最适合网络开发者的网站

PHP 教程

PHP 主页 PHP 简介 PHP 安装 PHP 语法 PHP 注释 PHP 变量 PHP 回显/打印 PHP 数据类型 PHP 字符串 PHP 数字 PHP 数学 PHP 常量 PHP 运算符 PHP 如果...否则...Elseif PHP 开关 PHP 循环 PHP 函数 PHP 数组 PHP 超全局变量 PHP 正则表达式

PHP 形式

PHP 表单处理 PHP 表单验证 需要 PHP 表单 PHP 表单 URL/电子邮件 PHP 表单完成

PHP 先进的

PHP 日期和时间 PHP 包含 PHP 文件处理 PHP 文件打开/读取 PHP 文件创建/写入 PHP文件上传 PHP 饼干 PHP 会话 PHP 过滤器 PHP 过滤器高级 PHP 回调函数 PHP 的 JSON PHP 异常

PHP 面向对象

PHP 什么是OOP PHP 类/对象 PHP 构造函数 PHP 析构函数 PHP 访问修饰符 PHP 继承 PHP 常量 PHP 抽象类 PHP 接口 PHP 特征 PHP 静态方法 PHP 静态属性 PHP 命名空间 PHP 可迭代对象

MySQL 数据库

MySQL 数据库 MySQL 连接 MySQL 创建数据库 MySQL 创建表 MySQL 插入数据 MySQL 获取最后一个 ID MySQL 插入多个 MySQL 已准备 MySQL 选择数据 MySQL 哪里 MySQL 排序依据 MySQL 删除数据 MySQL 更新数据 MySQL 限制数据

PHP XML

PHP XML 解析器 PHP SimpleXML 解析器 PHP SimpleXML - 获取 PHP XML 扩展 PHP XML DOM

PHP - 阿贾克斯

AJAX 简介 AJAX PHP AJAX 数据库 AJAX XML AJAX实时搜索 AJAX 民意调查

PHP 例子

PHP 示例 PHP 编译器 PHP 测验 PHP 练习 PHP 证书

PHP 参考

PHP 概述 PHP 数组 PHP 日历 PHP 日期 PHP 目录 PHP 错误 PHP 异常 PHP 文件系统 PHP 过滤器 PHP FTP PHP 的 JSON PHP 关键字 PHP 库 PHP 邮件 PHP 数学 PHP 杂项 PHP MySQLi PHP 网络 PHP 输出控件 PHP 正则表达式 PHP 简单 XML PHP 流 PHP 字符串 PHP 变量处理 PHP XML解析器 PHP 压缩文件 PHP 时区

PHP。初学者课程

尿素

PHP Form Handling


The PHP superglobals $_GET and $_POST are used to collect form-data.


PHP - A Simple HTML Form

The example below displays a simple HTML form with two input fields and a submit button:

例子

<html>
<body>

<form action="welcome.php" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>

</body>
</html>
Run Example »

When the user fills out the form above and clicks the submit button, the form data is sent for processing to a PHP file named "welcome.php". The form data is sent with the HTTP POST method.

To display the submitted data you could simply echo all the variables. The "welcome.php" looks like this:

<html>
<body>

Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?>

</body>
</html>

The output could be something like this:

Welcome John
Your email address is john.doe@example.com

The same result could also be achieved using the HTTP GET method:

例子

<html>
<body>

<form action="welcome_get.html" method="get">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>

</body>
</html>
Run Example »

and "welcome_get.html" looks like this:

<html>
<body>

Welcome <?php echo $_GET["name"]; ?><br>
Your email address is: <?php echo $_GET["email"]; ?>

</body>
</html>

The code above is quite simple. However, the most important thing is missing. You need to validate form data to protect your script from malicious code.

Think SECURITY when processing PHP forms!

This page does not contain any form validation, it just shows how you can send and retrieve form data.

However, the next pages will show how to process PHP forms with security in mind! Proper validation of form data is important to protect your form from hackers and spammers!


GET vs. POST

Both GET and POST create an array (e.g. array( key1 => value1, key2 => value2, key3 => value3, ...)). This array holds key/value pairs, where keys are the names of the form controls and values are the input data from the user.

Both GET and POST are treated as $_GET and $_POST. These are superglobals, which means that they are always accessible, regardless of scope - and you can access them from any function, class or file without having to do anything special.

$_GET is an array of variables passed to the current script via the URL parameters.

$_POST is an array of variables passed to the current script via the HTTP POST method.


When to use GET?

Information sent from a form with the GET method is visible to everyone (all variable names and values are displayed in the URL). GET also has limits on the amount of information to send. The limitation is about 2000 characters. However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases.

GET may be used for sending non-sensitive data.

笔记: GET should NEVER be used for sending passwords or other sensitive information!


When to use POST?

Information sent from a form with the POST method is invisible to others (all names/values are embedded within the body of the HTTP request) and has no limits on the amount of information to send.

Moreover POST supports advanced functionality such as support for multipart binary input while uploading files to server.

However, because the variables are not displayed in the URL, it is not possible to bookmark the page.

Developers prefer POST for sending form data.

Next, lets see how we can process PHP forms the secure way!


PHP 练习

Test Yourself With Exercises

Exercise:

If the form in the white section below gets submitted, how can you, in welcome.php, output the value from the "first name" field?

<form action="welcome.php" method="get"> First name: <input type="text" name="fname"> </form>
<html> <body> Welcome <?php echo ; ?> </body> </html>