It’s All In Your Form

[Part 1] [Part 2]

One of the most common uses of PHP is the dynamic processing of form variables. Just like watching a major league baseball player stepping up to the plate, a great deal of the PHP game is all in your form.It’s All In Your Form

[Part 1] [Part 2]

One of the most common uses of PHP is the dynamic processing of form variables. Just like watching a major league baseball player stepping up to the plate, a great deal of the PHP game is all in your form. HTML forms are used on the World Wide Web for a variety of purposes that range from the sign-up and authentication of their member base, to the most complex online e-commerce applications. Since this rudimentary skill will be used in practically every website you work on, I have dedicated an entire article to the use and power of form processing.

The Wind Up… The Pitch

To begin, let’s create a simple HTML page with a form on it. The following HTML page contains a basic form and some of the basic input field types that you will use.

<HTML><HEAD><TITLE>PHP Form Basics</TITLE></HEAD>
<BODY>
<FORM ACTION=”formprocess.php” METHOD=POST>
<center>
Page Title: <INPUT TYPE=TEXT NAME=”page_title” SIZE=40><br>
User Name: <INPUT TYPE=TEXT NAME=”username” SIZE=20><br>
Password: <INPUT TYPE=PASSWORD NAME=”password” SIZE=20><br>
<INPUT TYPE=SUBMIT NAME=”SUBMIT” VALUE=”Submit Me”>
</center>
</FORM>
</BODY>
</HTML>

The <FORM> tags will define where your form begins and ends. The ACTION parameter of the <FORM> tag controls what page will be the recipient of this form’s data when the submit button is pressed. The METHOD parameter controls the manner in which data is transmitted between your pages. I have chosen, and nearly always choose to send data via the POST method because of the transparency of the data. If I just lost you, let me take a moment to explain.

There are two alternatives you have when using the METHOD parameter of the <FORM> tags, POST and GET. To be honest, it won’t really make that much of a difference to you when you are first starting out with your exploration of dynamic form processing. This is because both methods do the most important thing you are attempting to accomplish, namely, delivering the data between forms. As you start to write more and more sophisticated applications the distinction will become readily apparent.

The difference between these two methods is how they deliver the data between forms. POST sends information without the user seeing any data while the GET sends all of the form variables as part of the URL that is passed into the address bar of the user’s browser.

URL using POST
http://www.yoursite.com/formprocess.php

URL using GET
http://www.yoursite.com/formprocess.php?page_title=PHPFun&username=Midnight&password=mypassword

Using POST will always insure that your users have a clean URL to look at in their browser, and prevents the display of unwanted information such as INPUT fields that use the TYPE=HIDDEN parameter to pass along global scope information in the stateless environment of the World Wide Web. It also insures that it will give the least amount of information to those individuals that would seek to break into your system, or feed it with invalid data in an attempt to disrupt the normal flow of information.

Keep Your Eye On The Ball And Swing!

Build this page, or copy and paste it into your PHP editor, and save it as formprocess.php. Take a minute to look the code over before continuing with your reading.

<HTML><HEAD><TITLE>PHP Form Basics</TITLE></HEAD><BODY><center><?php//This is a simple form processor//validate the page_title variableIf (!$page_title){ echo "No Page Title Assigned<br>";}else{ echo "page_title: ".$page_title."<br>";}//validate the log-in informationIf(!$username){ echo "No User Name Entered<br>";}else{ If($username=="Midnight"){ If(!$password){ echo "No Password Entered<br>"; }else{ If($password=="mypass"){ echo "You have logged into the system!<br>"; }else{ echo "Invalid Password Entered<br>"; } } }else{ echo "Invalid User Name Entered<br>"; } }?></center></FORM></BODY></HTML>

The code above, while not exactly as elegant as I would like it to be, clearly demonstrates a simple but effective login algorithm. You will notice that I use negative logic throughout the code. This simply means I test to see if the page_title variable does not exist with the If(!$page_title) as opposed to assuming that the page_title variable exists. I use negative logic a great deal when I code, but this is a personal preference and not necessarily how you should develop your personal coding style. Each person is different, and while computer science courses are designed to churn out happy little algorithm automatons, it is important to never let go of the artistic and creative passions that led you to programming in the first place.

Running The Bases

Upload these files and point your browser at the first HTML form that we built. You should see the makings of a simple authentication system for your website project. You will notice that the username and password are hard-coded into the formprocess.php page. Our next article will begin to delve into the world of interacting with a Relational Database Management System (RDBMS), namely MYSQL.

Until the next time, keep coding and don’t give up. Remember, it’s hard to hit a home run unless you keep stepping up to the plate to take your turn at bat.

— Midnight

Bob Cristello is a recognized leader in the programming world. His articles on programming have appeared in Byte, InfoWorld, Avatar, Computer Telephony and Visual Basic Programmers Journal. He is a former keynote speaker for the Microsoft nationwide broadcast series. Bob’s clients have included Prodigy Online, Arthur Anderson and Nellie Mae. He recently retired as the Head of the Internet Development Group at REBAR and lives just outside of Boston with his wife, Elsibeth. Most days, Bob and Elsibeth can be found in irc.webmasterlive.com in #adultnetsurprise and are better known as Midnight and Kandi. Bob can be reached by emailing midnighterotica@hotmail.com or via ICQ# 118997859.