Today we’re going to go through handling user data and making it safe to use for MySQL. No video today as we have decided its not necessary for anything other than Photoshop, and we don’t want to waste your time watching a video.
Requirements for this tutorial:
- PHP Server to test with or local installation of PHP and Apache
- Basic knowledge of HTML
Lets begin with the form. Here at SEO Positive we only code to strict standards (strict DTD not Transitional) so all tags are necassary.
<form enctype="multipart/form-data" method="post" action=""> <fieldset> <legend>Handling User Data</legend> <label for="user-data">Enter your data</label> <input type="text" id="user-data" name="user-data" /> </fieldset> <input type="submit" value="submit" /> </form>
As you can see, thats quite a lot of code for one form but I’m going to explain each element below.
The first element, is obviously the form opening tag which has 3 attributes as you can see.
- enctype
-
- enctype is the method in which the data is sent to the server, much like we write and read in English. Its a similar principle, default is “application/x-www-form-urlencoded”
- method
-
- The method attribute tells the server what type of data it will be receiving, POST or GET data, GET data is handled via the url and POST is sent in the background, default is GET
- action
-
- The action attribute is which file will be handling the form data, if left blank the page the form is on will handle the form
As you can see there is a second element to the form, a fieldset tag. This is required to conform with a strict DTD, if you are using a transitional DTD this is not a required element to your form, although I would recommend using it.
The third element to the form is the legend tag, which will appear in a bordered box as the title of the fieldset containing your form fields.
The fourth element is the label tag, this assigns a piece of text to the form field, the attribute ‘for’ is the reference to the form fields ID. Your form field must correspond to this ‘for’ attribute for the click of the label to focus on your field otherwise nothing will happen.
Then we come to our input field, this is a standard text field, the ‘type’ attribute can be a multitude of different things but for the sake of this tutorial we are going to stick to the type ‘text’, the ID attribute is set so that any clicks on the label tag above will cause focus on the field. And finally, the ‘name’ attribute is the name of the posted array element.
Now we’ve closed our fieldset we can end the form with a submit button, this has two attributes, type which is set to submit which does exactly what it says on the can. It submits the form, and the ‘value’ attribute which is the text within the button.
And the close form tag.
The PHP code that will handle this is below, with a breakdown of each line underneath it, much like the form example above.
if($_POST):
echo "<p>Hey! Thanks for this!</p><p>You submitted {$_POST['user-data']}</p>";
endif;
zrsgwr
The above code will output 2 lines of text containing your input data, the above code of course should be wrapped in <?php ?> and put anywhere you want on the page.
The if() line checks that’s there has been a posted variable, and will only fire the containing code if the submit button was pressed.
Echo, if you have seen our first tutorial is simply an output function and the string contains html and the posted variable again mentioned in our first tutorial using braces.
To make the posted data safe though, you could do something like the below.
if($_POST):
foreach($_POST as $postedValue) $postedValue = mysql_real_escape_string($postedValue);
echo "<p>Hey! Thanks for this lovely clean and safe data!</p><p>Your cleaned string is: {$_POST['user-data']}</p>";
endif;
The above example contains one new line, which has 2 functions in it to clean any variables posted to the server.
The foreach function takes 2 or 3 arguments depending on what you’re intent is. The first argument MUST be an array, otherwise the function will cause an error. And the second can be one of two different things.
Can be a name for the ‘current’ array object, or the following
foreach($_POST as $arrayObjectName=>$arrayObjectValue) //do something;
As you can see there is a strange => symbol which in this instance means the field name AND the fields value, which is great for automatic emails.
There are other tags that can safety guard any data a user inputs, see below for an example.
strip_tags($stringToClean, 'allowed tags, remove if none'); mysql_real_escape_string($stringToClean); addslashes($stringToSafetyGuard); htmlspecialchars($stringToSafetyGuard);
Today we are going to expand more on PHP Variables and introduce the define() function as well as touch base with MySQL And getting you connected to a database.
The requirements for todays tutorial are:
- PHP Server with PHP 5+
- MySQL Access with all privilages
- Testing platform (Virtual Server, PHP Hosting)
- Text authoring software to edit your files
As usual all code can be downloaded via the link at the bottom of the post.
MySQL Code
//resource one
$connect1 = mysql_connect('localhost','test','test');
mysql_select_db('test', $connect1);
//resource 2
$connect2 = mysql('localhost','test2','test2');
mysql_select_db('test2',$connect2);
//simple query using resource #1
mysql_query("select * from `test`", $connect1);
//simple query using resource #2
mysql_query("select * from `test2`", $connect2);
PHP Function
function feedMe($food)
{
if($food == 'cookies')
{
return 'Yummy thank you very much for the cookie';
}
else
{
return "Yuk! I don't like {$food}, I want cookies.";
}
}
//feed me apples
echo feedMe('pears');
//will output Yuk! I don't like apples, I want cookies.
//feed me cookies
echo feedMe('cookies');
//will output Yummy thank you very much for the cookie
Tomorrow we will look at handling user input data using PHP and XHTML using POST and GET methods
Welcome to the SEO Positive tutorials site. Head designer and developer, Dave Mackintosh at SEO Positive is going to teach you how to build a simple PHP blog over the coming weeks. As an avid Unix Mac user all tutorials will be made using Mac software, all software used should be cross compatible and you shouldn’t have any issues.
Today you’re going to learn how to start using PHP variables and the echo function.
Requirements are:
- A PHP Server
- Any text authoring software to edit your file.
- Virtual Host to test with or Hosting provider to test with.
We use Zend Studio here at SEO Positive and is available to download for free from the Zend website.
The code used in this example is below
echo 'Hello World'; //will output Hello World $variableOne = 'Hello World 2'; echo $variableOne; //will output Hello World 2 $v1 = 1+4; echo $v1; //will ouput 5 $v2 = 1; $v2 = 2; $v3 =3; echo $v2, $v3, $v4; //will output 123
In tomorrow’s tutorial we will expand on PHP Variables and PHP’s echo function and also move onto function [...](){} and connecting to a mysql database.
