6 | The Basics of PHP Form Handling Tutorial | 2023 | Learn PHP Full Course for Beginners

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so now that we know how to create a variable and a super Global we can now talk about how to create a form inside our website and actually submit data that we can grab using PHP and do something with it using HTML forms together with PHP is something we do quite frequently with PHP and it is one of the main things that we actually use PSP for when it comes to handling any sort of data inside a website so if you don't know how to create a HTML form I do have a very thorough HTML tutorial that does talk about how to create a HTML form that I will link in the description if you have the need for it we have to remember that this is a PHP course so talking about too much HTML and CSS something that my subscribers actually told me not to do so if you don't know how to create a HTML form and you want to know the specifics of creating A8 demo form then watch that tutorial inside the description with that said I do have a form inside my index.php file here so as you can see I have a very basic main tag that has a form inside of it and inside this form I just simply have a input for the first name I have an input for the last name and I do also have a select which is a drop down that allows you to pick your favorite pet type so just a basic form that allows you to type some basic data inside the form and then submit it and just because I know some people don't use labels inside their form do make sure that you use labels whenever you create a form since it allowed for people with disabilities to better read your form so this is a important thing I do see some people use paragraph tags instead which I've done two in the past so I'm also at fault for doing that but I'm also seeing people not use any tags whenever they create these labels for the form so just make sure that you use a label element whenever you want to create a form tag again this is not supposed to be an HTML tutorial and now I'm sitting here teaching HTML when it comes to a form we have talked about inside my HTML course that we do have a action and a method attribute inside the form tag and when it comes to these two different attributes here these are the ones that we use in order to tell our PHP how we want to submit the data and also where we want to submit the data to so in this case here you can see that I did actually tell it that I want to include my data and send it to a PHP file called formhandler.php which is inside my includes folder so as you can see inside my root directory I do also have a includes folder that I just simply created by creating a new folder and inside this formhandler.php I have nothing inside of it so right now we have a clean file you could have called this anything you want so form Handler test.php just something it doesn't have to be form handlers just kind of to tell us what exactly this is but in this case here I do have this empty PHP file so just to start with here let's go ahead and open up our PHP tags and just like we talked about in my syntax video we do not want to include a closing tag because this particular file here is going to be a pure PHP file and when you do that it is best practice not to have a closing tag so now going back to the index.php file you can see that we have this post method that I set inside my form now we do have two different ways we can submit this data either using a post or a get method now a get method is going to actually submit the data inside the URL so you can see it whereas the post method is not going to show the data inside the browser so the general rule of thumb here is that whenever you're submitting data and allowing the user to submit data then you want to use a post method and whenever you want to show something to the user inside a page then you use a get method so just kind of rule a thumb there but you know of course it's not going to be in a hundred percent of cases but in 98 of cases that is going to be how you're going to do it and just to kind of show it here because I did talk about this in the last episode when we talked about super globals if you want to submit a form and send the data to the same page that you're inside of there is a way to do it which is to go inside your action open up the PHP tags like so and then you just go in here and you do actually just include the server super Global that we talked about so we're going to Echo out these servers super Global and Target the PHP self so this is one way to do it just to mention it but with that in mind you do also need to do something else here so don't just post this and use this because this is actually prone to hacking or xss which is called cross-site scripting so therefore you should not just post this just like it is right here so for now we're just going to send it to a separate document which is how you do it pretty much most of the time I do see a lot of people in my comments they they want to know how to send data to the same page as the form is on which is of course you know in some cases you might find a use for it but in most cases you will be submitting the data to another page so in most cases this is how you're going to do it and now that I mentioned security here for a second because I know some PHP people will maybe point this out um whenever you have any sort of include files that are just pure PHP files you're supposed to have it inside a private directory inside your server and that's not how we've done it right now everything is public at the moment but we will talk more about Security in a future episode we'll be talking about private folders and public folders and where to include certain PHP files and where should your HTML files be for now we're practicing right we're practicing PSP so this is how we're going to have the directory right now so that was a lot of information that wasn't really supposed to be included inside this lesson here but I thought it was important to talk about so I just wanted to mention those things so with that said as we talked about we have a action and a method now when we send this data to the other page we need to be able to grab it somehow and that's something we need to talk about because inside your HTML form all you different data or inputs should have a name attribute because this is the reference name that we're going to grab once we send the data to the next page whenever