Download
eca 236 n.
Skip this Video
Loading SlideShow in 5 Seconds..
ECA 236 PowerPoint Presentation

ECA 236

2 Vues Download Presentation
Télécharger la présentation

ECA 236

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. ECA 236 Open Source Server Side Scripting PHP Form Handling Open Source Server Side Scripting

  2. HTML Forms • field names • no spaces • will match variable names (letters, numbers, underscores) • method • GET • POST • action • the script to which data is sent Open Source Server Side Scripting

  3. accessing variables <form method=”get” action=”test.php”> First Name: <input type=”text” name=”first_name”><br /> Last Name: <input type=”text” name=”last_name”> <br /> <input type=”submit” name=”submit”></form> Three ways to access form data: 1. $first_name and $last_name • variable names are the same as field names • register_globals must be set to ON in php.ini • least secure of the three ways Open Source Server Side Scripting

  4. accessing variables cont … <form method=”get” action=”test.php”> First Name: <input type=”text” name=”first_name”><br /> Last Name: <input type=”text” name=”last_name”> <br /> <input type=”submit” name=”submit”></form> 2. superglobals: $_GET $_POST $_REQUEST • global associative arrays • $first_name = $_GET[‘first_name’]; • only accepted variables are ones submitted through form • introduced in PHP version 4 Open Source Server Side Scripting

  5. accessing variables cont … <form method=”get” action=”test.php”> First Name: <input type=”text” name=”first_name”><br /> Last Name: <input type=”text” name=”last_name”> <br /> <input type=”submit” name=”submit”></form> 3. $HTTP_GET_VARS or $HTTP_POST_VARS • associative arrays • $first_name = $HTTP_GET_VARS[‘first_name’]; • PHP version 3 and earlier – still works in version 4 • may be unsupported by future versions Open Source Server Side Scripting

  6. self-submission • set the action of the form to itselffrom a document named test.php, if we wanted to send data to a separate form handler, the form would read:<form method=”get” action=”newScript.php”>to reference itself, set action to test.php:<form method=”get” action=”test.php”> Open Source Server Side Scripting

  7. self-submission cont … • isset( )when passed a variable, isset( ) will return TRUE if that variable is set to some value, FALSE if the variable is NULL before form is submitted, all variables have a value of NULL once submitted, variable will have one of the following values: • information entered by user • empty string • TRUE Open Source Server Side Scripting

  8. self-submission cont … <?phpif( isset( $_GET[‘submit’] ) ){ $first_name = $_GET[‘first_name’]; $last_name = $_GET[‘last_name’]; echo “Your name is $first_name $last_name”;}else{ ?> <form method=”get” action=”test.php”> First Name: <input type=”text” name=”first_name”><br /> Last Name: <input type=”text” name=”last_name”> <br /> <input type=”submit” name=”submit” value=‘submit’> </form><?php } ?> Open Source Server Side Scripting

  9. self-submission cont … A more efficient way of setting the action of a form to send data to itself is to use the $PHP_SELF variable accessed through the superglobal $_SERVER $PHP_SELF will always contain the current script’s name as the value <form method=”get” action=” <?php echo $_SERVER[‘PHP_SELF’]; ?> ”> Notice that the reference to the variable must be placed between the <?php ?> tagset Open Source Server Side Scripting

  10. validating form data • isset( ) • returns TRUE if variable holds a value • drawback: returns TRUE if it holds an empty string if( isset( $first_name ) ) { echo “Hello, $first_name.”;}else{ echo “You forgot to enter your first name.”;} Open Source Server Side Scripting

  11. validating form data • empty( ) • returns TRUE if argument is • “ ” (an empty string) • 0 (zero as an integer) • “0” (zero as a string) • NULL • FALSE • array( ) (an empty array) • returns FALSE if it holds a non-empty, non-zero value if( empty( $first_name ) ) { echo “Please enter your first name”; } Open Source Server Side Scripting

  12. validating form data cont … • strlen( ) • returns the length of a string • can be used to test for empty strings if( strlen( $first_name ) > 0 ){ echo “Hello, $first_name.”;}else{ echo “You forgot to enter your first name.”;} Open Source Server Side Scripting

  13. validating form data cont … • trim( ) • removes white space from both ends of a variable • can be used to eliminate empty strings, and remove extraneous white space at beginning and end of variables $first_name = trim( $_GET[‘first_name’] ); Open Source Server Side Scripting

  14. validating form data cont … <form method=”post” action="<?php echo $_SERVER['PHP_SELF'];?>"> Male:<input type=”radio” name=”gender” value=”male” /> Female:<input type=”radio” name=”gender” value=”female” /> <input type = “submit” name=“submit” /> </form><?php if( isset( $_POST[‘gender’] ) ){ if( $_POST[‘gender’] == “male” || $_POST[‘gender’] == “female” ){ echo “You claim to be a $_POST[‘gender’]; } else { echo “Please enter a correct value.”; } } else { echo “Please enter a correct value.”; } ?> radio buttons Open Source Server Side Scripting

  15. validating form data cont … • Purpose of validation • make sure the script has all the information it needs to do what it was designed to do • ensure the data is of the right type • added level of security by reducing user error and user maliciousness Open Source Server Side Scripting

