"Beginning PHP and MySQL: From Novice to Professional"
These forms are used to encourage site feedback, facilitate forum conversations, collect mailing addresses for online orders, and much more. But coding the HTML form is only part of what??™s required to effectively accept user input; a server-side component must be ready to process the input. Using PHP for this purpose is the subject of this section. 350 CHAPTER 13 ?– FORMS Because you??™ve used forms hundreds if not thousands of times, this chapter won??™t introduce form syntax. If you require a primer or a refresher course on how to create basic forms, consider reviewing any of the many tutorials available on the Web. Two particularly useful sites that offer forms-specific tutorials follow: ??? W3 Schools: http://www.w3schools.com/ ??? TopXML: http://www.topxml.com/ Instead, this chapter reviews how you can use Web forms in conjunction with PHP to gather and process valuable user data. There are two common methods for passing data from one script to another: GET and POST. Although GET is the default, you??™ll typically want to use POST because it??™s capable of handling considerably more data, an important behavior when you??™re using forms to insert and modify large blocks of text. If you use POST, any posted data sent to a PHP script must be referenced using the $_POST syntax, introduced in Chapter 3. For example, suppose the form contains a text-field value named email that looks like this:
Once this form is submitted, you can reference that text-field value like so: $_POST['email'] Of course, for sake of convenience, nothing prevents you from first assigning this value to another variable, like so: $email = $_POST['email']; But following the best practice of never presuming user input will be safe, you should filter it through one of the several functions capable of sanitizing data, such as htmlentities(), like so: $email = htmlentities($_POST['email']); The htmlentities() function converts strings consisting of characters capable of maliciously modifying an HTML page should the user-submitted data be later published to a Web site, such as a Web forum.