you grab the data using the name attribute you're going to be grabbing whatever the user input so right now for example inside a text field whatever the user typed into the text field is what you're going to be grabbing onto reference to for example first name but inside a select down here if you have a drop down the data that you're going to be selecting when you reference to for example in this case your favorite pads is going to be the data that is inside the value attribute so again just a little bit of HTML knowledge there for the the non-html people who should know HTML by now but let's go and talk about how to actually grab this data inside our form handler.php file so once I submit this form inside my website which by the way looks something like this if I fill in information for example Danny causing and then I choose a pet so in this case here I do actually have one of each of these types of pets and I don't want to make any of them cry so I'm just going to select none for now because I'm a good dad once I submit this it is going to send it to whatever I set inside the action attribute so going back inside our document here if I were to go inside the form Handler you can see we have nothing in here which means that if I were to actually submit this data inside the website you can see that we just get a blank page and burning eyes warning here a little bit late but the warning came so right now nothing is happening this is the exact same thing it's just an empty page inside HTML or something like that so what we can do is we can go back inside our code and the first thing you want to do is you want to check if the user access this particular file in the proper way because it is possible to just go inside the URL inside your website and just go up here and type the address of that particular file that is inside the includes folder which by the way is also why we have private and public folders inside our directory which is something we'll talk about later because those allow the user to not be able to access the private files just by going inside the URL however we always need to think in security whenever you do PHP always think security so the first thing we're going to talk about here is going to be how to let the user not access the code if they didn't access this file using the form that they had to submit the way we're going to do that is using something called a condition which again we will have a more thorough tutorial on a little bit later but essentially a condition looks like this so we have a if statement that says if something is true then run the code inside these curly brackets that we have here which are these right here so whatever condition you want to set inside this statement has to go inside the parentheses so if for example true then run this condition here which will always be true because true is true right so what I can do is I can go inside of here and I can use one of the super globals that we talked about called server which I did mention that we had to memorize is because we would be using it in a upcoming lesson which is going to be this one so we have this super Global here and what I want to check for is a request method so request underscore method now just to kind of show you here because if I were to take this server super Global and let's comment this out for now and go up here and use a method called VA dump actually this is a built-in function but if I were to use VA underscore dump which would actually output some data about this particular super Global inside the browser so if we were to do this just to see whatever this is outputting I can go back inside the browser refresh it and then you can see we get string three get which we're not supposed to be getting oh I forgot to set this one back to post so let's go and do that for a second inside the form um so go back inside the website refresh it again and I can see we get well we actually have to resubmit it so we go back again resubmit and now we get post so this basically tells us that we access this particular page using a post method which means that we can go back inside our code and say okay so if the user let me just comment this vat dump out because we don't need it anymore if this user access this page using a request method that is equal to post then we allow for the code to be run inside these curly brackets here and this brings me to a good point because some people including myself in the past by the way have been doing this in a different way so instead of checking for a post method we would actually go in and instead check for a is set function which basically goes in and checks if something has been set currently so if we were to go back inside my form and inside my button down here I could actually add a name attribute and set this name to submit which means that now if I were to submit this form I also submit a a post super Global that has submit inside of it so I could go back in here and check for a post super global post and then we can check for brackets go in here and check for a submit so this is also a way to do it but it's not considered to be the best way to do things so you should be using this method down here to do it so every single time you submit data to another page you want to run this condition because that has to be checked for every single time then once you've done that you go inside the condition here and then you want to grab the data and we can do that the same way that I just showed using the other if statement so that is by using a post super Global so we can create a variable which we talked about is kinda like a container and we can name it something like first name and I want to set it equal to some sort of data now in this case here I want to grab a post super Global which is the data that we sent to this page here and I can grab it by referencing to the name attribute inside the form so if I go back to the form I can actually go and delete this name attribute down here because we don't actually need it and I can grab the first piece of data and this one has been set to first name so if I copy that go back inside my PHP and paste that in now I'm grabbing the data from the form however we're not actually doing this in a very secure way we did talk about cross-site scripting so if we were to go back inside my form here just go back again if I were to go inside this form you can actually write code into this form here and that is going to allow for users to hack your website or do certain things to your database that might destroy it inject JavaScript into your website which is not a good thing so you want to make sure that you sanitize your data every single time the rule of thumb here never trust data that is submitted by a user which means that you always need to sanitize data that the user was able to submit so we go back inside our code here and what you want to do is you want to use a built-in function inside PHP which is called HTML special characters so what I can do is I can say HTM ml special characters and what you want to do is you want to grab the data so the post method here and you want to put it inside the parentheses of this particular built-in function and now there's a couple of parameters you could put behind this particular function here but for now this is pretty okay so we're not going to do anything else what this function does is that it takes your data and it converts it into HTML entities which means that we can no longer inject code inside the fields that we posted inside our form those are going to get sanitized so we don't see it as code but we just see it as HTML entities which means it's not going to be picked up as code a good example of this just to kind of demonstrate it if it were to go inside my index file I can go right above my form and I can create a HTML Ampersand so if I were to write this HTML entity and save it and go inside my browser you can see it's going to be picked up as a Ampersand because that is the HTML entity for a Ampersand which means that if it were to actually go inside my form and write a Ampersand because it might be part of some code that I'm maliciously trying to inject into this website here to break it then it's not going to be seen as this simple up here but instead it's going to be seen as this right here which is definitely not some sort of JavaScript code so just to kind of talk a bit about what exactly that function does you know that's what it does so you want to make sure you use this particular function every single time you grab data from a user to make sure they don't inject any sort of malicious code into a website so we do have two more pieces of data so I want to just copy this down and I want to change the next one to last name and then I want to make sure that we go inside the post method and we go back and check what is this one called it is called last name so we go back inside here and copy that in the next one I can call Pets or something and then we go back we check what did I call this one I called it favorite pet so I can post that in here and this is important to keep in mind here that the naming of the variables doesn't matter you could call this one test but it wouldn't be very descriptive so we have to make sure when we create a variable that we know what it does by describing what exactly it does so this one will be the first name this would be the last name and this would be whatever pets I submitted so this should technically probably be a little bit more descriptive favorite pet like so now with that said I do also just want to mention this we do also have another function so right now you can see we have HTML special characters but we do also have one called HTML entities which almost does the same thing as HTML special characters but instead of just taking special characters and converting into a HTML entity HTML entities takes all applicable characters that you could use for example any sort of other non-code characters and then converts that into HTML entities as well but again in most cases we do just use Eight's most special characters so just keep that in mind for now that we do have this one and I will of course leave documentation to that particular function if you want to check it out inside the description but just know that we will be using HTML special characters in most cases now that we have the data we can start doing something to it so I could go down here and just do some sort of code so I could say I want to Echo out a string and I want to Echo out these are the data that the user submit it and then I can go down below and I could also egg out a break just to get a HTML break so we can actually jump down to the next line we could also written a PHP new line which would have been something like this but let's just go ahead and do a break so what I'll do here is I'll jump down to the next line and I want to Echo out APS or data so in this case here I want to grab my first name and I want to Echo that one out then I'm going to be copying these two lines and paste it below last name and then we want to write our favorite pet so just like so we can copy paste copy paste the favorite pet and with that we can now go back inside the browser and refresh the page just to reset everything and then type something else in so I could for example say Danny Crossing and then we could choose a pet let's just go and choose a dog in this case here because Bess is sitting right there I don't know if you can see him but he is just kind of sitting here at the back he's a bit tired um but I could choose dog and submit this one and then you can see these are the data that the User submitted Denny causing dog so now we grab the data and we could actually Echo it out inside the page just to kind of show what data we grab from inside the form now of course in most cases you would not just be echoing out data but instead you would be going in here and actually doing something with the data so for example inserting it inside a database or run a certain function inside your website to to do something with the data but just to kind of show that this is where you would actually start doing things with the data so what you could also do is so we don't get stuck inside this page because this is just meant for a page where we run PHP code that the user is not supposed to have anything to do with this page is only for us as a developer so what I'll do is I'll send the user back to our front page using a header function so I can go in here and save you want to set a location colon and then we want to set the location that we want to send the user to so in this case we want to go back One Directory so I'm going to say dot dot forward slash and then I want to go inside index dot PHP so with this header function here we now run the code and once we get down to the last bit of code we now send the user back to the front page so we'll do that go