PHP form processing function practice

PHP is a scripting language widely used for web development. In web applications, forms are a common method of user input. Therefore, PHP form processing functions are important knowledge points that must be learned when developing web applications. This article will introduce some useful PHP form processing functions and provide practical application examples.

1. $_POST and $_GET functions

$_POST and $_GET are the most commonly used functions for processing form data. They are all predefined PHP global variables. $_POST is used to handle POST request data from HTML forms, while $_GET is used to handle GET request data from URL query strings.

$_POST and $_GET both return an associative array where the keys are the names of the form elements and the values ​​are the data entered by the user. When it comes to protecting web applications, we need to filter and validate user input to avoid common web security issues such as SQL injection and XSS attacks.

The following is a simple code example that uses the $_POST and $_GET functions to process form data:

<!DOCTYPE html>
<html>
<head>
    <title>PHP Form Handling Example</title>
</head>
<body>
    <form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
        Name: <input type="text" name="name"><br>
        Email: <input type="email" name="email"><br>
        <input type="submit" name="submit" value="Submit">
    </form>
    <?php
        if ($_SERVER["REQUEST_METHOD"] == "POST") {
            $name = test_input($_POST["name"]);
            $email = test_input($_POST["email"]);
            echo "Hi $name! Your email address is $email.";
        }
    ?>
</body>
</html>

In the above code, the form tag uses the POST method to submit the form data. The action attribute contains the path to the PHP file that will process the form data. Next, in the PHP file, use the test_input() function to filter and validate user input. If the form data is submitted successfully, a welcome message will be output.

2. filter_var function

The filter_var function is a general function for filtering and validating user input. It is able to check data type, check data format, remove special characters and HTML tags, etc. Here is a code example that uses the filter_var function for email address verification:

$email = "someone@example.com";
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Invalid email format";
}
else {
    echo "Valid email format";
}

In the above code, use the filter_var function to check whether the $email variable is a valid email address. If the check fails, "Invalid email format" is output; otherwise "Valid email format" is output.

3. preg_match function

The preg_match function is a function that uses regular expressions to match and validate user input. It looks for a specific pattern and verifies that the input data conforms to the matching pattern. The following is a code example that uses the preg_match function for password verification:

$password = "MyPassword@123";
if (!preg_match("/^[a-zA-Z0-9!@#$%^&*]{8,}$/", $password)) {
    echo "Password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character.";
}
else {
    echo "Password meets the requirements.";
}

In the above code, the preg_match function is used to verify that the $password variable meets the required password format. If the check fails, an error message is output; otherwise "Password meets the requirements" is output.

4. htmlentities function

The htmlentities function is used to convert special characters in HTML code. This is useful for preventing cross-site scripting attacks (XSS). The following is a code example that uses the htmlentities function to convert special characters:

$string = "This is a <script>JavaScript</script> code.";
echo htmlentities($string);

In the above code, the htmlentities function will replace the special characters in the HTML code to prevent script injection. The output will be "This is a 3f1c4e4b6b16bbbd69b2ee476dc4f83aJavaScript2cacc6d41bbb37262a98f745aa00fbf0 code."

5. strip_tags function

The strip_tags function removes HTML and PHP tags and returns the remaining text. This is useful for filtering and sanitizing user input. Here is a code example that uses the strip_tags function to filter user input:

$text = "<p>This is <strong>bold</strong> text.</p><script>alert('hello');</script>";
echo strip_tags($text);

In the above code, the strip_tags function will remove the HTML and PHP tags and remove the JavaScript alert, and the output will be "This is bold text. ".

Summary

In this article, we introduced some useful PHP form processing functions and provided practical application examples. These functions can help us filter and validate user input, reduce web security issues, and provide a better user experience. I hope these knowledge points will be helpful to beginners in PHP development.

The above is the detailed content of PHP form processing function practice. For more information, please follow other related articles on the PHP Chinese website!