How to handle form data in PHP

With the continuous development of the Internet, forms have become an indispensable part of web development. Forms allow users to enter data that needs to be submitted, thereby enabling interaction with the server. In PHP, processing form data is very convenient. This article will introduce how to process form data in PHP.

1. Get form data
When the user submits the form, PHP can obtain the data submitted by the form through the $_POST or $_GET variable. Among them, the $_POST variable is used to obtain form data submitted by POST, and the $_GET variable is used to obtain form data submitted by GET. The following are two ways to obtain form data:

(1) Obtain form data through the $_POST variable

First you need to understand the basic form code, as follows:

< ;form action="result.php" method="post">

<input type="text" name="username">
<input type="submit" name="submit" value="Submit">

In the form, the name attribute of the input tag is used to submit the form to The server transmits the data. Here is a sample code to get form data using $_POST:

$username = $_POST["username"];

Here, we used $_POST["username"] to get the form data from Get the content of the input box named "username" from the submitted form data, and then assign it to the $username variable.

(2) Obtain the form data through the $_GET variable

If you use the GET method to submit the form, you can obtain the form data through the $_GET variable. Usage is similar to above, just replace $_POST with $_GET.

2. Securely handle form data

When processing form data, security is crucial. The following are some methods for safely processing form data:

(1) htmlspecialchars() function

The htmlspecialchars() function can convert some special characters into HTML entities, thus preventing script injection. Using this function, you can convert special characters in user-submitted form data into HTML entities, such as

$username = htmlspecialchars($_POST["username"]);

(2) strip_tags() function

You can also perform the strip_tags() function on user form data Processing, this function removes all markup from the form data, leaving only plain text.

$username = strip_tags($_POST["username"]);

(3) trim() function

trim() function is used to remove form data Spaces and other whitespace characters. This prevents users from accidentally entering extra spaces and other whitespace characters.

$username = trim($_POST["username"]);

3. Verify form data

After obtaining and processing the form data, verification needs to be performed to Ensure data validity. The following are some methods of form data verification:

(1) empty() function

The empty() function can determine whether the form data is empty, but it also returns true for 0 and false. So use !== in this case.

if(!empty($_POST["username"])){

// 表单数据不为空

}

(2) filter_var() function

filter_var( ) function can verify whether the form data conforms to the specified format. For example, you can use the filter_var() function to verify that an email address is valid.

$email = filter_var($_POST["email"], FILTER_VALIDATE_EMAIL);
if($email){

// 电子邮件地址有效

} else {

// 电子邮件地址无效

}

(3) preg_match() function

Use the preg_match() function to verify form data using regular expressions. For example, the following code will verify that the username is valid:

if(preg_match("/^[a-zA-Z0-9] $/", $_POST["username"])){

// 用户名有效

} else {
// Invalid user name
}

Summary:

PHP provides many ways to obtain, process, and verify form data. When processing forms, you need to pay attention to security and avoid script injection. At the same time, validation is also very important for most form applications. By using these techniques appropriately, you can make your forms applications more robust and secure.

The above is the detailed content of How to handle form data in PHP. For more information, please follow other related articles on the PHP Chinese website!