Home >Backend Development >PHP Tutorial >How to use PHP built-in functions to process form data?

How to use PHP built-in functions to process form data?

WBOY
WBOYOriginal
2024-04-22 22:36:021098browse

PHP built-in functions process form data including validation, cleaning and security processing. The specific steps are as follows: verify whether the data is empty or set (empty(), isset()), remove string spaces and filter input types (trim() , filter_input()) to prevent security attacks, such as XSS, SQL injection (htmlspecialchars(), strip_tags(), mysqli_real_escape_string())

如何使用 PHP 内置函数处理表单数据?

How to use PHP built-in functions Processing form data?

Introduction

PHP provides several built-in functions to help process user input received through forms. These functions can be used to validate, sanitize, and securely handle form data.

Verify and clean form data

1. empty() Function**: Check whether the variable is empty ( has no value).

if (!empty($_POST['name'])) {
    // 用户已提交数据
}

2. isset() Function**: Check whether the variable has been set.

if (isset($_POST['gender'])) {
    // 用户已选择性别
}

3. trim() Function**: Remove spaces from both ends of the string.

$name = trim($_POST['name']);

4. filter_input() Function**: Filter input according to the specified type.

$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);

Processing form data safely

1. htmlspecialchars() Function**: Convert HTML characters to entities , to prevent XSS attacks.

$comment = htmlspecialchars($_POST['comment']);

2. strip_tags() Function**: Removes all HTML and PHP tags from a string.

$description = strip_tags($_POST['description']);

3. mysqli_real_escape_string() Function**: Escape special characters to prevent SQL injection attacks (only for MySQL database).

$name = mysqli_real_escape_string($conn, $_POST['name']);

Practical Case

Consider a simple PHP form that collects user name and age:

<form action="process_form.php" method="post">
  <label for="name">姓名:</label>
  <input type="text" name="name" id="name">
  <br>
  <label for="age">年龄:</label>
  <input type="number" name="age" id="age">
  <br>
  <input type="submit" value="提交">
</form>

We are in process_form. Processing form data in php:

<?php
// 验证姓名不为空
if (empty($_POST['name'])) {
    echo "请输入您的姓名";
    exit;
}

// 验证年龄已设置
if (!isset($_POST['age'])) {
    echo "请输入您的年龄";
    exit;
}

// 验证年龄为整数
if (!filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT)) {
    echo "年龄必须为整数";
    exit;
}

// 安全处理姓名和年龄
$name = htmlspecialchars(trim($_POST['name']));
$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);

// 将数据插入数据库(省略,仅用于示例)
$sql = "INSERT INTO users (name, age) VALUES ('$name', $age)";

The above is the detailed content of How to use PHP built-in functions to process form data?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn