Web Programming Step by Step, 2nd Edition
Lecture 10: More Forms; Submitting Data
Reading: 6.3 - 6.5
Except where otherwise noted, the contents of this document are Copyright 2012 Marty Stepp, Jessica Miller, and Victoria Kirst. All rights reserved. Any redistribution, reproduction, transmission, or storage of part or all of the contents in any form is prohibited without the author's expressed written permission.
6.4: Processing Form Data in PHP
- 6.1: Form Basics
- 6.2: Form Controls
- 6.3: Submitting Data
- 6.4: Processing Form Data in PHP
Example: Exponents
$base = $_GET["base"]; $exp = $_GET["exponent"]; $result = pow($base, $exp); print "$base ^ $exp = $result";
http://example.com/exponent.php?base=3&exponent=4
3 ^ 4 = 81
Example: Print all parameters
<?php foreach ($_GET as $param => $value) { ?>
<p>Parameter <?= $param ?> has value <?= $value ?></p>
<?php } ?>
http://example.com/print_params.php?name=Marty+Stepp&sid=1234567
Parameter name has value Marty Stepp
Parameter sid has value 1234567
-
or call
print_rorvar_dumpon$_GETfor debugging
6.3: Submitting Data
- 6.1: Form Basics
- 6.2: Form Controls
- 6.3: Submitting Data
- 6.4: Processing Form Data in PHP
Problems with submitting data
<label><input type="radio" name="cc" /> Visa</label> <label><input type="radio" name="cc" /> MasterCard</label> <br /> Favorite Star Trek captain: <select name="startrek"> <option>James T. Kirk</option> <option>Jean-Luc Picard</option> </select> <br />
- this form submits to our handy params.php tester page
- the form may look correct, but when you submit it...
[cc] => on, [startrek] => Jean-Luc Picard
The value attribute
<label><input type="radio" name="cc" value="visa" /> Visa</label> <label><input type="radio" name="cc" value="mastercard" /> MasterCard</label> <br /> Favorite Star Trek captain: <select name="startrek"> <option value="kirk">James T. Kirk</option> <option value="picard">Jean-Luc Picard</option> </select> <br />
valueattribute sets what will be submitted if a control is selected[cc] => visa, [startrek] => picard
URL-encoding
- certain characters are not allowed in URL query parameters:
- examples:
" ","/","=","&"
- examples:
- when passing a parameter, it is URL-encoded
(reference table)
"Marty's cool!?"→"Marty%27s+cool%3F%21"
- you don't usually need to worry about this:
- the browser automatically encodes parameters before sending them
- the PHP
$_GETand$_POSTarrays automatically decode them - ... but occasionally the encoded version does pop up (e.g. in Firebug)
Submitting data to a web server
- though browsers mostly retrieve data, sometimes you want to submit data to a server
- Hotmail: Send a message
- Flickr: Upload a photo
- Google Calendar: Create an appointment
- the data is sent in HTTP requests to the server
- with HTML forms
- with Ajax (seen later)
- the data is placed into the request as parameters
HTTP GET vs. POST requests
-
GET: asks a server for a page or data- if the request has parameters, they are sent in the URL as a query string
-
POST: submits data to a web server and retrieves the server's response- if the request has parameters, they are embedded in the request's HTTP packet, not the URL
-
For submitting data to be saved,
POSTis more appropriate thanGETGETrequests embed their parameters in their URLs- URLs are limited in length (~ 1024 characters)
- URLs cannot contain special characters without encoding
- private data in a URL can be seen or modified by users
Form POST example
<form action="http://foo.com/app.php" method="post"> <div> Name: <input type="text" name="name" /> <br /> Food: <input type="text" name="meal" /> <br /> <label>Meat? <input type="checkbox" name="meat" /></label> <br /> <input type="submit" /> <div> </form>
GET or POST?
if ($_SERVER["REQUEST_METHOD"] == "GET") {
# process a GET request
...
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
# process a POST request
...
}
- some PHP pages process both GET and POST requests
- to find out which kind of request we are currently processing,
look at the global$_SERVERarray's"REQUEST_METHOD"element
6.4: Processing Form Data in PHP
- 6.1: Form Basics
- 6.2: Form Controls
- 6.3: Submitting Data
- 6.4: Processing Form Data in PHP
"Superglobal" arrays
| Array | Description |
|---|---|
$_GET,
$_POST
|
parameters passed to GET and POST requests |
$_FILES
|
files uploaded with the web request |
$_COOKIE,
$_SESSION
|
"cookies" used to identify the user (seen later) |
$_SERVER,
$_ENV
|
information about the web server |
- PHP superglobal arrays contain information about the current request, server, etc.:
- These are special kinds of arrays called associative arrays.
Associative arrays
$blackbook = array(); $blackbook["marty"] = "206-685-2181"; $blackbook["stuart"] = "206-685-9138"; ... print "Marty's number is " . $blackbook["marty"] . ".\n";
- associative array (a.k.a. map, dictionary, hash table) : uses non-integer indexes
- associates a particular index "key" with a value
- key
"marty"maps to value"206-685-2181"
- key
- syntax for embedding an associative array element in interpreted string:
print "Marty's number is {$blackbook['marty']}.\n";
Uploading files
<form action="http://webster.cs.washington.edu/params.php"
method="post" enctype="multipart/form-data">
Upload an image as your avatar:
<input type="file" name="avatar" />
<input type="submit" />
</form>
- add a file upload to your form as an
inputtag withtypeoffile - must also set the
enctypeattribute of the form
- it makes sense that the form's request method must be
post(an entire file can't be put into a URL!) - form's
enctype(data encoding type) must be set tomultipart/form-dataor else the file will not arrive at the server
Processing an uploaded file in PHP
-
uploaded files are placed into global array
$_FILES, not$_POST - each element of
$_FILESis itself an associative array, containing:name: the local filename that the user uploadedtype: the MIME type of data that was uploaded, such asimage/jpegsize: file's size in bytestmp_name: a filename where PHP has temporarily saved the uploaded file- to permanently store the file, move it from this location into some other file
Uploading details
<input type="file" name="avatar" />
- example: if you upload
borat.jpgas a parameter namedavatar,$_FILES["avatar"]["name"]will be"borat.jpg"$_FILES["avatar"]["type"]will be"image/jpeg"$_FILES["avatar"]["tmp_name"]will be something like"/var/tmp/phpZtR4TI"
Processing uploaded file, example
$username = $_POST["username"];
if (is_uploaded_file($_FILES["avatar"]["tmp_name"])) {
move_uploaded_file($_FILES["avatar"]["tmp_name"], "$username/avatar.jpg");
print "Saved uploaded file as $username/avatar.jpg\n";
} else {
print "Error: required file not uploaded";
}
- functions for dealing with uploaded files:
-
is_uploaded_file(filename)
returnsTRUEif the given filename was uploaded by the user -
move_uploaded_file(from, to)
moves from a temporary file location to a more permanent file
-
- proper idiom: check
is_uploaded_file, then domove_uploaded_file
Including files: include
include("filename");
include("header.html");
include("shared-code.php");
- inserts the entire contents of the given file into the PHP script's output page
- encourages modularity
- useful for defining reused functions needed by multiple pages
Functions
function name(parameterName, ..., parameterName) {
statements;
}
function bmi($weight, $height) {
$result = 703 * $weight / $height / $height;
return $result;
}
- parameter types and return types are not written
- a function with no
returnstatements is implicitly "void" - can be declared in any PHP block, at start/end/middle of code
Calling functions
name(expression, ..., expression);
$w = 163; # pounds $h = 70; # inches $my_bmi = bmi($w, $h);
- if the wrong number of parameters are passed, it's an error
Variable scope: global and local vars
$school = "UW"; # global ... function downgrade() { global $school; $suffix = "(Wisconsin)"; # local $school = "$school $suffix"; print "$school\n"; }
- variables declared in a function are local to that function; others are global
- if a function wants to use a global variable, it must have a
globalstatement- but don't abuse this; mostly you should use parameters
Default parameter values
function name(parameterName = value, ..., parameterName = value) {
statements;
}
function print_separated($str, $separator = ", ") {
if (strlen($str) > 0) {
print $str[0];
for ($i = 1; $i < strlen($str); $i++) {
print $separator . $str[$i];
}
}
}
print_separated("hello"); # h, e, l, l, o
print_separated("hello", "-"); # h-e-l-l-o
- if no value is passed, the default will be used (defaults must come last)
Extra stuff about associative arrays
- 6.1: Form Basics
- 6.2: Form Controls
- 6.3: Submitting Data
- 6.4: Processing Form Data in PHP
- More about associative arrays
Creating an associative array
$name = array(); $name["key"] = value; ... $name["key"] = value;
$name = array(key => value, ..., key => value);
$blackbook = array("marty" => "206-685-2181",
"stuart" => "206-685-9138",
"jenny" => "206-867-5309");
- can be declared either initially empty, or with a set of predeclared key/value pairs
Printing an associative array
print_r($blackbook);
Array
(
[jenny] => 206-867-5309
[stuart] => 206-685-9138
[marty] => 206-685-2181
)
Associative array functions
if (isset($blackbook["marty"])) {
print "Marty's phone number is {$blackbook['marty']}\n";
} else {
print "No phone number found for Marty Stepp.\n";
}
| name(s) | category |
|---|---|
isset, array_key_exists
|
whether the array contains value for given key |
array_keys, array_values
|
an array containing all keys or all values in the assoc.array |
asort, arsort
|
sorts by value, in normal or reverse order |
ksort, krsort
|
sorts by key, in normal or reverse order |
foreach loop and associative arrays
foreach ($blackbook as $key => $value) {
print "$key's phone number is $value\n";
}
jenny's phone number is 206-867-5309 stuart's phone number is 206-685-9138 marty's phone number is 206-685-2181
- both the key and the value are given a variable name
- the elements will be processed in the order they were added to the array