PHP Bible – Chapter 7: Passing Information Between Pages

advertisement
PHP Bible
Chapter 7: Passing Info Between Pages
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
1
 Wiley and the book authors, 2002
Summary







Why PHP is like a rolling stone
GET arguments
A better use for GET-style URLs
POST arguments
Formatting form variables
PHP super-arrays
Extended example: an exercise calculator
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
2
 Wiley and the book authors, 2002
HTTP is "Stateless"





The most important thing to recall about the way the Web works is that the
HTTP protocol itself is stateless.
Consequently, each HTTP request is independent of all of the others, knows
nothing substantive about the identity of the client, and has no memory.
Each request spawns a discrete process, which goes about its humble but
worthy task of serving one single solitary file and then is automatically killed
off.
Someone can enter information into a form on one page, but unless you
employ some extra means to pass the information to another page or
program, the variable will simply vanish into the ether as soon as they move
to another page
In chapter 27 we'll discuss ways of saving variables across multiple page
views using sessions and cookies. ASP developers might comment at this
point that ASP session variables are "magic", but Microsoft just uses cookies
to store session variables, opening the door to all kinds of potential problems.
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
3
 Wiley and the book authors, 2002
GET Arguments



The GET method passes arguments from one page to the next as
part of the URI (Uniform Resource Indicator).
When used for form handling, GET appends the indicated
variable name(s) and value(s) to the URL designated in the
ACTION attribute of the FORM tag with a question-mark
separator and submits the hole thing to the processing agent (the
web server)
In the browser URI, following the URL is:



A question mark denoting the beginning of the GET string
A variable name followed by an equals sign followed by the
matching value
An ampersand (&) and the next NAME-VALUE pair…
http://www.gettelco.com/hi.php?first_name=Andrew&last_name=Aken
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
4
 Wiley and the book authors, 2002
GET Arguments - example

The following example shows how to use PHP to retrieve data
sent via the GET method:

<HTML>
<HEAD>
<TITLE>Hi there</TITLE>
</HEAD>
<BODY>
<H1>
<?PHP
if (isset($_GET['first_name']) && isset($_GET['last_name']))
print ('Hello '.$_GET['first_name'].' '.$_GET['last_name']);
else
print ('I don\'t know who you are');
?>
</H1>
</BODY>
</HTML>














_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
5
 Wiley and the book authors, 2002
GET Arguments (cont.)



The GET method of form handling offers one big advantage
over the POST method: It constructs an actual new and
differentiable URL query string which can be bookmarked, etc.
The disadvantages of GET for most types of form handling are
so substantial that the original HTML 4.0 specification
deprecated its use.
Its faults include:



GET is not suitable for logins since the username and password
are fully visible onscreen as well as potentially stored in the client
browser's memory as a visited page
Every GET submission is recorded in the Web server log,
including the data set
Because the GET method assigns data to a server environment
variable, the length of the URL is limited.
GET is still useful for implementing search queries, but not much else

_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
6
 Wiley and the book authors, 2002
A better use for GET-style URLs


Although GET was deprecated for handling forms, it's quite useful for site
navigation on large sites utilizing templates for the individual pages
 Instead of having pages named suspension_design.html,
powertrain_design.html, engine_design.html, etc. which all have a
similar look & design, you could have a single PHP script which brings
in the content for the individual pages based upon the values of the GET
variables
 Use a single PHP script which sets up the navigation, logos, styles, etc.
and the included pages include the content & pictures, etc.
 Which included page is loaded is dependent on the arguments passed in
via the GET method
http://siu.globaleyes.com/designs.php?doc=suspension
You could also access your content from data contained in databases instead
of included text files
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
7
 Wiley and the book authors, 2002
POST Arguments



POST is the preferred method of form submission
When utilizing the POST method, no visible changes to the
URL are made
POST has advantages over GET because:



It is more secure since user-entered information is never visible in
the URL, browser history, or server logs
There is a much larger limit on the amount of data that can be
passed
POST is less advantageous than GET when:


The user wants to be able to bookmark the resultant page
The user is behind certain types of firewalls which strip the form
data as a security measure (very rare)
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
8
 Wiley and the book authors, 2002
Formatting form variables



