Home Tutorial PHP Lesson 11 - Using user input

MSN Random Online

Lesson 11 - Using user input PDF Print E-mail
Written by Administrator   
Thursday, 15 February 2007 18:00

Lesson 11 - Using user input

Sorry this one was a little late, I realized this was one of the things I was obligated to do, and I'll try to keep them coming in on time.  There are a lot of things I didn't touch base on in this lesson.  If any one of the developers want to add their comments, by all means go ahead.  This particular topic is very hard to write about because there are so many "what ifs" involved.

So let's go back to last lesson's code example:





<form action="http://www.website.com/script.php" method="post">
Form 1: <input type="text" name="form1"><BR>
Form 2: <input type="text" name="form2"><BR>

<input type="submit" value="submit">


Let's now pretend I submitted that form with information via the "post" method filling in "form1" with "hi" and "form2" with "bye".  To see this visually, I'll show you how it would look via the "get" method:


Remember that the only differences between the "post" and "get" methods are:
-"post" doesn't cache information, while "get" does
-the "get" method is limited in the amount of information you can send while the "post" method is not

So how do you access the information you submitted via HTML in the script (script.php)?  Well amazingly, there are several ways to get the information.  It's up to you to decide which method best suites you, and then go with that.  When you submit a form to a script, a certain set of variables are automatically created for you.

The first way to access the information is via the "superglobals" PHP provides.  "Superglobals" are variables that can be accessed anywhere in the script regardless of scope (we'll learn about this later when we get to functions).  The "superglobals" are 9 special associated arrays which hold ALL the information you input into a script.  Here they are:

$_SERVER - these are variables set by the server

$_GET - this is information you send via the "get" method into your script

$_POST - this is information you send via the "post" method into your script

$_COOKIE - this arrays holds all cookie information your computer sends to the script

$_FILES - when you upload files in PHP, they are held inside this array

$_ENV - the environmental variables

$_REQUEST - a combination of all user-input to your script

$_SESSION - much like cookies, these are session variables which hold information for you

I will be concentrating almost all the examples on the "post" and "get" methods because they are the easiest to follow.  There are equivalent older versions of the above which are not "superglobals" and only exist in the global scope (again we'll get into this when we discuss functions).  Here are the "superglobals" and their old deprecated counterparts (remember again that these are associated arrays):

$_REQUEST - new, didn't exist before

By now you should be totally confused, and I completely understand if you are, because I haven't explained a thing about how to use these arrays.  Let's take out "get" method example:


Here is how I would access the "form1" and "form2" information is submitted inside the script:

echo $_GET['form1'] . "\n"; //prints "hi"
echo $_GET['form2'] . "\n"; //prints "bye"

We submitted our information via the "get" method, therefore the information will populate the $_GET array.  Now if we submitted our information via the "post" method, then we could access they by replacing $_GET with $_POST.  The information we submitted can also be found inside the $_REQUEST array, but it's recommended you don't use this array unless you don't know how your information is coming in (security reasons, nothing to concern yourselves with).

Let's try another basic example:

http://www.website.com/script.php?name1=Jeff&name2=Joseph (remember, this means you either typed this directly inside your address bar in your browser, or that you submitted forms with names "name1" and "name2" via HTML with the "get" method).

echo $_GET['name1'] . ' and ' . $_GET['name2'] . ' are too cool';
//will print "Jeff and Joseph are too cool"

Again, if I submitted my information from a form via the "post" method, I'd simply replace $_GET with $_POST.  Like I said, there are several ways to access information you send into your script.  The "superglobals" are what you should be using all the time.  The deprecated $HTTP_* variables you shouldn't be using anymore.  There are also the global variables which I will explain now:

First to be able to use global variables, you have to have "register_globals" enabled in your php.ini file (if you don't but want it, ask your system admin to enable it).  What these variables allow you to do is use short form versions of your input.  So for example, if I submit a form via the "post" or "get" method called "form1", then I can use the $form1 variable to get its value.  So for another example, if I submit a form named "something" via "post" or "get", and I want to retrieve its value in my script, I could use the $something variable to get it.

With these variables, there's always the question of "what about when I have several different sources of input, all with the same name?".  For example, what if you set a cookie on the user's machine named "variable" and there is a session named "variable" and there is information coming into the form via the "post" method called "variable".  Well then you would have $_COOKIE['variable'], $_SESSION['variable'], and $_POST['variable'] all set.  But what about the $_REQUEST superglobal and the regular globals from (register_globals)?

Well in cases where information is coming in from multiple places with the same name, PHP allows you to set precedence on what is most important.  In your php.ini file, there is a variable called "variables_order" under the "data handling" header.  By default this is what it looks like:

; This directive describes the order in which PHP registers GET, POST, Cookie,
; Environment and Built-in variables (G, P, C, E & S respectively, often
; referred to as EGPCS or GPC).  Registration is done from left to right, newer
; values override older values.
variables_order = "EGPCS"

The explanation on that is good enough.  That means that with $_COOKIE['variable'], $_SESSION['variable'], and $_POST['variable'] all set, $variable will have the value of the cookie variable in it.  Ask questions if you have any :).



Top Members

No top members yet.