ITM © Port, Kazman1 ITM 352 More on Forms Processing

ITM © Port, Kazman2 Different Input Types Here are the HTML form element input types you can use  Text  Password  Hidden  Radio  Checkbox  Submit  Button  Reset In addition, the compound types: 

ITM © Port, Kazman3 Login Program with Functions $usernames = array ( 'Moe' =>'stooge1', 'Larry' => 'stooge2', 'Curly' => 'stooge3' ); if (array_key_exists('submit_button', $_POST)) { if(process_login($usernames) == TRUE) { print "logged in ". $_POST['username']; } else { print 'Incorrect password for '. $_POST['username']. ' '; display_login($usernames); } } else { display_login($usernames); }

ITM © Port, Kazman4 Display Login Function /* * Displays a login for with a select box of usernames taken from $users */ function display_login($users) { ?> " method = 'post'> <?php foreach ($users as $user => $pass) { printf(' %s ', $user); } ?> <input type = 'submit' name = 'submit_button' value = 'login'> <?php }

ITM © Port, Kazman5 Process Login Function /* * checks the posted form to see if password * entered matches the password for the username *(info in $users) selected in the form. Returns * TRUE if there is a match, FALSE otherwise */ function process_login($users) { if( $users[ $_POST['username'] ] == $_POST['password']) return TRUE; else return FALSE; } Do functions simplify or complicate? Why? What are the additional benefits of using functions?

ITM © Port, Kazman6 Recap: Tips and Hints  Use single ' ' on the inside, " " around the outside or vice versa  Take advantage of PHP by using for/while/foreach to generate multiple form elements and compound types  Quotes must be used around anything with spaces

ITM © Port, Kazman7 Validating Form Data  First check that form data was submitted, usually by using array_key_exists() to check for the submit button name  Creating functions can be helpful for validation, especially when the validation needs to be done in different places or on forms: <?php function validate_price($value) { if( !isset($errors)) $errors = array(); // init array if not defined already if( !is_numeric($value) ) $errors['not_number'] = "not numeric"; if( $value - round($value, 2) != 0 ) $errors['not_dollar'] = "not a dollar amount"; if( $value < 0 ) $errors['not_non-negative'] = "price cannot be negative"; return $errors(); } ?>

ITM © Port, Kazman8 Validating Form Data  Often it is convenient to make an error array global so that it is accessible inside and outside of functions. Note how no return values are needed here. function validate_price($value) { global $errors; if(!isset($errors)) $errors = array(); // init array if not defined already if( !is_numeric($value) ) $errors['not_number'] = "not numeric"; if( $value - round($value, 2) != 0 ) $errors['not_dollar'] = "not a dollar amount"; if( $value < 0 ) $errors['not_non-negative'] = "price cannot be negative"; }  Validation can be a bit subtle at times given that values from forms are always passed as strings. Here's how you would test that a number input as a string is actually numeric: ctype_digit($a)  Why won't is_int($a) work here? Do Exercise 1

ITM © Port, Kazman9 Different Input Types  Text  Password  Hidden  Radio  Checkbox  Submit  Button  Reset In addition, the compound types: 

ITM © Port, Kazman10 Passing Hidden Post values  To pass a value from one page to another use the hidden input type  Only string values can be passed  Must convert everything to a string  The urlencode(), serialize() functions may be useful for converting compound values such as arrays into stings. Use urldecode(), unserialize() to recover the original value from the string passed into the $_POST or $_GET array

ITM © Port, Kazman11 Hidden Input Type " method='POST'> ' > After submitting… $_POST['secret'] = ??? $_POST['stuff'] = ?? $things = unserialize(urldecode($_POST['stuff'] )); Do Exercise 2

ITM © Port, Kazman12 Variables  Information from a web server is made available through EGPCS  Environment, GET, POST, Cookies, Server  PHP will create arrays with EGPCS information  $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, etc.  The ' HTTP ' and ' _VARS ' can be dropped if desired  These arrays are 'global' even inside functions  PHP also will define $_SERVER['PHP_SELF'] that refers to the current script file which is useful for self-processing forms

ITM © Port, Kazman13 Server Info  A ton of information about the server and current browser is made available in the $_SERVER array  SERVER_NAME  REQUEST_METHOD  QUERY_STRING  REMOTE_ADDR  PHP_SELF  ….

ITM © Port, Kazman14 Review: Request Methods  There are two basic methods for getting data from an HTML form into PHP  GET and POST  What's the difference?  GET will encode all data into a query string that is passed with the URL to the action page. This allows data to be bookmarked by the user.  POST will pass data via the server’s environment variables. Data is not seen directly by the user

ITM © Port, Kazman15 HTTP Basics  Web pages are requested by a browser by sending HTTP request messages  Includes a header and a body  Uses a method such as GET or POST  Asks for an address of a file (usually a path)  Sample HTTP request: GET /index.html HTTP/1.1

ITM © Port, Kazman16 Header Modification  Sometimes you will need to intercept and modify the GET HTTP request before it is processed. Use the header() function to do this  Be sure no output is displayed before sending headers or you'll get a message something like this : Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\nusphere\phpED\Projects\oldpage.php:3)

ITM © Port, Kazman17 Example: Header Forwarding  You can forward (redirect) users to a different page using the header() function. header('Location:  This will substitute the current header with 'Location:  Effect is that the page myfile.php will be loaded  Tip: always include the protocol such as or file:// to be sure you specify exactly what you want

ITM © Port, Kazman18 More Header Examples  Passing values into the $_GET array during a redirect header('Location:myfile.php?name=Dan&sc ore=98&grade=A');  To deny access to a page if not authorized (more on this in later classes) header('WWW-Authenticate:Basic realm="My Website"'); header('HTTP/ Unauthorized'); Do Exercise 3

ITM © Port, Kazman19 Implementing Back Buttons  Also notice the different ways of using back buttons  Hyperlink ">BACK  Submit Button '>  Java script history action on button

ITM © Port, Kazman20 Opening New Window  Sometimes you want to have the Action of a form open a new window rather than replace the existing one./action_process.php  What do you think would happen if you used " method="POST" target="_blank">

ITM © Port, Kazman21 Arrays in HTML forms  Naming form elements within the same form with the same names and []'s will make an array (any input type). Elements are only those values that are non-empty. " method='post'> <? var_dump($_POST); ?>

ITM © Port, Kazman22 Associative Array of Input Types  Even better: specifying index values inside the []'s will be keys for the array (useful for directly associating selection with array data ) " method='post'> <? var_dump($_POST); ?>

ITM © Port, Kazman23 Using Indexed Arrays to Generate Form Elements  Using particular integer values inside the []'s will explicitly associate an index with the value in the array (this is the same as an associative array where the keys are integers) ' method='post'> <?php var_dump($_POST); $size = 10; for($i=0; $i<$size; $i++){ echo " checkbox $i "; } ?>  Useful for when you want to know exactly which input items are non- empty (in the above example, which checkboxes were checked)

ITM © Port, Kazman24 Making HTML Forms 'Sticky'  Whenever a is processed, the values of its elements are initially empty  Sometimes you want to keep a form element value around after a submit (e.g. for fixing a user-entry error or for remembering a user ’ s preferences)  To make a form value 'sticky' you must get the information submitted and set it as the value for the form element: ' method='post'> <input type='TEXT' name='textbox' value= '<?php if(isset($_POST['textbox'])) echo $_POST['textbox'] ?>'>

ITM © Port, Kazman25 Example Advanced HTML Form Processing: Checkbox Array $value) if ($selections[$key] == 'on') echo " you selected box $key"; exit; } ?> ' method='post'> checkbox $i "; } ?>

ITM © Port, Kazman26 Putting Errors in Their Place MAX_PASS_LEN ) $errors['password_long'] = 'Enter a shorter password'; } $username = 'user ‘ ; $password = 'pass'; $errors = array(); if (array_key_exists('form_data', $_POST)) { check_pass($_POST['password']); if (count($errors) == 0 && $_POST['username'] == $username && $_POST['password'] == $password) { die('correct!!'); } else { echo 'wrong'; } } ?>

ITM © Port, Kazman27 Putting Errors in Their Place ' method= 'POST'> Username: "> Password: <?php if (isset($errors['password_short'])) echo " {$errors['password_short']} "; if (isset($errors['password_long'])) echo " {$errors['password_long']} "; ?>