back inside the website let's just go ahead and refresh it here if I were to submit this data you can now see that oh we went back inside the front page because we just ran the code inside the other page and then we get sent back again to the front page which by the way brings me to just another little security thing if I were to go back in here we can also run ALS statements which basically means that if this condition turns out to be false then instead of just getting stuck inside this page here I want to send the user back to our front page so if the user got in here in some sort of weird way by not actually posting the form but they just went inside the URL and typed in the address for this page here then they still get sent back to the front page because they access this page in legitimately so including this down here just as a field save is just kind of like a good thing to do with that said I do want to address one more thing that I often get comments about and I just want to just say this once and for all whenever you create any sort of error handlers inside this script here that you created yourself for example if I were to go down here and let's say I want to check if any of these has been left empty when the User submitted the form so they went inside the website and they did not fill in the first name that did not fill in the last name and then they submitted it then what should happen well of course we don't want the user to be able to submit the form right because there's no data to submit but we do want to require that they submit all the data and one way you can do that is going inside your PHP code so I can create another condition so I can say we have a if statement and inside this if statement I want to check for a method called empty so basically this one checks if a variable right now contains no data inside of it so if it's empty essentially so I can take the first name and I can put it inside here and if this one returns true it means that there's no data inside the variable which means the user did not submit a first name so what I could do is I go in here and I could say I want to exit the script because I don't want the rest of the script to run I just want everything to stop right here and then I might want to send the user back to the front page so again we copy this header and we send the user back to the front page maybe with an error message or something so what people tell me is Daniel you silly little man you can just go inside your HTML form go inside the attribute for example inside this first input here and you can write required if you do that then the user cannot submit this form right I can't tell you how long I've been waiting to gloat about this because people they keep telling me inside the comment section even though we have this required attribute you can still submit the form it is very important for me to point out that any sort of front end whether being HTML CSS or JavaScript is not going to be good security let me demonstrate for you if I were to go inside my form handle the PHP and just for now so we don't accidentally exit anything or something like that and I'm just going to go ahead and delete all these header functions here because I want to stay inside this page if something happens let's just go and delete everything here so we stay inside this page and Echo out all the data once we submit the form so if I were to go inside my website and I refresh the browser right now we have a required attribute inside this form here so if I were to try and submit this without typing anything inside this first one I'm going to get this little error message here so it says please fill out this form right so we can't possibly submit this right now because it's telling me when I click it that I need to fill out the form however if you know a little bit about browsers you know that we do also have a Dev tool built into every single browse so at least every single modern browser so what I can do is I can right click and I can inspect anything inside this website here so when I do that we get this little Dev tool that opens up at the bottom here now let me just go and zoom in so you can actually see what is going on here so right now if I dock this one over on the right side so you can actually see you'll notice that inside this Dev tool we can see everything about the front end of our website which means that we cannot see any sort of PHP where we can see every single HTML CSS and JavaScript inside this web page here which means that we can actually change it I can go inside my input and as you can see it says required so I can just go ahead and delete that one and if I do that and now go back inside the website so I can close this down I can now submit the form even though it did not input anything inside the first input so it's very important that you know that any sort of front and HTML CSS JavaScript or at least as long as it's not back in JavaScript like for example node.js or something but any sort of front-end JavaScript is not going to be any sort of security so always use server-side security when it comes to security inside the website and a really good server-side language to protect your website with is of course PHP because it runs in the server so any sort of time you do anything with PHP inside your website or handle any sort of data from the user inside the website you should always sanitize and run error handlers using PHP in order to check for any sort of thing that the user might do in order to try and hold your website so that's very important so with all that said this is the basics when it comes to submitting data using a HTML form and then doing something with the data using PHP so hope you enjoyed this lesson and I'll see you guys in the next one [Music] [Music] thank you

Info

Channel: Dani Krossing

Views: 75,032

Rating: undefined out of 5

Keywords: php form validation, basic php form validation, the basics of php form validation, the basics of form validation using php, form validation using php, how to validate a form using php, how to validate a form in php, the basics of how to validate a form using php, the basics of validating a form using php, sanitize a form using php, how to sanitize a php form, php form handling tutorial, the basics of php form handling tutorial, php form validation and form handling in php

Id: bOqTCDfc7Tk

Channel Id: undefined

Length: 23min 50sec (1430 seconds)

Published: Fri Mar 17 2023