PHP – Passing info to the server

PHP – SENDING QUERY STRINGS TO THE SERVER

Set up an HTML file on you development server and type this:

<!DOCTYPE html>
<html>
 <head>
 <title>passing queries in urls</title>
 </head>
 <body>
<a href="http://localhost/name.php?firstname=Dan&amp;lastname=Johnson">Who are you?</a>
 </body></html>

It shows a link which points to name.php which will also be on the server. There is a query string after the name of the file which describes two variables.

Create another file called name.php, thus:

<?php
$firstName = $_GET['firstname'];
$lastName = $_GET['lastname'];
echo 'Welcome to your website, ' . 
 htmlspecialchars($firstName, ENT_QUOTES, 'UTF-8') . ' ' .
 htmlspecialchars($lastName, ENT_QUOTES, 'UTF-8') . '!';
?>

The link on the web page sends name: value pairs that get sent to the name.php file. this gets read by PHP. PHP then gets the two values and uses the Constant $_GET to assign variable values. These PHP variables are then echoes onto the page that gets sent back from the server as a result of the file request.

htmlspecialchars is a PHP function that converts special HTML characters like , and . into HTML character entities like &lt; and &gt;. This is to stop hackers changing the query string to include malicious code. Any code basically gets changed to entities so that it is seen as text instead of actual code.

Excerpt from PHP.net  website:

  • ‘&’ (ampersand) becomes ‘&amp;’
  • ‘”‘ (double quote) becomes ‘&quot;’ when ENT_NOQUOTES is not set.
  • “‘” (single quote) becomes ‘&#039;’ (or &apos;) only when ENT_QUOTES is set.
  • ‘<‘ (less than) becomes ‘&lt;’
  • ‘>’ (greater than) becomes ‘&gt;’

ENT_QUOTES is a PHP constant that is an argument in the htmlspecialchars function. It basically converts single and double quotes so that the function doesn’t get confused.

UTF-8 is a string as an argument that tells the above function to save the text as utf-8 instead of the default ISO-8859-1, (Though check which version of PHP you have).


 

PHP – GET AND POST

Sending data in a query string in a url to a server uses the $_GET function. This is used with non secure data and is normally used if you want to retrieve information from a server based upon the data sent. sometimes the data to be sent to the server is either too long for the query string, or it requires a security level. Use post.

Posting data to a server involves hiding the data when it is sent. Use the $_POST function in order to retrieve this data within PHP and do something with it. This is used for secure data. Post will not save the query string as it is not embedded within the url, therefore, if this page is saved as a book mark it will not remember the data. (get does, hence google using it when you save searches.)

Use $_REQUEST if you’re not sure if to use get or post. It can handle both.


 

PHP – SENDING INFORMATION IN FORMS

We can get the user to type data into a form and then send that data to the server.

<form action="http://localhost/name.php" method="post">
 <div><label for="firstname">First Name:
 <input type="text" name="firstname" id="firstname"></label></div>
 <div><label for="lastname">Last Name:
 <input type="text" name="lastname" id="lastname"></label></div>
 <div><input type="submit" value="Go!"></div>
</form>

So, in the name.php file we can either use $_POST or $_REQUEST:

<?php
$firstname = $_REQUEST['firstname'];
$lastname = $_REQUEST['lastname'];
echo 'Welcome to your website, ' . 
 htmlspecialchars($firstname, ENT_QUOTES, 'UTF-8') . ' ' .
 htmlspecialchars($lastname, ENT_QUOTES, 'UTF-8') . '!';
?>

 

We can create an IF ELSE condition in php that sends different information to the user based on what variables they send:

<?php
$firstname = $_REQUEST['firstname'];
$lastname = $_REQUEST['lastname'];
 if ($firstname == 'Dan' and $lastname == 'Johnson')
 { echo 'Welcome to your website Dan!';}
 else
 { echo 'Welcome to Dan\'s website ' . 
 htmlspecialchars($firstname, ENT_QUOTES, 'UTF-8') . ' ' .
 htmlspecialchars($lastname, ENT_QUOTES, 'UTF-8') . '!'; }

This says that if the first name is Dan and the last name is Johnson then echo this, but if it is not then echo the two variables (first and last name) that were sent.

 


 

PHP –  TEMPLATES AND INCLUDES

It’s a good idea to separate php code from regular ole html as much as possible. In php you can create a script that will call a separate html file and include the contents of that file at the point of the statement. This makes it easier to work with the different languages.

Here we create a php file with a conditional statement, then include a html file, where we will output the result:

<?php
$output = '';
for ($count = 1; $count <= 10; ++$count)
{
     $output .="$count ";
}

include 'count.html.php';
  • Instead of echoing the numbers, we will add them to a variable ($output). So to start we declare the variable and assign it an empty string.
  • The for loop sets a counter of 1, checks if this is less than or equal to 10, then assigns that result to the end of the variable. The .= operator is a short hand way to add a value to the end of an existing string variable. the long version is thus:
$output = $output . "$count ";
  • The include statement instructs php to execute the contents of the html file at this location.
  • Note that you don’t have to put the php closing tag at the end of a php file. The end of the file itself instructs php that it is the end.

this is what the html file looks like:

<!DOCTYPE html>
<html lang="en">
   <head>
      <meta charset="utf-8">
      <title>Lets count to ten</title>
   </head>
   <body>
       <p>
         <?php echo $output; ?>
       </p>
   </body></html>
   
  

This is the PHP TEMPLATE : a html page with only one snippet of code that inserts dynamically generated values into an otherwise static html page. So you can see that both files are easier to read.

Hey, you can have as many php include statements as you like. With this in mind you can now call the php file a controller.

PHP – THE CONTROLLER

A controller is a php script that responds to a browser request by selecting one of several templates to fill in and send back. A controller contains the logic that controls which template is sent to the browser.

Lets create the files for the single form using this template technique. Within a folder called ‘welcome’ we will have three files: index (this is the controller), form template and results template.

Below is the index file. It asks if there is a value received by php from the posting of a form variable called ‘firstname’. If there is no value, the form is included on the page (ie at the beginning there is a form to fill in. In which case the user would fill in the form and press submit. The values would then be posted to the same url and this code is parsed again. Now that there is a value for ‘lastname’, grab the values for ‘firstname’ and ‘lastname’ that match my name, the

<?php
if (!isset($_REQUEST['firstname']))
{
   include 'form.html.php';
}
else 
{
   $firstName = $_REQUEST['firstname'];
   $lastName = $_REQUEST['lastname'];
   if ($firstName == 'dan' and $lastName == 'johnson')
{
   $output = 'Welcome, to your website dude!';
}

This is the contents of the form template:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Form example</title>
</head>
<body>
<form action="" method="post">
<div>
<label for="firstname">First Name:
<input type="text" name="firstname" id="firstname"></label></div>
<div><label for="lastname">Last Name:
<input type="text" name="lastname" id="lastname"></label></div>
<div><input type="submit" value="Go!"></div>
</form>

As you can see, here we leave the action attribute blank. This is so that the browser will submit the two variables to the same url it received it from: the controller that included this template!

<!DOCTYPE html>
<html lang="en">
   <head>
      <meta charset="utf-8">
      <title>Lets count to ten</title>
   </head>
   <body>
       <p>
         <?php echo $output; ?>
       </p>
   </body></html>

All we need to do now is to hook up with MySQL.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.