1 / 18

PHP: Dealing with User Input

PHP: Dealing with User Input. MIS 3501, Fall 2014 Jeremy Shafer Department of MIS Fox School of Business Temple University September 30, 2014. Our application so far. Project: “Get a letter from Santa”

lana-burnett
Télécharger la présentation

PHP: Dealing with User Input

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PHP: Dealing with User Input MIS 3501, Fall 2014 Jeremy Shafer Department of MIS Fox School of Business Temple University September 30, 2014

  2. Our application so far. Project: “Get a letter from Santa” Purpose: Many young children are delighted to receive a letter from Santa Claus during the Christmas season. In our hypothetical business, parents in the tri-state area can sign their children up to receive a free letter from Santa. In exchange for this, we collect their contact information so that we can direct advertising at them. We also obtain data on what gift items are popular this Christmas season. Both of these items have monetary value: • The mailing list of parents of young children • The market information re: what gifts are popular

  3. Our application so far index.php form.php handler.php For Customers functions.php login.php report.php For Employees

  4. The action Attribute • The opening form tag requires an action attribute • The value of the action attribute identifies the program on the Web server that will process the form data when the form is submitted <form action="handler.php">

  5. Adding the method Attribute • The value of the method attribute must be either “post” or “get” • The “post” method embeds the form data in the request message (invisible to the typical user) • The “get” method appends the form data to the URL specified in the form’s action attribute • When a Web form is submitted using the “get” method, PHP creates and populates a $_GET array PHP Programming with MySQL, 2nd Edition

  6. Adding the method Attribute(continued) • Form fields are sent to the Web server as a name/value pair • The name portion of the name/value pair becomes the key of an element in the $_POST or $_GET array, depending on which method was used to submit the data • The value portion of the name/value pair is populated by the data that the user enters in the input control on the Web form PHP Programming with MySQL, 2nd Edition

  7. Adding the method Attribute(continued) • When submitting data using the “get” method, form data is appended to the URL specified by the action attribute • Name/value pairs appended to the URL are called URL tokens

  8. Adding the method Attribute(continued) • The form data is separated from the URL by a question mark (?) • the individual elements are separated by an ampersand (&) • the element name is separated from the value by an equal sign (=). • Spaces in the name and value fields are encoded as plus signs (+) • Non-Alphanumeric characters may be encoded with the ASCII character set (%)

  9. Adding the method Attribute(continued) • all other characters except letters, numbers, hyphens (-), underscores (_) and periods (.) are encoded using a percent sign (%) followed by the two-digit hexadecimal representation of the character’s ASCII value • (the following code shows three form elements submitted to the process_Scholarship.php script) http://www.example.net/process_Scholarship.php?fName=John&lName=Smith&Submit=Send+Form

  10. Adding the method Attribute(continued) • Limitations of the “get” method for submitting form data • The form values are appended to the URL in plain text, making a URL request insecure • Advantage of the “get” method for submitting form data • Passed values are visible in the Address Bar of the browser

  11. Moving from $_GET to $_POST • Web forms are interactive controls that allow users to enter and submit data to a processing script • A Web form is a standard HTML form with two required attributes in the opening <form> tag: • Action attribute: Identifies the program on the Web server that will process the form data when it is submitted • Method attribute: Specifies how the form data will be sent to the processing script

  12. Back to our little application index.php form.php handler.php For Customers functions.php login.php report.php For Employees

  13. Back to our little application We want to validate and “clean up” the user input here. index.php form.php handler.php For Customers functions.php login.php report.php For Employees

  14. User input –Browser based validation • The size and maxlength attributes of the HTML input tag • We’ve seen these before, but they are getting more important. Eventually we will want to have user supplied data entered into a database table. • What happens when I try to insert 100 characters of data into a 50 character column?

  15. User input – Server based validation Here are some useful functions to help you build validation functions: • strtolower • strpos • str_replace • is_numeric • trim

  16. User input – Server based validation Here are some more useful functions to help you build validation functions: • substr • strpos • strlen

  17. User input – Server based validation … And often you need to write some functions of your own.

  18. Back to our little application index.php form.php handler.php For Customers functions.php login.php report.php For Employees This is where we put those functions that we write ourselves.

More Related