PHP automatically, but invisibly, assigns the variables for you
on the page receiving the form output when you submit a data
set using the GET or POST method (unlike other languages
which require you to perform this assignment yourself on each
page)
Because of this automatic variable assignment, you need to use
a good NAME attribute for each INPUT, SELECT, or
TEXTAREA tag in your HTML form.
NAME attributes are not strictly necessary in HTML – your
form will render fine without them – but the data will be of little
use because the HTML form field NAME attribute will be the
variable name or index in the form handler
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
9
 Wiley and the book authors, 2002
Formatting form variables (cont.)



In the form fields:
<FORM ACTION="email.php" METHOD="post">
<INPUT TYPE="text" NAME="email">
<INPUT TYPE="submit" NAME="submit" VALUE="Send">
</FORM>
 The text field named email will cause the creation of an index in the
$_POST array called 'email' ($_POST['email']) with the value of what
the user had typed into that field. The submit button will likewise cause
the creation of an index in the $_POST array called 'submit'.
Because this is being sent to a PHP script, the names you use in the HTML
form are case-sensitive and should not begin with numbers (use the standard
PHP conventions for creating your variable names)
If you want data to be pre-filled on the HTML form, use the VALUE
attribute (or CHECKED attribute for checkboxes and radio buttons) which is
useful if you're using the form to edit information in a database or allowing
the user to correct problems with a previously submitted form
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
10
 Wiley and the book authors, 2002
Consolidating forms and form handlers


It is often handy to consolidate the HTML form and the form
handler (the PHP script that the form gets submitted to) into a
single script
This makes it easier to display error messages and prefilled
form fields and achieving better control over your variable
namespace (you won't have to remember what the variable was
called in your HTML form in your form processing script)


This could be useful, for example, if you are creating a login form
that redisplays with an error message if the login is unsuccessful
You won't even have to remember the name of the script to
submit your form to if you use a <FORM> tag construct similar
to this:
<FORM ACTION="<?php print($_SERVER['PHP_SELF']); ?>" METHOD="POST">
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
11
 Wiley and the book authors, 2002
Consolidating forms and form handlers (cont.)

When consolidating forms with the form processing scripts,
generally the form-handling code should come before the form
display


This will give you the opportunity to set variables and make
choices before you can decide what to show the user
If you want to check and see whether you're displaying a form
for the first time or whether it's already been submitted at least
once


Use the submit button by checking to see if $_POST['submit'] has
been set
Set a hidden variable in the form and check to see whether or not
it has a value (the first time the form is viewed, it will not have
been set)

You could also use the hidden variable as a counter to see how many
times the user has submitted this form
_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
12
 Wiley and the book authors, 2002
Using array variables with forms



In most forms, each input field will create a single index into
the $_POST or $_GET array
PHP also allows you to post an array-type variable
In the form HTML, you can create an array variable by putting
an opening and closing square bracket after it (which may also
include an index into that array)
<INPUT TYPE="text" NAME="item[1]">
<INPUT TYPE="text" NAME="item[2]">
It's also important to note that if you use the MULTIPLE
attribute in a SELECT HTML tag, the receiving form
processing script will receive an array of all of the items that
were selected from the list (even if only 1 or no items were
selected)
_______________________________________________________________________________________________________________

PHP Bible, 2nd Edition
13
 Wiley and the book authors, 2002
PHP Superglobal arrays



PHP starting with version 4 implemented what are called
superglobal arrays
These arrays are global to every function in your PHP script
(unlike other variables which must be passed into the function
as arguments or declared global inside the function body)
They contain information about the operating environment of
your PHP script





$_GET: Contains variables submitted via the GET method
$_POST: Contains variables submitted via the POST method
$_COOKIE: Contains variables stored in cookies
$_SESSION: Contains variables stored in sessions
$_SERVER: Contains miscellaneous information about the server
environment including headers, paths, and script locations
$_ENV: Contains OS environment information

_______________________________________________________________________________________________________________
PHP Bible, 2nd Edition
14
 Wiley and the book authors, 2002
Download