Chaos' PHP Tutorial - Part 5: Data Handling.

chX · 29-06-2007

Chaos' PHP Tutorial - Part 5: Data Handling.

Hello all. It has been quite a long time since I've posted a tutorial, which is mainly due to
school, exams and the like. I have finally decided to get off my butt (well, I'm still sitting down) and write a new tutorial. You may remember last time we looked at a variety of functions to use in PHP; today we will be looking at data handling in its various forms.

Data Handling.
Websites have many features, and in the current times it would not be unusual to find various types of forms lying around a site. If you don't understand the concept of forms, I recommend reading a basic HTML tutorial to get the hang of it.

This forum, for instance, uses forms. When you login, you type your username and password in a form; when you post something, you type the message in a form. HTML can create forms and allow the user to input the data, but that's as far as they go.

Submitting a form has a few different stages. Firstly, the user enters their information into the form. The user then will perhaps check it and if it is all in order, they will click the submit button. Once that happens, the form is processed. HTML does not process any of the forms,
which is why we rely on PHP or a similar server-side script to do it for us.

There are two main methods of dealing with forms in PHP:

Code:

$_GET[];
and
$_POST[];

I'll explain these both in better detail.

$_GET

$_GET is the first method of dealing with data. If you look up to your URL bar, you may see the address as something similar to the following (depending on where on the forums you are):

http://gotgames.com.au/forums/forumdisplay.php?f=2039

You have the basic URL, followed by the forums folder, and the file forumdisplay.php. After that, there is a question mark, an equals sign and most likely some numbers.

This is using the $_GET method. $_GET allows the information to be displayed in the URL bar, and is useful on search engines. For example:

On google if you were to search something, it uses $_GET and allows whatever you searched for to be shown in the URL bar. You could then change this and it would change what you searched for.

You can also bookmark search pages which use $_GET, as when you navigate to that page later it will know what you're searching for. $_GET has a limit of how many characters it can contain.

$_GET can be very useful... but what if you don't want the information to be visible to the user?

$_POST
$_POST is another method of dealing with information from forms. Unlike $_GET, the information is not shown in the URL bar and is not displayed to anyone. $_POST has a few advantages just the same as $_GET; the information is more secure. In the case of the login form for the forums, it uses $_POST as the last thing you want is for your username and password to appear up in the URL bar. $_POST has no character limit. However, you can not bookmark a page which uses $_POST.

A prime example is HotMail. When you login and check your e-mails, if you click back you'll most likely get an alert saying that it's POST data and needs to be refreshed. Bookmarking a page which was found with $_POST will not work, as the script would have no idea what you
are looking for when you reloaded the site.

$_GET[];
* Displays the information in the URL bar.
* Can be bookmarked for easy return/access.
* Not very secure; people around you could see information.

$_POST[];
* Does not display information in the URL bar.
* Good for security purposes.
* Can not be bookmarked.

An example.

Let's pretend we have already created a nice HTML form. When you create the form, you give each field in the form a specific name.

Code:

<html>
<head>
<title>Form!</title>
</head>
<body>
<form method="post" action="login.php">
Username: <br /> <input type="text" name="username">
Password: <br /> <input type="password" name="password">
<br /><br />
<input type="submit" value="Login!">
</form>
</body>
</html>

We have 2 fields; username and password. They are named that respectively. We also have a submit button but that doesn't really matter.

We have also set (in HTML) the form method to post, and the action to login.php. This means that when the user clicks submit, the information from the two fields will be sent to login.php using the $_POST method.

Here's an example script for login.php:

Code:

<?PHP

$username = $_POST["username"];
$password = $_POST["password"];

echo "$username and $password";

?>

This would result in the page printing out whatever you put in the fields in the HTML form. As you can see, we created two variables ($username and $password) and assigned them with $_POST["username"] and $_POST["password"].
The information was sent from the form into login.php, set into variables and then printed onto the screen.

Using $_GET would yield the same results, however you would replace $_POST[]; with $_GET[]; and in the HTML form you would set the method to get rather than post.

Wow, I hope you guys got all of that. As always, if you have ANY questions about this tutorial, any of the other ones or PHP in general... feel free to post in the thread or PM me.

Have an awesome night.

- Chaos

xlandrew · 29-06-2007

add the html form in, i can imagine you losing people (form.php or something)

<form action="login.php" method="post">
Username: <input type="text" name="username">
Password: <input type="text" name="password">
<input type="submit" value="ok!!!">
</form>

billy baxter · 29-06-2007

dont forget $_REQUEST

chX · 29-06-2007

Quote:

Originally Posted by xlandrew

add the html form in, i can imagine you losing people (form.php or something)

<form action="login.php" method="post">
Username: <input type="text" name="username">
Password: <input type="text" name="password">
<input type="submit" value="ok!!!">
</form>

Maybe... I did mention to read a HTML form tutorial if they didn't understand, but it might be good to add it in.

Quote:

Originally Posted by billy baxter

dont forget $_REQUEST

I purposely left it out. I was debating whether or not to include it, but figured I'd just go with the main two first of all. I might add it in later.

Thanks for the feedback guys.

Khaless · 01-07-2007

Hey, you should probably cover magic quotes, its two modes of operation and how its annoying and how you should be aware of it.

Its being removed in PHP6.

29-06-2007	#1 (permalink)
chX GotGames Moderator Join Date: Jan 2007 Location: Adelaide Age: 17 Posts: 3,760 Rep Power: 5	Chaos' PHP Tutorial - Part 5: Data Handling. Chaos' PHP Tutorial - Part 5: Data Handling. Hello all. It has been quite a long time since I've posted a tutorial, which is mainly due to school, exams and the like. I have finally decided to get off my butt (well, I'm still sitting down) and write a new tutorial. You may remember last time we looked at a variety of functions to use in PHP; today we will be looking at data handling in its various forms. Data Handling. Websites have many features, and in the current times it would not be unusual to find various types of forms lying around a site. If you don't understand the concept of forms, I recommend reading a basic HTML tutorial to get the hang of it. This forum, for instance, uses forms. When you login, you type your username and password in a form; when you post something, you type the message in a form. HTML can create forms and allow the user to input the data, but that's as far as they go. Submitting a form has a few different stages. Firstly, the user enters their information into the form. The user then will perhaps check it and if it is all in order, they will click the submit button. Once that happens, the form is processed. HTML does not process any of the forms, which is why we rely on PHP or a similar server-side script to do it for us. There are two main methods of dealing with forms in PHP: Code: $_GET[]; and $_POST[]; I'll explain these both in better detail. $_GET $_GET is the first method of dealing with data. If you look up to your URL bar, you may see the address as something similar to the following (depending on where on the forums you are): http://gotgames.com.au/forums/forumdisplay.php?f=2039 You have the basic URL, followed by the forums folder, and the file forumdisplay.php. After that, there is a question mark, an equals sign and most likely some numbers. This is using the $_GET method. $_GET allows the information to be displayed in the URL bar, and is useful on search engines. For example: On google if you were to search something, it uses $_GET and allows whatever you searched for to be shown in the URL bar. You could then change this and it would change what you searched for. You can also bookmark search pages which use $_GET, as when you navigate to that page later it will know what you're searching for. $_GET has a limit of how many characters it can contain. $_GET can be very useful... but what if you don't want the information to be visible to the user? $_POST $_POST is another method of dealing with information from forms. Unlike $_GET, the information is not shown in the URL bar and is not displayed to anyone. $_POST has a few advantages just the same as $_GET; the information is more secure. In the case of the login form for the forums, it uses $_POST as the last thing you want is for your username and password to appear up in the URL bar. $_POST has no character limit. However, you can not bookmark a page which uses $_POST. A prime example is HotMail. When you login and check your e-mails, if you click back you'll most likely get an alert saying that it's POST data and needs to be refreshed. Bookmarking a page which was found with $_POST will not work, as the script would have no idea what you are looking for when you reloaded the site. $_GET[]; * Displays the information in the URL bar. * Can be bookmarked for easy return/access. * Not very secure; people around you could see information. $_POST[]; * Does not display information in the URL bar. * Good for security purposes. * Can not be bookmarked. An example. Let's pretend we have already created a nice HTML form. When you create the form, you give each field in the form a specific name. Code: <html> <head> <title>Form!</title> </head> <body> <form method="post" action="login.php"> Username: <br /> <input type="text" name="username"> Password: <br /> <input type="password" name="password"> <br /><br /> <input type="submit" value="Login!"> </form> </body> </html> We have 2 fields; username and password. They are named that respectively. We also have a submit button but that doesn't really matter. We have also set (in HTML) the form method to post, and the action to login.php. This means that when the user clicks submit, the information from the two fields will be sent to login.php using the $_POST method. Here's an example script for login.php: Code: <?PHP $username = $_POST["username"]; $password = $_POST["password"]; echo "$username and $password"; ?> This would result in the page printing out whatever you put in the fields in the HTML form. As you can see, we created two variables ($username and $password) and assigned them with $_POST["username"] and $_POST["password"]. The information was sent from the form into login.php, set into variables and then printed onto the screen. Using $_GET would yield the same results, however you would replace $_POST[]; with $_GET[]; and in the HTML form you would set the method to get rather than post. Wow, I hope you guys got all of that. As always, if you have ANY questions about this tutorial, any of the other ones or PHP in general... feel free to post in the thread or PM me. Have an awesome night. - Chaos Last edited by chX; 29-06-2007 at 07:54 PM..

01-07-2007	#5 (permalink)
Khaless Contributing Member Join Date: Jun 2006 Posts: 607 Rep Power: 3	Hey, you should probably cover magic quotes, its two modes of operation and how its annoying and how you should be aware of it. Its being removed in PHP6. __________________ 92% of teens have moved on to rap. If you are part of the 8% who still listen to real music, copy and paste this into your signature.

29-06-2007	#2 (permalink)
xlandrew Green Member Join Date: Sep 2006 Posts: 42 Rep Power: 0	add the html form in, i can imagine you losing people (form.php or something) <form action="login.php" method="post"> Username: <input type="text" name="username"> Password: <input type="text" name="password"> <input type="submit" value="ok!!!"> </form>

29-06-2007	#3 (permalink)
billy baxter Honorary Member Join Date: Jun 2006 Age: 32 Posts: 1,039 Rep Power: 4	dont forget $_REQUEST