checking the information from HTML forms October 1, 2008
Posted by me2blog in Common PHP Applications, php.Tags: Checking for empty fields, Checking for specific format, checking the data entered by user, Cleaning information, enable tags in PHP, how to disable tags entered by user, htmlspecialchars, php, remove HTML special characters entered by user, remove tags from forms data, strip_tags, trim, Using regular expressions to check user input
trackback
b4 u use the values in your script, u need to check the variables to make sure they contain what u expect ‘em to contain! Thus never trust info from user.
Checking for empty fields:
u can require the user to enter info in a field and check when the user didn’t and let him back to re-fill that field using:
empty($_POST['field_name']);
this function returns true if the field is empty,,, false otherwise !
Checking for specific format:
u can check using some built in functions like if u expect string, u can check using is_string and so on… for a table of these functions c this previous post Changing the order of statement execution
Using regular expressions to check user input:
u can aslo compare the info to a pattern to c if it matches if u care a lot about the information pattern using ereg function … for more in this ,,, check this previous post: pattern matching with regular expressions
Cleaning information:
- strip_tags: this function removes all tags from the text, u can keep some tags:
$variable_name = strip_tags($_POST)['field_name'],”<tag u allow> <tag u allow>“);
- htmlspecialchars: this function changes some special characters to HTML into HTML format that allow ‘em to display without any special meaning
Examples: < become &alt;
? become >
and & become &
$variable_name= htmlspecialchars($_POST)['field_name']);
- trim: remove extra spaces at the beginning and the end of the field info, bcz it’s familiar that user enter spaces by mistake.
$variable_name= trim($_POST)['field_name']);
Example:
in this example, i will use the same forms in the previous post but i will check for three fields (first name, second name and last name) not to keep blank ,,, if so … the user will be asked to re-fill ‘em …. if they r not blank , then it will output the same information in that example….
Building the forms code:
<br><center><h2> Customer information </h2></center>
<br><br>
<center>
<table border=”0″>
<form action=”customer_info.php” method=”POST”>
<tr> <td> First name:</td> <td> <input type=”text” name=”first_name”></td></tr>
<tr> <td>Second name: </td> <td> <input type=”text” name=”second_name”> </td></tr>
<tr><td>Last name: </td> <td> <input type=”text” name=”last_name”></td> </tr>
<tr><td> Street Address:</td><td> <input type=”text” name=”st_address”></td> </tr>
<tr><td> City:</td><td>
<select name=”city”
<option> Amman </option>
<option> Aqaba </option>
<option> Irbd </option>
<option> Zarqa </option>
</td> </tr>
<tr><td>Sex: </td><td>
<input type =”radio” name=”Radio1″ value= “M” > Male
<input type =”radio” name=”Radio1″ value= “F”> Female
</td></tr>
<tr><td>Your Operating system: </td><td>
<input type= “checkbox” name=”os0″ value=”W”> Windows
<input type= “checkbox” name=”os1″ value=”L”> Linux
<input type= “checkbox” name=”os2″ value=”M”> Mac
</td></tr>
</table><br>
<input type=”submit” value=”submit name”>
</form>
the customer info code:
<?php
function set_sex(){
if ($_POST[Radio1]==”M”) {
$sex= “Male”;
}
else
{
$sex= “Female”;}
}
function print_info()
{
echo “Welcome “,$_POST['first_name'],”!<br>”;
echo “Your second name is: “,$_POST['second_name'];
echo “<br>Your last name is: “,$_POST['last_name'];
echo “<br>”;
echo “you are “, $sex;
echo ” living in: “, $_POST[city];
echo “ in the “, $_POST[st_address],” Street”;
echo “<br>and your operating systems are: <br>”;
if (isset($_POST['os0'])) {
echo “Windows<br>”;
}
if (isset($_POST['os1'])) {
echo “Linux<br>”;
}
if (isset($_POST['os2'])) {
echo “Mac<br>”;
}
return;
}
function blank_check(){
if (empty($_POST['first_name']))
{
echo “You didn’t enter your first name! <br>”;
$blank_check_var = TRUE;
}
if (empty($_POST['second_name']))
{
echo “You didn’t enter your second name! <br>”;
$blank_check_var = TRUE;
}
if (empty($_POST['last_name']))
{
echo “You didn’t enter your last name! <br>”;
$blank_check_var = TRUE;
}
return $blank_check_var;
}
//main
set_sex();
$check_var= blank_check();
if (!$check_var){
print_info();
}
?>
The output after leaving the first name blank is:
You didn’t enter your first name!
The output after leaving the first and second name blank is:
You didn’t enter your first name!
You didn’t enter your second name!
The output after leaving the first, second and last name blank is:
You didn’t enter your first name!
You didn’t enter your second name!
You didn’t enter your last name!
wfffffffffffffffffffffs
fool
why ?
Спасибо. То, что нужно ))