You are on page 1of 62

Outline

• Overview about Web Page

• HTML Form Creation

• FORM

• Input

• INPUT control types

• GET & POST

• PHP File Upload

• PHP Include Files

• Headers

• Cookie

• Sessions
Overview about Web Page
• Most people think of a web page as nothing more than a collection of
HTML code . This is fine if you happen to be a web designer .

• But as a PHP developer we talk about web server that generation of a


document starts with an HTTP request ,in which the client requests access to a
resource using on method from short list methods.

• The client can also send data payload (called request),once request is
received , the sever decoded the data that it has received and passes it on
to the PHP interpreter.
Overview about Web Page
• A web application receives input from the user via

form input

• Handling form input is the cornerstone of a successful

web application – everything else builds on it


Overview about Web Page
• The browser interprets the HTML source for a particular page

– Result is a combination of text, images, and entry fields

– Each entry field has a specific name

• User fills in these fields, (with potentially some client-side input

checking via JavaScript) and then selects a submission button


Overview about Web Page
• The browser reads the input fields, and creates a
message that is sent to the server

– A series of name, value pairs


HTML Form Creation
• FORM

– Encloses all input fields

– Defines where and how to submit the form data

• INPUT

– Defines a specific input field

• TEXTAREA

– Creates a free-form text fill-in box

• SELECT

– Creates a menu

– OPTION defines options within the menu


FORM
• FORM attributes

– action

• URL of the resource that receives the filled-in form

• This is the URL of your PHP code that receives the input

– method

• Choices are “get” or “post” – you should choose “post”

– enctype

• MIME type used to send results. By default is application/xww-form-urlencoded

• Would use multipart/form-data if submitting a file (INPUT,type=file)

<FORM action=“MyHandler.php” method=“post”>


INPUT
• INPUT attributes

– type: the kind of user input control

– name: the name of the control

• This gets passed through to the handling code

• In PHP: $_POST[‘name’]

– value: initial value of the control

– size: initial width of the control

• in pixels, except for text and password controls


INPUT
– maxlength: for text/password, maximum number of characters allowed

– checked: for radio/checkbox, specifies that button is on

– src: for image types, specifies location of image used to decorate input

button
INPUT Control Types
• text: single input line

• password: single input line, with input characters obfuscated

• checkbox: creates a check list

• radio: creates a radio button list (checkbox, where inputs are


mutually exclusive – only one input at a time)

• button: push button

• hidden: a hidden control. No input field is visible, but value is


submitted as part of the form
INPUT Control Types
• Special buttons

– submit: the submit button. Causes input to be sent to the server for
processing

– reset: the reset button. Causes all input fields to be reset to their
initial values

• File upload

– file: creates a file upload control


Example
<FORM action=“mypage.php" method="post">

First name: <INPUT type="text“ name="firstname"><BR>

Last name: <INPUT type="text“ name="lastname"><BR>

email: <INPUT type="text“ name="email"><BR>

<INPUT type="radio" name="sex“ value="Male"> Male<BR>

<INPUT type="radio" name="sex“ value="Female"> Female<BR>

<INPUT type="submit" value="Send">

<INPUT type="reset">

</FORM>
Example
Receiving form input in PHP
• Upon receiving a form submission, PHP automatically creates
and populates two arrays with the form input data
– Either : _POST[] or _GET[], depending on the FORM
method type (post or get)
– Additionally, _REQUEST[] is also created
• The array indicies are the names of the form
variables (INPUT name=…)
• The array value is the user entry data
Receiving form input in PHP
• The two method allows you to send data as part of

the query string , The predefined variable is used to

collect values in a form ( $_GET , $_POST ).


