Today in this post, I would talk about Handling HTML forms with PHP. A simple example would be registration form. Lets create a html form with php
<html>
<form action=”register.php” method=”post”>
<table border=0>
<tr> <td><font face=”Arial, Helvetica, sans-serif” color=black size=-1> <b>Username:*</b></br> <i>It must be 3 or more characters in length <br> and may only contain letters and number</i></td> <td><input name=”userid” type=”text” id=”userid” maxlength=”30″> </td> </tr> <tr> <td><font face=”Arial, Helvetica, sans-serif” color=black size=-1> <b>Password:*</b><br> <i>It must be 6 or more characters in length <br> and may only contain letters and number</i></td> <td><input name=”password” type=”password” id=”password” maxlength=”15″> </td> </tr> <tr> <td><font face=”Arial, Helvetica, sans-serif” color=black size=-1> <b>Re-type Password:*</b></td> <td><input name=”password2″ type=”password” id=”password2″ maxlength=”15″> </td> </tr> <tr> <td><font face=”Arial, Helvetica, sans-serif” color=black size=-1> <b>Firstname:*</b></td> <td><input name=”firstname” type=”text” id=”firstname” maxlength=”15″> </td> </tr> <tr> <td><font face=”Arial, Helvetica, sans-serif” color=black size=-1> <b>Lastname:*</b></td> <td><input name=”lastname” type=”text” id=”lastname” maxlength=”15″> </td> </tr> <tr> <td><font face=”Arial, Helvetica, sans-serif” color=black size=-1> <b>Your Email Atdress:*</b><br> <i>A confirmation email will be sent to you <br> at this address</i> </td> <td><input name=”email” type=”text” id=”email” maxlength=”255″> </td> </tr> <tr>
<tr>
<td><font face=”Arial, Helvetica, sans-serif” color=black size=-1> <b>Your Mobile No:*</b><br> </td> <td><input name=”mob” type=”text” id=”mob” maxlength=”10″> </td> </tr>
<tr>
<td><input name=”reset” type=”reset” value=”Reset”></td> <td><input name=”register” type=”submit” value=”register”> </td> </tr> </table>
</form>
</html>
|
We can save this file as myregistration.html and When you will open it you will get below html form.
When you fill the data and click the submit button, the all the submitted data is sent to register.php through HTML Post method
All variables passed to the current script via the HTTP POST method are stored in associative array $_POST. So you can access data from each field using $_POST[‘NAME’], where NAME is the actual field name. If you submit the form above you would have access to a number of $_POST array values inside the register.php file. The vvariables
$_POST[‘userid’]
$_POST[‘password’]
$_POST[‘password2’]
$_POST[‘firstname’]
$_POST[‘lastname’]
$_POST[’email’]
$_POST[‘mob’]
$_POST[‘password’]
$_POST[‘password2’]
$_POST[‘firstname’]
$_POST[‘lastname’]
$_POST[’email’]
$_POST[‘mob’]
Now it is the job of register.php to process these variable according to the need and return the information back to user
Let’s for example, we choose register.php like
Let’s for example, we choose register.php like
<?php echo ‘<html>’;
$userid=$_POST[‘userid’];
$password=$_POST[‘password’]; $password2=$_POST[‘password2’]; $firstname=$_POST[‘firstname’]; $lastname=$_POST[‘lastname’]; $email=$_POST[’email’]; $mob=$_POST[‘mob’];
/* some mysql stuff */
echo ‘You name is $userid’;
echo ‘<br>’; echo ‘You Firstname is $firstname’; echo ‘<br>’; echo ‘You lastname is $lastname’; echo ‘<br>’; echo ‘Your registration is completed’;
echo ‘</html>’;
?> |
But here we are missing very important piece of information i.e validation. Users may put bad piece and totally corrupt the things. so it is always good to validate the information
There are many ways to perform the validation and it depends on the need,I would tell here some of the basics one
There are many ways to perform the validation and it depends on the need,I would tell here some of the basics one
htmlspecialchars() | This function convert the html special character in the input to html version. So attacker cannot inject html or java code in the field |
stripslashes() : | It removes the backflashed in the data |
trim() | This function returns a string with whitespace stripped from the beginning and end of string |
preg_match | This function matches the string with the strings. This is good function to validate the character in the field
preg_match(“/[^a-zA-Z]/”,$userid) : It check for if $userid is made of letters a-z and A-Z only (no spaces, digits or any other characters)
|
Keeping all these validation in mind, we can write the register.php as
<?php function validate_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; }
function validate_email($data)
{ $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); if (!preg_match(“/([\w\-]+\@[\w\-]+\.[\w\-]+)/”,$data)) { die(“E-mail address not valid”); } return $data; }
echo ‘<html>’;
$userid=validate_input($_POST[‘userid’]);
$password=validate_input($_POST[‘password’]); $password2=validate_input($_POST[‘password2’]); $firstname=validate_input($_POST[‘firstname’]); $lastname=validate_input($_POST[‘lastname’]); $email=validate_email($_POST[’email’]); $mob=$_POST[‘mob’];
/* some mysql stuff */
echo ‘You name is $userid’;
echo ‘<br>’; echo ‘You Firstname is $firstname’; echo ‘<br>’; echo ‘You lastname is $lastname’; echo ‘<br>’; echo ‘Your registration is completed’;
echo ‘</html>’;
?> |
0 comments:
Post a Comment