Deitel & Associates, Inc. Logo

Back to
digg.png delicious.png blinkit.png furl.png
Internet & World Wide Web How to Program, 3/e
Internet & World Wide Web How to Program, 3/e

© 2004
pages: 1420

Amazon logo

This tutorial shows how to use a PHP program to receive and process data input by a user in an XHTML form. The sample program also uses the regular-expression capabilities that we presented in the preceding tutorial

[Note: This tutorial is an excerpt (Section 26.5) of Chapter 26, PHP, from our textbook Internet & World Wide Web How to Program, 3/e. This tutorial may refer to other chapters or sections of the book that are not included here. Permission Information: Deitel, Harvey M. and Paul J., INTERNET & WORLD WIDE WEB HOW TO PROGRAM, 3/E, 2004, pp.899–900;916-922. Electronically reproduced by permission of Pearson Education, Inc., Upper Saddle River, New Jersey.]
26.5 Form Processing and Business Logic (Continued)
Function extract( associativeArray ) (line 15) creates a variable-value pair corresponding to each key-value pair in the associativeArray (i.e., $_POST), creating variables whose respective names and values correspond to the names and values of each posted form field. For example, in line 32 of Fig. 26.13, an XHTML text box is created and given the name email. In line 68 of our PHP script (Fig. 26.14), after having called function extract, we access the field's value by using variable $email. Elements in the superglobal array $_POST also can be accessed using standard array notation. For example, we could have accessed the form field email's value by referring to $_POST[ 'email' ].

Portability Tip 26.1
In PHP versions 4.2 and higher, the directive register_globals is set to Off by default for security reasons. Turning off register_globals means that all variables sent from an XHTML form to a PHP document now must be accessed using the appropriate superglobal array ($_POST or $_GET). With this directive turned On, as was the case by default in PHP versions prior to 4.2, PHP creates an individual global variable corresponding to each form field.

Software Engineering Observation 26.1
Using function extract to initialize variables from the superglobal arrays $_POST and $_GET is not recommended in a script on a Web site dealing with private or sensitive material. It is more secure to access each element in the superglobal array directly, using the array[ key ] notation.

In lines 19-20, we determine whether the phone number entered by the user is valid. In this case, the phone number must begin with an opening parenthesis, followed by an area code, a closing parenthesis, an exchange, a hyphen and a line number. It is crucial to validate information that will be entered into databases or used in mailing lists. For example, validation can be used to ensure that credit-card numbers contain the proper number of digits before the numbers are encrypted to a merchant. This script implements the business logic, or business rules, of our application.

Software Engineering Observation 26.2
Use business logic to ensure that invalid information is not stored in databases. When possible, validate form data with JavaScript to conserve server resources. Some data, such as passwords, must be validated on the server side.

The expression \( matches the opening parenthesis of the phone number. We want to match the literal character (, so we escape its normal meaning by preceding it with the backslash character (\). The parentheses in the expression must be followed by three digits ([0-9]{3}), a closing parenthesis, three more digits, a literal hyphen and four additional digits. Note that we use the ^ and $ symbols to ensure that no extra characters appear at either end of the string.
If the regular expression is matched, the phone number is determined to be valid, and an XHTML document is sent that thanks the user for completing the form. Otherwise, the body of the if statement is executed, and an error message is printed.
Function die (line 32) terminates script execution. In this case, if the user did not enter a correct telephone number, we do not want to continue executing the rest of the script, so we call function die.

Error-Prevention Tip 26.1
Be sure to close any open XHTML tags before calling function die(). Not doing so could produce invalid XHTML output that will not display properly. die() has an optional parameter that specifies a message to output when exiting, so one method of closing tags is to call die("</body></html>").
Page 1 | 2 | 3
Other PHP Tutorials
PHP Tutorial 1: Introduction to PHP
PHP Tutorial 2: Creating Simple PHP Programs
PHP Tutorial 3: String Processing and Regular Expressions
PHP Tutorial 4: Form Processing and Business Logic (You are here)