GET
• Information sent from a form with the GET method is visible to everyone (it

will be displayed in the browser's address bar) and has limits on the amount

of information to send.

http://localhost/send.php?Var1=value1&Var2=value2&Var3=value3
GET - Example
<html><body>

<form action="welcome.php" method="get">

Name: <input type="text" name="fname" />

Age: <input type="text" name="age" />

<input type="submit" />

</form>

</body></html>
GET - Example
welcome.php

<?php

echo “Welcome”. $_GET["fname"] .” <br />”;

echo “You are “.$_GET["age"].” years old!”;

?>.
GET - Example
<html> <body>

<h4> Order Form</h4>

<form action="process.php" method=“get"> <select name="item">

<option>Paint</option> <option>Brushes</option>

<option>Erasers</option> </select> Quantity: <input name="quantity"

type="text" /> <input type="submit" />

</form>

</body></html>
GET - Example
process.php
<html><body>

<?php

$quantity = $_GET['quantity'];

$item = $_GET['item'];

echo "You ordered ". $quantity . " " . $item . ".<br />";

echo "Thank you for ordering from Tizag Art Supplies!";

?>

</body></html>
POST
• Information sent from a form with the POST method is invisible to others and

has no limits on the amount of information to send.

http://www.example.com/send.php
POST - Example

<form action="welcome.php" method="post">

Name: <input type="text" name="fname" />

Age: <input type="text" name="age" />

<input type="submit" />

</form>
POST - Example
welcome.php

<?php
echo “Welcome”. $_POST["fname"] .” <br />”;
echo “You are “.$_POST["age"].” years old!”;
?>.
REQUEST
• The predefined $_REQUEST variable contains the contents of both $_GET,

$_POST, and $_COOKIE.

• The $_REQUEST variable can be used to collect form data sent with both

the GET and POST methods.

http://localhost/send.php?Var1=value1&Var2=value2&Var3=value3

http://www.example.com/send.php
REQUEST - Example
welcome.php

<?php

echo “Welcome”. $_REQUEST["fname"] .” <br />”;

echo “You are “. $_REQUEST["age"].” years old!”;

?>.
Array Notation
• We can create arrays by using array notation..

http://localhost/send.php?user=data&arra[]=data1&arra1[]=data2

<?php

forech($_GET[‘arra’] as $x)
{
echo $x
}
?>
Array Notation
• We can create arrays by using array notation..

http://www.example.com/send.php?user=data&arra[‘x’]=data1&arra[‘s’]=datax

<?php

echo $_GET[‘arra’][‘x’];
echo $_GET[‘arra’][‘s’];

?>
PHP File Upload

• To allow users to upload a file to the server, you first need to provide a

form for them to specify which file they want to upload. Once they click the

submit button of the form, the action page is called. This is the page that

needs to contain the PHP code to process the uploaded file.


PHP File Upload
• Before a user can upload a file, you need to provide them with an interface that

allows them to select a file and initiate the upload.

• The following code is an example of an input form. There are a couple of important

things to note about this code:

• The action attribute points to a .php file. This is the file that will process the

uploaded file.

• There is an attribute called enctype, and its value is multipart/form-data.

• One of the input fields has type="file".


PHP File Upload
<html> <head> <title>PHP File Upload Example</title> </head><body>

<form enctype="multipart/form-data" method="post" action="uploadFile.php">

<input type="file" name="fileToUpload" /><br />

<input type="submit" value="Upload File" />

</form>

</body> </html>
The Action Page
• Once the user uploads a file, the file is uploaded into a temporary directory on

the server. If you don't move the file it will disappear. Therefore, your action

page needs to move the file to another location where it can stay as long as you

want it to.

• Whenever a file is uploaded, you can find out certain information about the file

including its name, type, size, as well as the name of the temporary file on the

server. These details are made available to you via a PHP array called $_FILES.
Displaying Details of the Uploaded File
• This code simply displays the details of the uploaded file. It doesn't move the file

to another location - we'll get to that next. For now, you can use this code in

conjunction with the above input form to demonstrate what happens when you

upload a file to the server.

