Книга: Fedora™ Unleashed, 2008 edition
Handling HTML Forms
Handling HTML Forms
Given that PHP's primary role is handling web pages, you might wonder why this section has been left so late in the chapter. It is because handling HTML forms is so central to PHP that it is essentially automatic.
Consider this form:
<form method="POST" action="thispage.php">
User ID: <input type="text" name="UserID" /><br />
Password: <input type="password" name="Password" /><br />
<input type="submit" />
</form>
When a visitor clicks the Submit button, thispage.php
is called again and this time PHP has the variables available to it inside the $_REQUEST
array. Given that script, if the user enters 12345
and frosties
as her user ID and password, PHP provides you with $_REQUEST['UserID']
set to 12345
and $_REQUEST['Password']
set to frosties
. Note that it is important that you use HTTP POST unless you specifically want GET. POST enables you to send a great deal more data and stops people from tampering with your URL to try to find holes in your script.
Is that it? Well, almost. That tells you how to retrieve user data, but be sure to sanitize it so that users do not try to sneak HTML or JavaScript into your database as something you think is innocuous. PHP gives you the strip_tags()
function for this purpose. It takes a string and returns the same string with all HTML tags removed.