Paper 102 - Advance Web Based Application 6. Passing Information With PHP
Paper 102 - Advance Web Based Application 6. Passing Information With PHP
Paper 102 - Advance Web Based Application 6. Passing Information With PHP
HTTP Is Stateless The most important thing to recall about the way the Web works is that the HTTP protocol itself is stateless. If you are a poetic soul, you might say that each HTTP request is on its own, with no direction home, like a complete unknown . . . you know how the rest goes. For the less lyrical among us, this means that each HTTP request in most cases, this translates to each resource (HTML page, .jpg file, style sheet, and so on) being asked for and deliveredis independent of all the others, knows nothing substantive about the identity of the client, and has no memory. Each request spawns a discrete process, which goes about its humble but worthy task of serving up one single solitary file and then is automatically killed off. (But that sounds so harsh; maybe we can say flits back to the pool of available processes instead.) Even if you design your site with very strict one-way navigation (Page1 leads only to Page 2, which leads only to Page 3, and so on), the HTTP protocol will never know or care that someone browsing Page 2 must have come from Page 1. You cannot set the value of a variable on Page 1 and expect it to be imported to Page 2 by the exigencies of HTML itself. You can use HTML to display a form, and someone can enter some information using itbut unless you employ some extra means to pass the information to another page or program, the variable will simply vanish into the ether as soon as you move to another page. This is where a form-handling technology like PHP comes in. PHP will catch the variable tossed from one page to the next and make it available for further use. PHP happens to be unusually good at this type of data-passing function, which makes it fast and easy to employ for a wide variety of Web site tasks. HTML forms are mostly useful for passing a few values from a given page to one single other page of a Web site. There are more persistent ways to maintain state over many page views, such as cookies and sessions, which we cover in Chapter 24. This chapter will focus on the most basic techniques of information-passing between Web pages, which utilize the GET and POST methods in HTTP to create dynamically generated pages and to handle form data.
Paper 102 - Advance Web based Application 6. Passing information with PHP
GET Arguments The GET method passes arguments from one page to the next as part of the Uniform Resource Indicator (you may be more familiar with the term Uniform Resource Locator or URL) query string. When used for form handling, GET appends the indicated variable name(s) and value(s) to the URL designated in the ACTION attribute with a question mark separator and submits the whole thing to the processing agent (in this case a Web server). This is an example HTML form using the GET method (save the file under the name get.php): <HTML> <HEAD> <TITLE>A GET method example, part 1</TITLE> </HEAD> <BODY> <FORM ACTION="viewname.php" METHOD="GET"> Enter Your Name :<input type="text" name="txtname"> <P><INPUT TYPE="submit" NAME="Submit" VALUE="Select"></P> </FORM> </BODY> </HTML>
Paper 102 - Advance Web based Application 6. Passing information with PHP
When the user makes a selection and clicks the Submit button, the browser agglutinates these elements in this order, with no spaces between the elements: The URL in quotes after the word ACTION (http://localhost/baseball.php) A question mark (?) denoting that the following characters constitute a GET string. A variable NAME, an equal sign, and the matching VALUE (Team=Cubbies) An ampersand (&) and the next NAME-VALUE pair (Submit=Select); further name-value pairs separated by ampersands can be added as many times as the server querystring- length limit allows. The browser thus constructs the URL string: http://localhost/bhavin/viewname.php?txtname=fd&Submit=Select
Paper 102 - Advance Web based Application 6. Passing information with PHP
Disadvantage The GET method is not suitable for logins because the username and password are fully visible onscreen as well as potentially stored in the client browsers memory as a visited page. Every GET submission is recorded in the Web server log, data set included. Because the GET method assigns data to a server environment variable, the length of the URL is limited. You may have seen what seem like very long URLs using GETbut you really wouldnt want to try passing a 300-word chunk of HTML-formatted prose using this method. POST Arguments POST is the preferred method of form submission today, particularly in nonidempotent usages (those that will result in permanent changes), such as adding information to a database. The form data set is included in the body of the form when it is forwarded to the processing agent (in this case, PHP). No visible change to the URL will result according to the different data submitted. The POST method has these advantages: It is more secure than GET because user-entered information is never visible in the URL query string, in the server logs, or (if precautions, such as always using the password HTML input type for passwords, are taken) onscreen. There is a much larger limit on the amount of data that can be passed (a couple of kilobytes rather than a couple of hundred characters). POST has these disadvantages: The results at a given moment cannot be bookmarked. The results should be expired by the browser, so that an error will result if the user employs the Back button to revisit the page. This method can be incompatible with certain firewall setups, which strip the form data as a security measure. This is an example HTML form using the POST method (save the file under the name post.php): <HTML> <HEAD>
Paper 102 - Advance Web based Application 6. Passing information with PHP
<TITLE>A POST method example, part 1</TITLE> </HEAD> <BODY> <FORM ACTION="viewnameusingpost.php" METHOD="POST"> Enter Your Name :<input type="text" name="txtname"> <P><INPUT TYPE="submit" NAME="Submit" VALUE="Select"></P> </FORM> </BODY> </HTML> Output is
Paper 102 - Advance Web based Application 6. Passing information with PHP
?>
Formatting Form Variables PHP is so efficient at passing data around because the developers made a very handy but (in theory) slightly sketchy design decision. PHP automatically, but invisibly, assigns the variables for you on the new page when you submit a data set using GET or POST. Most of PHPs competitors make you
Paper 102 - Advance Web based Application 6. Passing information with PHP
explicitly do this assignment yourself on each page; if you forget to do so or make a mistake, the information will not be available to the processing agent. PHP is faster, simpler, and mostly more goof-proof. But because of this automatic variable assignment, you need to always use a good NAME attribute for each INPUT. NAME attributes are not strictly necessary in HTML properyour form will render fine without thembut the data will be of little use because the HTML form-field NAME attribute will be the variable name in the form handler. In other words, in this form: <FORM ACTION=Hello.php METHOD=POST> <INPUT TYPE=text NAME=email> <INPUT TYPE=submit NAME=submit VALUE=Send> </FORM> the text field named email will cause the creation of a PHP variable called $_POST[email] when the form is submitted. Similarly, the submit button will lead to the creation of a variable called $_POST[submit] on the next page. The name you use in the HTML form will be the name of your variable in the PHP form handler. Remember that you cannot use a variable name beginning with a numberso you should not name your form field something like 5 (you laugh, but weve seen people try to do it)and PHP variable names are case sensitive.