post.
  3. Surf to http://localhost/phpcursus/4/form.html, fill out the form with random information and click on send.
  4. See what happens.
  5. Probably you will get the message "Object not found!", but pay in particular attention to the address bar, here it says: http://localhost/phpcursus/4/verwerk.php.
  6. Change the Method Now in Get; Rule 6 of form. html therefore:
    <form name="reactie_formulier" method="get" action="verwerk.php">
    
  7. Surf to http://localhost/phpcursus/4/form.html and press F5 to release the new version (with Get method).
  8. Fill out fictitious information and press sendagain.
  9. The address bar should now look like this:

Get method

The contents of the form are behind the file name Processing. php Put. The difference between Get And Post is illustrated with this. Get Paste everything to the URL, this can be useful because there is clearly to see what happened. But more often it is awkward because there is a limit to the length of values that can be sent as such. Furthermore, it can also look sloppy. For this reason we work here with the Post Method.

Contract 5.3.

Set the method phpcursus\4\form.html Back to Post.

4.3. Processing a form

In the meantime, as soon as it is filled in and clicked on send , the form is sent to processed. PHP . What we then often want is to validate the information from the form; See if it is filled out correctly. And if this is the case, we usually want to save it. We do not do this, we can only do this when we can work with the database.

Retrieving the information from the form is actually very simple, it goes with the so-called Superglobal $ _POST (or of course $ _GET If we were to make use of the Get method). The following script is a first version of Processing. php



	Process form

You filled in:\n ";
Echo\n ";
Echo\n ";
?>
Name:" . $ _POST [' name ']. "
E-mail:" . $ _POST [' email ']. "
Response:" . $ _POST [' comment ']. "

Contract 5.4.

  1. Create a new file processing. PHP in the folder phpcursus\4\.
  2. Open the file in Notepad and paste the above script into it
  3. Surf again to http://localhost/phpcursus/4/form.html, fill out the form with random information and click Sendagain.

Processing. php

4.3.1. Validating

So now we can get the data entered into the form on the screen again, but what happens now if a visitor enters nothing or not throbbing data? With no knocking , we mean, for example, that the e-mail address does not have the form of an e-mail address. Of course, We can't know if an email address really belongs to the visitor.

It is clear that we need to check what is entered before we send it back to the browser or do something else with it. We call this check-up validation. First we check if the variable has arrived at all. This is done by checking if it is present in the $_POST array using the isset() function. We also check that it does not contain an empty string.

Naam: " . $naam  . "\n";
    }
else {
	echo "Naam: Vul een naam in!\n";
    }
?>

Contract 5.5

  1. Open up processing. PHP again in Notepad
  2. Change the script so that the above piece of code is threaded
  3. Save but do not close
  4. Surf to http://localhost/phpcursus/4/form.html
  5. Do not enter anything by name and press send, see if the newly created script works correctly
  6. Make sure that this validation is also applied to the e-mail address and the response
  7. Check the operation of the script
  8. Please check here if you do not come out or check

Validate 4.3.1.1 e-mail address with Filters

Now we only check if a field in the form is not empty. We do not see if an email address is correct. Fortunately, PHP offers a feature that can help validate: filter_var(). In the following way, we can validate the email address:
if ( isset($_POST['email'])  && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) )  {
    ...
  }
else {
    ...
 }

Note: We replace the code that is now not revived by ...

Note: A & & B Is Where If A And B Both Where Are.

Validate 4.3.1.2 with regular expressions

However, the number of validation filters is limited. For example, there is no validation filter for Dutch zip code. You can check this using a regular expression. Regular expressions are specifications of what a string should look like, and go too far for this online course. There are many good sources on the web that can help you further (e.g. www.regular-expressions.info/php.html).

4.3.2 Clean up text

We already have control over the email address, but not yet for the name and response. It could really run dramatically with our website if a visitor went to enter HTML codes!

Contract 5.6

  1. Consider what would happen if a visitor would enter the following line as an "email address":
  2. Try this out!
  3. Look at the source code of processing. html If the above line is filled in, understand what is there!
All characters that can cause problems should be removed. Again we can use the Filter_var function again. This gives us a ' dirty ' text and returns the cleaned text from which all HTML tags are removed.
$naam = Filter_var ($ _POST [' name '], FILTER_SANITIZE_STRING);

Contract 5.7

  1. Open processing. PHP again in Notepad if it is not open yet.
  2. Adjust the script so that the above filtering is also performed.
  3. Consider how the reaction can be monitored and does this!