• Notice the PHP $_FILES array which contains info about the file. Note that we

also divide the file size by 1024 in order to convert it into kb.

-(Ignore any carriage returns in this example - each table row should

be on one line).
Displaying Details of the Uploaded File
<?php

echo "<table border=\"1\">";

echo "<tr><td>Client Filename: </td>

<td>" . $_FILES["fileToUpload"]["name"] . "</td></tr>";

echo "<tr><td>File Type: </td>

<td>" . $_FILES["fileToUpload"]["type"] . "</td></tr>";

echo "<tr><td>File Size: </td>

<td>" . ($_FILES["fileToUpload"]["size"] / 1024) . " Kb</td></tr>";

echo "<tr><td>Name of Temp File: </td>

<td>" . $_FILES["fileToUpload"]["tmp_name"] . "</td></tr>";

echo "</table>";

?>
Displaying Details of the Uploaded File
• The above code results in something like this:

Client Filename: Water lilies.jpg


File Type: image/jpeg
File Size: 81.830078125 Kb
Name of Temp File: C:\WINDOWS\TEMP\php48B2.tmp
Moving the Temp File

• As mentioned, if we want to keep the file on the server, we need to move

it to another location (of our choice). The following code demonstrates

how to move the file from the temporary location.

move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], "C:/upload/" . $_FILES["fileToUpload"]["name"]);


Checking for Errors

• The $_FILES array includes an item for any errors that may result from

the upload. This contains an error code. If there are no errors, the value

is zero ( 0 ).

• You check this value within an "If" statement. If the value is greater than

zero, you know an error has occurred and you can present a user

friendly message to the user. Otherwise you can processing the file.
Checking for Errors
<?php

if ($_FILES["fileToUpload"]["error"] > 0)

echo "Apologies, an error has occurred.";

echo "Error Code: " . $_FILES["fileToUpload"]["error"];

else

move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],

"C:/upload/" . $_FILES["fileToUpload"]["name"]);

?>
Restricting File Type/Size
• Letting your users upload files to your server can be very risky. If you're not

careful, you could get users uploading all sorts of files - perhaps including

harmful executables etc. You could also find one day that you've run out of disk

space because some users have been uploading enormous files.

• You can restrict the file types and file sizes by using an "if" statement. If the file

type and size are acceptable, processing can continue, otherwise, display a

message to the user.


Restricting File Type/Size

• Important Note: This doesn't prevent the temp file from being created. The file

needs uploaded to the server before PHP can find out the file size and type. This

simply prevents the file from being moved to your "permanent" location - hence

the file should disappear and (hopefully) not become a problem. In any case, I

recommend that you install good anti-virus software before allowing users to

upload files to your server.


Restricting File Type/Size
<?php

if (($_FILES["fileToUpload"]["type"] == "image/gif")

|| ($_FILES["fileToUpload"]["type"] == "image/jpeg")

|| ($_FILES["fileToUpload"]["type"] == "image/png" )

&& ($_FILES["fileToUpload"]["size"] < 10000))

move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], "C:/upload/" .
$_FILES["fileToUpload"]["name"]);

else

echo "Files must be either JPEG, GIF, or PNG and less than 10,000 kb";

?>
PHP Include Files
• In PHP, you can insert the content of one PHP file into another PHP file
before the server executes it.

• The include and require statements are used to insert useful codes written in
other files, in the flow of execution.

