Examples of PHP forms

Time:2020-7-28

Form processing

GET vs. POST

1. Both get and post create arrays (for example, array (key = > value, key2 = > Value2, Key3 = > value3,…). This array contains key / value pairs where the key is the name of the form control and the value is the input data from the user.

2. Get and post are regarded as$_ Get and$_ POST。 They are super global variables, which means that access to them does not need to be scoped – you can access them from any function, class, or file without any special code.

3. Transmission mode

$5 Get is an array of variables passed to the current script through a URL parameter.
$5 Post is an array of variables passed to the current script via HTTP post.

(1) When to use get?

The information sent from the form through the get method is visible to anyone (all variable names and values are displayed in the URL). Get also limits the amount of information sent. It’s limited to about 2000 characters.

Get can be used to send non sensitive data.

Note: never use get to send passwords or other sensitive information!

(2) When to use post?

The information sent from the form via the post method is invisible to others (all names / values are embedded in the body of the HTTP request), and there is no limit to the amount of information sent.

In addition, post supports high-level functions, such as multi part binary input when uploading files to the server.

Tip: developers prefer post to send form data.

Form Validation

Htmlspecialchars() function

If you want to submit the form to the page itself, rather than jump to another page. In this way, users can get error messages on the form page.

The HTML code for the form looks like this:


<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

(1) What is it$_ SERVER[“PHP_ Self “] variable?

$5 SERVER[“PHP_ Self “] is a super global variable that returns the file name of the currently executing script.
So$_ SERVER[“PHP_ Self “] send the form data to the page itself rather than jump to another page. In this way, users can get error messages on the form page.

(2) What is the htmlspecialchars() function?

The htmlspecialchars() function converts special characters into HTML entities. This means that HTML characters such as < and > are replaced with & lt; and & gt; and the page effect is still < >. This prevents attackers from exploiting code by injecting HTML or JavaScript code into the form (cross site scripting attacks).
If there is no htmlspecialchars() function

Hacker input URL:


http://www.example.com/test_form.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E

The form will be converted to:


<form method="post" action="test_form.php"/><script>alert('hacked')</script>

Typical reflection XSS

Form check function:

<?php
//Define the variable and set it to a null value
$name = $email = $gender = $comment = $website = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
 $name = test_input($_POST["name"]);
 $email = test_input($_POST["email"]);
 $website = test_input($_POST["website"]);
 $comment = test_input($_POST["comment"]);
 $gender = test_input($_POST["gender"]);
}

function test_input($data) {
 $data = trim($data);
 $data = stripslashes($data);
 $data = htmlspecialchars($data);
 return $data;
}
?>

Required fields to verify e-mail and URL

1. Verify the name

The following code shows a simple way to check that the name field contains letters and spaces. If the name field is invalid, an error message is stored:

$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
 $nameerr = "only letters and spaces are allowed! "; 
}

2. Verify e-mail

The following code shows a simple way to check that the e-mail address syntax is valid. If not, an error message is stored:

$email = test_input($_POST["email"]);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
 $mailerr = "invalid email format! "; 
}

3. Verify URL

The following code shows a method to check that the URL address syntax is valid (this regular expression also allows slashes in the URL). If the URL address syntax is invalid, an error message is stored:

$website = test_input($_POST["website"]);
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%
=~_|]/i",$website)) {
 $websiteer = invalid URL; 
}

Complete the form instance

<!DOCTYPE HTML> 
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body> 

<?php
//Define the variable and set it to a null value
$nameErr = $emailErr = $genderErr = $websiteErr = "";
$name = $email = $gender = $comment = $website = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
 if (empty($_POST["name"])) {
 $nameerr = name is required;
 } else {
 $name = test_input($_POST["name"]);
 //Check that the name contains letters and blank characters
 if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
 $nameerr = "only letters and spaces are allowed"; "; 
 }
 }
 
 if (empty($_POST["email"])) {
 $mailerr: "email is required";
 } else {
 $email = test_input($_POST["email"]);
 //Check that the email address syntax is valid
 if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
 $email err = "invalid email format"; "; 
 }
 }
 
 if (empty($_POST["website"])) {
 $website = "";
 } else {
 $website = test_input($_POST["website"]);
 //Check that the URL address syntax is valid (regular expressions also allow slashes in URLs)
 if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website)) {
 $websiteer = invalid URL; 
 }
 }

 if (empty($_POST["comment"])) {
 $comment = "";
 } else {
 $comment = test_input($_POST["comment"]);
 }

 if (empty($_POST["gender"])) {
 $gendererr = gender is required;
 } else {
 $gender = test_input($_POST["gender"]);
 }
}

function test_input($data) {
 $data = trim($data);
 $data = stripslashes($data);
 $data = htmlspecialchars($data);
 return $data;
}
?>

<h2>PHP instance verification</h2>
<p>< span > * required fields</p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
 Name: < input type = "text" name = "name" >
 <span>* <?php echo $nameErr;?></span>
 <br><br>
 Email: < input type = "text" name = "email" >
 <span>* <?php echo $emailErr;?></span>
 <br><br>
 Website: < input type = "text" name = "website" >
 <span><?php echo $websiteErr;?></span>
 <br><br>
 Comments: < textarea name = "comment" rows = "5" cols = "40" >

The above is the detailed content of PHP form related knowledge summary. For more information about PHP form, please pay attention to other related articles in developeppaer!