  16. sending values manually Two other ways to pass variables and values • HTML form hidden input type <input type=”hidden” name=”author” value=”Michael” /> <input type=”hidden” name=”subject” value=”PHP” /> <input type=”hidden” name=”toAddress” value=”mbarath@neo.rr.com” /> Open Source Server Side Scripting

  17. sending values manually cont … • Append name=value pair to anchor tagsto access these variables use $_GET or $_REQUEST superglobal <a href=”test.php?author=Michael”>Click Here for author</a> <a href=”test.php?subject=PHP”>Click Here for Subject</a> $author = $_REQUEST[‘author’]; Open Source Server Side Scripting

  18. error handling • ERRORS: fatal run-time errors, such as calling a function which does not exist – cause immediate termination • WARNINGS: non-fatal run-time errors, such as trying to include( ) a file that does not exist • NOTICES: less serious warnings which may result from a bug in your code, but may actually be intentional ( such as using an uninitialized variable) Open Source Server Side Scripting

  19. error handling cont … Open Source Server Side Scripting

  20. error handling cont … • default error handling is set to E_ALL & ~E_NOTICEor E_ALL // beginning test echo “<p>. . . begin test . . .</p>”;  // include a non-existent variable echo “<p>The variable $no_such_var is not initialized.</p>”;  // end test echo “<p>. . . end test . . . </p>“; . . . begin test . . .Notice: undefined variable: no_such_var in test_error.php The variable is not initialized. . . . end test . . . Open Source Server Side Scripting

  21. error handling cont … // beginning test echo “<p>. . . begin test . . .</p>”;  // include a non-existent file include( ‘no_such_file.inc’ );  // print more test echo “<p>. . . end test . . . </p>“; • example of a WARNING . . . begin test . . .Warning: main(no_such_file.inc): failed to open stream: No such file or directory in testError.php on line 26 . . . end test . . . Open Source Server Side Scripting

  22. error handling cont … // beginning test echo “<p>. . . begin test . . .</p>”;  // call to a non-existent function no_such_function( );  // print more test echo “<p>. . . end test . . . </p>“; • example of fatal error . . . begin test . . .Fatal error: Call to undefined function: no_such_function() in testError.php on line 29 Open Source Server Side Scripting

  23. error handling cont … • in a live, production site • turn off error reporting • create custom error messages • during site development • use highest level of error reporting • display notices, warnings, and errors • to change level of error reporting • reconfigure php.ini • PHP functions Open Source Server Side Scripting

  24. error handling in php.ini • change level of error reporting in php.ini file • turn error display functionality on or off • error_reporting = E_ALL; or other appropriate value error_display = Off Open Source Server Side Scripting

  25. error handling functions • error_reporting( ) one argument: level of error reporting // turn off all error reporting error_reporting( 0 ); // beginning text echo “<p>. . . begin text . . .</p>”;  // call to a non-existent function no_such_function( );  // print more text echo “<p>. . . end text . . . </p>“; . . . begin text . . . Open Source Server Side Scripting

  26. error handling functions • error_reporting( ) // turn on all error reporting error_reporting( E_ALL ); // beginning text echo “<p>. . . begin text . . .</p>”;  // call to an undeclared variable echo $undeclared_var;  // print more text echo “<p>. . . end text . . . </p>“; . . . begin text . . .Notice: Undefined variable: undeclared_var in testError.php on line 77 . . . end text . . . Open Source Server Side Scripting

  27. error handling functions • temporarily shut off error handling with @ operator // beginning text echo “<p>. . . begin text . . .</p>”;  // call to a non-existent function @no_such_function( );  // print more text echo “<p>. . . end text . . . </p>“; . . . begin text . . . Open Source Server Side Scripting

  28. error handling functions • set_error_handler( ) one argument: name of custom function • custom error handler function takes at least 2, up to 5 arguments • error type • error message optional: • file name • line number • current PHP variables Open Source Server Side Scripting

  29. error handling functions • set_error_handler( ) // define custom error handler set_error_handler( ‘customError’ ); // create custom function to handle errors function customError( $type, $msg ) { echo "<h1>Error!</h1>"; echo "<p>Error code: $type <br />"; echo "Error msg: $msg </p>"; echo "<p>Please contact your system administrator.</p>"; } Error!Error code: 2 Error msg: main(no_such_file.inc): failed to open stream: No such file or directory Please contact your system administrator. Open Source Server Side Scripting

  30. error handling functions • set_error_handler( ) setting all 5 arguments // define custom error handler set_error_handler( ‘customError’ ); // create custom function to handle errors function customError( $type, $msg, $file, $line, $vars ) { // statements . . . } Open Source Server Side Scripting

  31. error handling functions • set_error_handler( ) further customization function customError( $type, $msg) { switch( $type ){ case E_NOTICE: // do nothing break; case E_WARNING: echo “<p>A non-fatal error occurred: $msg </p>”; break; case E_ERROR: die( “<p>A fatal error occurred: $msg </p>” ); break; } Open Source Server Side Scripting

  32. error handling functions • set_error_handler( ) • the default error handlers for E_ERROR and E_PARSE cannot be overwritten by a user-defined function. Open Source Server Side Scripting