• Include and require are identical, except upon failure:

 require will produce a fatal error (E_COMPILE_ERROR) and stop the


script

 include will only produce a warning (E_WARNING) and the script will
continue
PHP Include Files
• Including files saves a lot of work. This means that you can create a

standard header, footer, or menu file for all your web pages. Then, when

the header needs to be updated, you can only update the header include

file.
include 'filename';

or

require 'filename';
PHP Include Files
<html>

<body>

<?php include 'header.php'; ?>

<h1>Welcome to my home page!</h1>

<p>Some text.</p>

</body>

</html>
PHP Include Files
• Assume we have a standard menu file that should be used on all pages.
"menu.php":

<?php
echo '<a href="/default.php">Home</a>
<a href="/tutorials.php">Tutorials</a>
<a href="/references.php">References</a>
<a href="/examples.php">Examples</a>
<a href="/about.php">About Us</a>
<a href="/contact.php">Contact Us</a>';
?>
PHP Include Files
• All pages in the Web site should include this menu file. Here is how it can be done:

<html>
<body>

<div class="leftmenu">
<?php include 'menu.php'; ?>
</div>

<h1>Welcome to my home page.</h1>


<p>Some text.</p>

</body>
</html>
Header
• The header() function sends a raw HTTP header to a
client.

• It is important to notice that header() must be called


before any actual output is sent (In PHP 4 and later,
you can use output buffering to solve this problem):
Header
• The header() function sends a raw HTTP header to a
client.

• It is important to notice that header() must be called


before any actual output is sent (In PHP 4 and later,
you can use output buffering to solve this problem):
Header

header(string,replace,http_response_code)
Parameter Description
string Required. Specifies the header string to send
replace Optional. Indicates whether the header should replace
previous or add a second header. Default is TRUE (will
replace). FALSE (allows multiple headers of the same
type)
http_response Optional. Forces the HTTP response code to the specified
_code value (available in PHP 4.3 and higher)
Header
<html>

<?php

// This results in an error.

// The output above is before the header() call

header('Location: http://www.example.com/');

//this is redirect to this website.

?>
Cookie

• A cookie is often used to identify a user. A cookie is a


small file that the server embeds on the user's
computer. Each time the same computer requests a
page with a browser, it will send the cookie too. With
PHP, you can both create and retrieve cookie values.
How to Create a Cookie?

How to Create a Cookie?

• The setcookie() function is used to set a cookie.

• Note: The setcookie() function must appear BEFORE the <html>


tag.

setcookie(name, value, expire, path, domain);


How to Create a Cookie?
• We will create a cookie named "user" and assign the value
"Ali" to it. We also specify that the cookie should expire after
one hour:

<?php

setcookie("user", "Ali", time()+3600);

?>
Cookie

• Note: The value of the cookie is automatically


URLencoded when sending the cookie, and
automatically decoded when received (to prevent
URLencoding, use setrawcookie() instead).
How to Create a Cookie?
• You can also set the expiration time of the cookie in another
way. It may be easier than using seconds.

<?php
$expire=time()+60*60*24*30;
setcookie("user", "Alex Porter", $expire);
?>
How to Retrieve a Cookie Value?

• The PHP $_COOKIE variable is used to retrieve a cookie value.


In the example below, we retrieve the value of the cookie named "user" and
display it on a page:

<?php
echo $_COOKIE["user"]; // Print a cookie
print_r($_COOKIE); // A way to view all cookies
?>
How to Delete a Cookie?
• When deleting a cookie you should assure that the expiration date is in the
past.

<?php
// set the expiration date to one hour ago
setcookie("user", "", time()-3600);
?>
Session

• PHP session variable is used to store information about, or

change settings for a user session. Session variables hold

information about one single user, and are available to all

pages in one application.

• Before you can store user information in your PHP session, you

must first start up the session.


Starting a PHP Session

• <?php session_start(); ?>

• The code above will register the user's session with the server,

allow you to start saving user information.

• The correct way to store and retrieve session variables is to use

the PHP $_SESSION variable:


Storing a Session Variable

<?php

session_start();
// store session data
$_SESSION['views']=1;

echo "Pageviews=". $_SESSION['views'];

?>
Destroying a Session

• if you wish to delete some session data, you can use


the unset() or the session_destroy() function.

• The unset() function is used to free the specified


session variable:
Session

<?php
unset($_SESSION['views']); // delete single session
?>

Or

<?php
session_destroy(); // delete all sessions

?>