PHP Bible Chapter 7: Passing Info Between Pages _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 1 Wiley and the book authors, 2002 Summary Why PHP is like a rolling stone GET arguments A better use for GET-style URLs POST arguments Formatting form variables PHP super-arrays Extended example: an exercise calculator _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 2 Wiley and the book authors, 2002 HTTP is "Stateless" The most important thing to recall about the way the Web works is that the HTTP protocol itself is stateless. Consequently, each HTTP request is independent of all of the others, knows nothing substantive about the identity of the client, and has no memory. Each request spawns a discrete process, which goes about its humble but worthy task of serving one single solitary file and then is automatically killed off. Someone can enter information into a form on one page, but unless you employ some extra means to pass the information to another page or program, the variable will simply vanish into the ether as soon as they move to another page In chapter 27 we'll discuss ways of saving variables across multiple page views using sessions and cookies. ASP developers might comment at this point that ASP session variables are "magic", but Microsoft just uses cookies to store session variables, opening the door to all kinds of potential problems. _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 3 Wiley and the book authors, 2002 GET Arguments The GET method passes arguments from one page to the next as part of the URI (Uniform Resource Indicator). When used for form handling, GET appends the indicated variable name(s) and value(s) to the URL designated in the ACTION attribute of the FORM tag with a question-mark separator and submits the hole thing to the processing agent (the web server) In the browser URI, following the URL is: A question mark denoting the beginning of the GET string A variable name followed by an equals sign followed by the matching value An ampersand (&) and the next NAME-VALUE pair… http://www.gettelco.com/hi.php?first_name=Andrew&last_name=Aken _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 4 Wiley and the book authors, 2002 GET Arguments - example The following example shows how to use PHP to retrieve data sent via the GET method: <HTML> <HEAD> <TITLE>Hi there</TITLE> </HEAD> <BODY> <H1> <?PHP if (isset($_GET['first_name']) && isset($_GET['last_name'])) print ('Hello '.$_GET['first_name'].' '.$_GET['last_name']); else print ('I don\'t know who you are'); ?> </H1> </BODY> </HTML> _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 5 Wiley and the book authors, 2002 GET Arguments (cont.) The GET method of form handling offers one big advantage over the POST method: It constructs an actual new and differentiable URL query string which can be bookmarked, etc. The disadvantages of GET for most types of form handling are so substantial that the original HTML 4.0 specification deprecated its use. Its faults include: GET is not suitable for logins since the username and password are fully visible onscreen as well as potentially stored in the client browser's memory as a visited page Every GET submission is recorded in the Web server log, including the data set Because the GET method assigns data to a server environment variable, the length of the URL is limited. GET is still useful for implementing search queries, but not much else _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 6 Wiley and the book authors, 2002 A better use for GET-style URLs Although GET was deprecated for handling forms, it's quite useful for site navigation on large sites utilizing templates for the individual pages Instead of having pages named suspension_design.html, powertrain_design.html, engine_design.html, etc. which all have a similar look & design, you could have a single PHP script which brings in the content for the individual pages based upon the values of the GET variables Use a single PHP script which sets up the navigation, logos, styles, etc. and the included pages include the content & pictures, etc. Which included page is loaded is dependent on the arguments passed in via the GET method http://siu.globaleyes.com/designs.php?doc=suspension You could also access your content from data contained in databases instead of included text files _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 7 Wiley and the book authors, 2002 POST Arguments POST is the preferred method of form submission When utilizing the POST method, no visible changes to the URL are made POST has advantages over GET because: It is more secure since user-entered information is never visible in the URL, browser history, or server logs There is a much larger limit on the amount of data that can be passed POST is less advantageous than GET when: The user wants to be able to bookmark the resultant page The user is behind certain types of firewalls which strip the form data as a security measure (very rare) _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 8 Wiley and the book authors, 2002 Formatting form variables PHP automatically, but invisibly, assigns the variables for you on the page receiving the form output when you submit a data set using the GET or POST method (unlike other languages which require you to perform this assignment yourself on each page) Because of this automatic variable assignment, you need to use a good NAME attribute for each INPUT, SELECT, or TEXTAREA tag in your HTML form. NAME attributes are not strictly necessary in HTML – your form will render fine without them – but the data will be of little use because the HTML form field NAME attribute will be the variable name or index in the form handler _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 9 Wiley and the book authors, 2002 Formatting form variables (cont.) In the form fields: <FORM ACTION="email.php" METHOD="post"> <INPUT TYPE="text" NAME="email"> <INPUT TYPE="submit" NAME="submit" VALUE="Send"> </FORM> The text field named email will cause the creation of an index in the $_POST array called 'email' ($_POST['email']) with the value of what the user had typed into that field. The submit button will likewise cause the creation of an index in the $_POST array called 'submit'. Because this is being sent to a PHP script, the names you use in the HTML form are case-sensitive and should not begin with numbers (use the standard PHP conventions for creating your variable names) If you want data to be pre-filled on the HTML form, use the VALUE attribute (or CHECKED attribute for checkboxes and radio buttons) which is useful if you're using the form to edit information in a database or allowing the user to correct problems with a previously submitted form _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 10 Wiley and the book authors, 2002 Consolidating forms and form handlers It is often handy to consolidate the HTML form and the form handler (the PHP script that the form gets submitted to) into a single script This makes it easier to display error messages and prefilled form fields and achieving better control over your variable namespace (you won't have to remember what the variable was called in your HTML form in your form processing script) This could be useful, for example, if you are creating a login form that redisplays with an error message if the login is unsuccessful You won't even have to remember the name of the script to submit your form to if you use a <FORM> tag construct similar to this: <FORM ACTION="<?php print($_SERVER['PHP_SELF']); ?>" METHOD="POST"> _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 11 Wiley and the book authors, 2002 Consolidating forms and form handlers (cont.) When consolidating forms with the form processing scripts, generally the form-handling code should come before the form display This will give you the opportunity to set variables and make choices before you can decide what to show the user If you want to check and see whether you're displaying a form for the first time or whether it's already been submitted at least once Use the submit button by checking to see if $_POST['submit'] has been set Set a hidden variable in the form and check to see whether or not it has a value (the first time the form is viewed, it will not have been set) You could also use the hidden variable as a counter to see how many times the user has submitted this form _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 12 Wiley and the book authors, 2002 Using array variables with forms In most forms, each input field will create a single index into the $_POST or $_GET array PHP also allows you to post an array-type variable In the form HTML, you can create an array variable by putting an opening and closing square bracket after it (which may also include an index into that array) <INPUT TYPE="text" NAME="item[1]"> <INPUT TYPE="text" NAME="item[2]"> It's also important to note that if you use the MULTIPLE attribute in a SELECT HTML tag, the receiving form processing script will receive an array of all of the items that were selected from the list (even if only 1 or no items were selected) _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 13 Wiley and the book authors, 2002 PHP Superglobal arrays PHP starting with version 4 implemented what are called superglobal arrays These arrays are global to every function in your PHP script (unlike other variables which must be passed into the function as arguments or declared global inside the function body) They contain information about the operating environment of your PHP script $_GET: Contains variables submitted via the GET method $_POST: Contains variables submitted via the POST method $_COOKIE: Contains variables stored in cookies $_SESSION: Contains variables stored in sessions $_SERVER: Contains miscellaneous information about the server environment including headers, paths, and script locations $_ENV: Contains OS environment information _______________________________________________________________________________________________________________ PHP Bible, 2nd Edition 14 Wiley and the book authors, 2002