PHP (Personal Home Page or PHP: Hypertext Preprocessor) has been around since 1994 and forms the heart of many web sites - and with good reason; if nothing else then the way in which PHP handles any variables passed to it from other web pages makes it well worth using.
It's easier to understand just how well PHP handles variables by working through a example - in this case a PHP script for processing a new user request on a hypothetical web site.
Creating a Simple Input Form in HTML
HTML (HyperText Markup Language) is, of course, used to produce web pages; and the HTML for a simple input form would look like:
<html><head><title>Input Form</title></head><body>
action="process_form.php" method="post">
<table>
<tr><td>First Name</td><td><input name="fname"></td></tr>
<tr><td>Surname</td><td><input name="sname"></td></tr>
<tr><td>Email</td><td><input name="email"></td></tr>
<tr><td>Password</td><td><input name="pwd" type="password"></td></tr>
<tr><td>Repeat Password</td><td><input name="r_pwd" type="password"></td></tr>
<tr><td colspan="2" align="center"><input value="Process Details" type="submit"></td></tr>
</table>
</form>
</body></html>
The HTML is all standard and:
- defines a form - this contains all of the information to be sent to the PHP script
- identifies the PHP script that the form data is to be sent to (in this case process_form.php)
- defines how the data is to be sent - either by using the get or the post method
Once the web page is in place then the PHP script to process the data is essential.
A Script for Showing PHP Variables
Anyone moving from CGI scripting to PHP scripting will be delighted with the ease with which PHP handles the variables that are passed to it: there is no preprocessing necessary, no additional libraries to be loaded; just a single array - the $_REQUEST array:
<h4>Processed Data</h4>
<?php
function new_account ($fname, $sname, $email, $pwd, $r_pwd) {
echo "First name: " . $fname . "<br>";
echo "Surname: " . $sname . "<br>";
echo "Email: " . $email . "<br>";
echo "Password: " . $pwd . "<br>";
echo "Password repeated: " . $r_pwd . "<br>";
}
new_account ($_REQUEST['fname'], $_REQUEST['sname'], $_REQUEST['email'], $_REQUEST['pwd'], $_REQUEST['r_pwd']);
?>
This PHP script simply returns all of the variables to the screen, but things get more interesting is when PHP actually does something with those variables.
Handling Variables with PHP
The first, and most obvious, task for the PHP script to do is to check whether or not all of the variables have a value:
if (!($_REQUEST['fname']) or !($_REQUEST['sname']) or !($_REQUEST['email'])or !($_REQUEST['pwd']) or !($_REQUEST['r_pwd'])) {
echo "All fields are required<br>";
} else {
new_account ($_REQUEST['fname'], $_REQUEST['sname'], $_REQUEST['email'], $_REQUEST['pwd'], $_REQUEST['r_pwd']);
}
More Complex Processing with a PHP Script
Having checked that the variables have been entered it's time to check that the actual information is correct, for example by adding a function to ensure that both copies of the password are the same:
function passwords_agree ($p1, $p2) {
if ( $p1 == $p2 ) {
return True;
} else {
return False;
}
}
However, as well as directly comparing strings PHP can be used to check the pattern of a string - by making use of the eregi method:
function email_ok ($email) {
$email_pattern = "^[a-z0-9_.-]*@[a-z0-9.-]+\.*[a-z]$";
if (eregi($email_pattern, $email)) {
return True;
} else {
return False;
}
}
In this function eregi ensures that the email follows a pattern that:
- starts with an alphanumeric string
- contains the @ sign
- continues another alphanumeric string
- contains at least one full stop
- ends in a final alphanumeric string
and this technique can be used to ensure not only that a string contains purely text and number, but also limit the size - in this case between 5 and 10 characters:
function password_ok ($pwd) {
$pwd_pattern = "^[a-z0-9]{5,10}$";
if (eregi($pwd_pattern,$pwd)) {
return True;
} else {
return False;
}
}
The final step is to use the new functions to process the data and produce a suitable output:
if (!($_REQUEST['fname']) or !($_REQUEST['sname']) or !($_REQUEST['email'])or !($_REQUEST['pwd']) or !($_REQUEST['r_pwd'])) {
echo "All fields are required<br>";
} elseif (!passwords_agree ($_REQUEST['pwd'], $_REQUEST['r_pwd'])) {
echo "Passwords do not match<br>";
} elseif (!password_ok ($_REQUEST['pwd'])) {
echo "Password has invalid format<br>";
} elseif (!email_ok($_REQUEST['email'])) {
echo "Invalid email<br>";
} else {
new_account ($_REQUEST['fname'], $_REQUEST['sname'], $_REQUEST['email'], $_REQUEST['pwd'], $_REQUEST['r_pwd']);
}
Conclusion
It's very easy to pass variables from a web page to a PHP script, and once there the data can be manipulated as required - the PHP scripting is very simple but very powerful, opening up a whole new dimension to the web site developer.
