Home >Backend Development >PHP Tutorial >How to use PHP built-in functions to process form data?
PHP built-in functions process form data including validation, cleaning and security processing. The specific steps are as follows: verify whether the data is empty or set (empty(), isset()), remove string spaces and filter input types (trim() , filter_input()) to prevent security attacks, such as XSS, SQL injection (htmlspecialchars(), strip_tags(), mysqli_real_escape_string())
How to use PHP built-in functions Processing form data?
Introduction
PHP provides several built-in functions to help process user input received through forms. These functions can be used to validate, sanitize, and securely handle form data.
Verify and clean form data
1. empty()
Function**: Check whether the variable is empty ( has no value).
if (!empty($_POST['name'])) { // 用户已提交数据 }
2. isset()
Function**: Check whether the variable has been set.
if (isset($_POST['gender'])) { // 用户已选择性别 }
3. trim()
Function**: Remove spaces from both ends of the string.
$name = trim($_POST['name']);
4. filter_input()
Function**: Filter input according to the specified type.
$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);
Processing form data safely
1. htmlspecialchars()
Function**: Convert HTML characters to entities , to prevent XSS attacks.
$comment = htmlspecialchars($_POST['comment']);
2. strip_tags()
Function**: Removes all HTML and PHP tags from a string.
$description = strip_tags($_POST['description']);
3. mysqli_real_escape_string()
Function**: Escape special characters to prevent SQL injection attacks (only for MySQL database).
$name = mysqli_real_escape_string($conn, $_POST['name']);
Practical Case
Consider a simple PHP form that collects user name and age:
<form action="process_form.php" method="post"> <label for="name">姓名:</label> <input type="text" name="name" id="name"> <br> <label for="age">年龄:</label> <input type="number" name="age" id="age"> <br> <input type="submit" value="提交"> </form>
We are in process_form. Processing form data in php
:
<?php // 验证姓名不为空 if (empty($_POST['name'])) { echo "请输入您的姓名"; exit; } // 验证年龄已设置 if (!isset($_POST['age'])) { echo "请输入您的年龄"; exit; } // 验证年龄为整数 if (!filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT)) { echo "年龄必须为整数"; exit; } // 安全处理姓名和年龄 $name = htmlspecialchars(trim($_POST['name'])); $age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT); // 将数据插入数据库(省略,仅用于示例) $sql = "INSERT INTO users (name, age) VALUES ('$name', $age)";
The above is the detailed content of How to use PHP built-in functions to process form data?. For more information, please follow other related articles on the PHP Chinese website!