Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
45 views13 pages

Working With Forms: Christian Wenz @chwenz

This document discusses HTML forms and processing form data in PHP. It explains that form data is placed in the $_GET array for GET requests and $_POST array for POST requests. Key aspects covered include validating forms, prefilling forms, and escaping output to prevent XSS attacks.

Uploaded by

Neven Vuckovic
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views13 pages

Working With Forms: Christian Wenz @chwenz

This document discusses HTML forms and processing form data in PHP. It explains that form data is placed in the $_GET array for GET requests and $_POST array for POST requests. Key aspects covered include validating forms, prefilling forms, and escaping output to prevent XSS attacks.

Uploaded by

Neven Vuckovic
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Working With Forms

Christian Wenz
@chwenz
Agenda

 Form Basics

 Processing Form Data

 Validating and Prefilling the Form


HTML Forms

• Data appended to the URL


Method GET • Size limit (~500 to 2000 characters)
• PHP array $_GET

• Data appended to the HTTP request


Method POST • No size limits, file uploads possible
• PHP array $_POST
A Look at HTTP
Form Elements

Text fields Radio buttons / Selection lists


checkboxes
Processing Form Fields

Data is put in $_GET/$_POST


arrays

Element’s name is array key

Array value is form input

Valid for text fields and


buttons
Processing Radio Buttons and Checkboxes

When a checkbox is activated,


$_GET/$_POST contains its
value

When a radio button is


activated, $_GET/$_POST
contains its value

For radio button, the group


name is the array key
Processing Lists

For regular lists,


$_GET/$_POST contains the
selected element’s value (or
caption, if no value set)

For multi-select lists,


$_GET/$_POST contains an
array of values

Multi-select list name must


end with []
Escaping Form Output

User input is not trustworthy

May contain HTML

Use htmlspecialchars() to
escape special characters

This will take care of:


< > " &

Option ENT_QUOTES escapes


' character
Validating Form Data

Check for non-empty value for


text fields, radio buttons, and
checkboxes

Special treatment for lists

Consider using JavaScript as an


additional feature (not
replacement!)
Form Validation With Regular Expressions

$regex = '/^\w+@(\w+\.)+\w+$/'; //regular expr.

if (!preg_match($regex, $_POST['key'])) {

// input does not match regular expression

echo 'Format error!';

}
Prefilling Form Fields

Set value or content Pre-activate item if Pre-select list item(s)


appropriately applicable
Summary

 PHP puts form input in $_GET and $_POST arrays, depending on the
HTTP method used

 Validating forms is rather easy, prefilling them upon error requires a


bit more effort

 Take care to avoid Cross-Site Scripting (XSS) when processing form


data

You might also like