if (($name!=“”) && ($greeting!=“”))
echo $greeting.””. $name;
?>
<html>
<head>
<title> Form Methods
</title>
</head>
<body>
<?php
print (”<form method=“post” action=“”. $self.””>”);
?>
<p> <input type=“text” name=“greeting”
size=“15”> </p> 21
<p> <input type=“text” name=“name” size=“15”> </p>
<p> <input type=“submit” name=“submit”
value=“Salutation”> </p>
</form>
</body>
</html>
The htmlentities () function
The htmlentities () function is used for security reasons. It converts all characters to HTML entities.
For example, the '<' character will be converted to HTML '<”
If you add the ENT_QUOTES parameter, it will convert double quotes and single quotes to HTML entities.
<?php
$string='<a href="configure-all.com”> Web programming and design </a>”;
echo htmlentities ($string, ENT_QUOTES). "<br>”;
?>
Output (on the browser screen)
<a href="configure-all.com”> Web programming and design </a>.
If you view source you will see HTML characters:
< a href="configure-all.com"> Web programming and design</a> <br>
The filter_var function (since PHP 5.2.0)
The filter_var function validates user input. Read more on the PHP.net website.
http://us.php.net/manual/en/filter.filters.validate.php
The example below validates the email address entered by a user.
<?php
function valid_email ($email) {
// filter_var returns false if email is invalid.
$email=filter_var ($email, FILTER_VALIDATE_EMAIL);
If (!$email)
echo “Email is invalid!”;
else
echo $email;
}
valid_email ("[email protected]”);
echo "<br>”;
valid_email ("masterconfigure-all.com”);
?>
Output:
2. “Email is not valid!”
When you pass an invalid email address to filter_var function (at the second echo) an empty string is returned.
Read about all exiting validate and sanitize filters on the PHP.net website.
Validate filters
FILTER_VALIDATE_BOOLEAN
FILTER_VALIDATE_EMAIL
FILTER_VALIDATE_FLOAT
FILTER_VALIDATE_INT
FILTER_VALIDATE_IP
FILTER_VALIDATE_REGEXP
FILTER_VALIDATE_URL
Sanitize filters
$email=‘maste” rconfi <> gur/e-all.com’;
echo filter_var ($email, FILTER_SANITIZE_EMAIL);
Output: [email protected]
FILTER_SANITIZE_EMAIL
FILTER_SANITIZE_ENCODED
FILTER_SANITIZE_MAGIC_QUOTES
FILTER_SANITIZE_NUMBER_FLOAT
FILTER_SANITIZE_NUMBER_INT
FILTER_SANITIZE_SPECIAL_CHARS
FILTER_SANITIZE_FULL_SPECIAL_CHARS
FILTER_SANITIZE_STRING
FILTER_SANITIZE_STRIPPED
FILTER_SANITIZE_URL
FILTER_UNSAFE_RAW
Let us return to accessing the variables value submitted to the form using the POST method.
If (isset ($_POST [‘lastname’]))
$lastname= ($_POST [‘lastname’];
If you didn’t declare variables before the if statement, you will receive a notice displayed by PHP:
“Notice: Undefined variable name in C:\Apache2.2\htdocs\test\post.php on line 9”
The notice is displayed because the $lastname variable will be defined inside the if statement only. To have it defined anyplace on the page, you must declare it outside the if statement.
$lastname=“”;
if (isset ($_POST [‘lastname’]))
$lastname= ($_POST [‘lastname’];
Now, no notice message will be displayed.
Pass $_GET Parameters to a Modeless Popup
Here I’ll show you how to create a modeless popup to pass $_GET parameters from a parent page to the popup page. PHP and JavaScript are used to make this possible. First the JavaScript modelessparam function creates a modeless popup. Then you can pass parameters in the URL and read them in the popup page.
This is a script for the main page.
parent.php
<!DOCTYPE html>
<html lang=“en”>
<html>
<head> <title> Pass params to modeless popup </TITLE>
<?php
$param1=“Hello There!”;
$param2=“Hi World!”;
?>
<script>
function modelessparam (url, width, height) {
eval (‘window. open (url,””, “width='+ width + ‘px, <=>
height='+height+‘px, resizable=1, scrollbars=1”)”)
}
</script>
</head>
<body>
<p align=“center”> <input type=“button” name=“greeting” <=>
value=“Open Popup” <=>
onClick=“javascript: