PHP Quiz Unit 5
- typing data, - Selecting data from a pre-defined list
Web forms present interfaces for users to enter data by:
submit
A ________________________ button, when clicked, submits form data to a serverside script to be processed. The general syntax: <input type="submit" value="text" />
display data from multiple database tables
A function of master/details pages is to?
elements
Creating a Form: ________________ are form elements placed within the form.
attributes
Creating a Form: ________________ control how the form is processed.
$_GET and $_POST
Data submitted to a PHP script from an HTML form are stored in either _________ and _____________ superglobal depending on the method used by the form.
$_GET and $_POST
The _________ and ____________ are superglobal arrays. - Keys are names of form elements. - Values are what a user has typed or selected. - Read only
Required
The ___________ attribute marks a required field. <input name="name" required />
disabled
The _____________ attribute disables a field. <input name="id" value="d555" disabled />
readonly
The _____________ attribute makes a field read-only. <input name="zip" value="46123" readonly />
action
The _____________ attribute specifies where to send form data.
method
The ______________ attribute specifies how form data should be sent.
value
The ______________ attribute specifies the text that appears on the button.
Query String
The additional data in the URL is implemented in a _______________________.
Validating data
determines if the data is in proper form (number, URL, email). returns true or false.
Sending data to server. Passing data between pages.
Typical uses of URL encoding:
$_GET and $_POST
Use the corresponding _________ and ____________ superglobal to retrieve form data. General syntax: $_GET['field_name'] $_POST['field_name'] Examples: $firstname = $_GET['fname']; $zip = $_POST['zip']; Security warning: data are not validated.
Sanitize filters
What type of filter are these? FILTER_SANITIZE_EMAIL FILTER_SANITIZE_STRING FILTER_SANITIZE_NUMBER_FLOAT FILTER_SANITIZE_SPECIAL_CHARS FILTER_SANITIZE_URL
Validate filters
What type of filter are these? FILTER_VALIDATE_EMAIL FILTER_VALIDATE_BOOLEAN FILTER_VALIDATE_FLOAT FILTER_VALIDATE_INT FILTER_VALIDATE_URL
Sanitizing
removes any illegal/inappropriate character from the original data. returns _____________ data.
URL encoding
____________________ is a technique that lets you store additional data in an URL
Escaping output
____________________ will be discussed when database operations are studied.
Local, Global, and Superglobal
three types of variable scopes
htmlspecialchars htmlentities stripsplashs trim
Other important functions you should use to improve the security of your code:
-Get to know who the users are. -What products they chose.
Sending data to the server is essential to all data-driven Web sites. What are some reasons why?
get
The "________" method of a HTML form sends data automatically via an URL query string.
<form attributes> form elements </form>
The <form> tag General Syntax:
<input type="type" name="name" />
The <input> tag and the type attribute General Syntax:
filter input, escape output
Top two PHP security practices:
False The method of sending data determines how form data should be received
True or False The method of sending data determines how form data should be sent.
True
True or False: HTML supports form creation, but not form processing.
True
True or False? filter_has_var return a boolean value
reset
A _______________ button resets a form to its default values. The general syntax: <input type="reset" value="text" />
superglobal
-variables in this scope are always available in all scopes. -Only built-in variables can have _________________ scopes, e.g.:$_GET, $_POST, $_SESSION, $_COOKIE, $_SERVER......
Text box area
Allows users to enter large amount of text. The general syntax: <textarea name="name" rows="value" cols="value" /> default text </textarea> The rows and cols attributes define the dimension of the _______________________.
filter_has_var
Filter functions for single values: Checks if variable of specified type exists
filter_var
Filter functions for single values: Filters a variable with a specified filter.
filter_input
Filter functions for single values: Gets a specific external variable by name and optionally filters it
-A PHP file for processing. <form action="regformprocess.php"> ...... </form> -An email address with the keyword mailto. <form action="mailto: [email protected]"> ...... </form>
Form data can be sent to?
PHP, ASP.NET, or JSP.
Form data must be processed by a server-side language such as:
GET POST Yes No Yes No Yes No No Yes No Yes
GET POST -Information sent is visible to everyone in the URL ? ? -Has limits on the amount of information to send ? ? (2000 characters) -The page with data can be bookmarked ? ? -Good method to send password and other ? ? sensitive information -Preferred method for sending form data ? ?
Selection list
General Syntax: <select name="name"> <option>option 1</option> <option>option 1</option> . . . </select>
type: INPUT_GET, INPUT_POST .... var: name of a variable to check
General syntax: filter_has_var (type, var) What does each value do?
in_type: INPUT_GET, INPUT_POST .... var: name of a variable to get filter: the filter to apply options: optional flags
General syntax: filter_input(in_type, var, filter [,options]) What does each value do?
Text box (text input field) Text area Password field Drop-down selection list Radio button Check box (option box) Action button
HTML Forms Various form fields:
Adding Form Elements
HTML5 input types: Browser support varies.
HTML code for a hyperlink: e.g. <a href="myfavorites.php?car=Ferrari&color=blue"> Favorites</a> - A link to the myfavorites.php page - Data embedded in the query string are available to the linked page. - Data are static.
Manually sending static data via a query string in an URL involves what?
-Create one page that serves as the template for all details pages. -Create a dynamic hyperlink on the master page for every item. -Links to the template of the details pages -Contains data that is passed to the details page when the link is clicked.
Master/details pages: common approach?
Sending Form Data
The general syntax? <form action ="url" method ="type"> ...... </form>
value
The value can be set with the ______________ attribute, but cannot be retrieved.
- Forms - Hyperlinks
There are a number of ways to sending data to the server:
To send dynamic data in variables
These 2 code blocks are an example of: PHP code: <?php $car = "Ferrari"; $color = "blue"; $url = "myfavorites.php?car=$car&color=$color"; ?> HTML code: A link: <a href="<?= $url; ?>">My favorite things</a> A button acting like a link: <input type="submit" value="My favorite things" onclick="window.location.href='<?= $url; ?>'"
Check box
This code is an example of: <input type="checkbox" name="newsletter" value="Yes" />
Password field
This code is an example of: <input type="password" name="password" required>
Radio button
This code is an example of: <input type="radio" name="party" value="dem" /> Democrat <br> <input type="radio" name="party" value="rep" /> Republican <br> <input type="radio" name="party" value="ind" /> Independent<br>
Data in a query string being stored in the $_GET superglobal.
This code is an example of: //retrieve and sanitize a query string variable if(filter_has_var(INPUT_GET, "car")){ $favoritecar = filter_input(INPUT_GET, "car", FILTER_SANITIZE_STRING); }
Text boxes
This code is an example of: <input type="text" name="name" required> <input type="number" name="zip" value="46202" required>
Selection list
This code is an example of: Please select the operation system of your computer: <select name="os" size="3"> <option>Windows XP </option> <option> Windows 2000 </option> <option> Windows 2003 </option> <option selected="selected"> Windows 7 </option> <option> Windows 8 </option> <option> Windows 10 </option> <option> Linux </option> <option> Mac OS</option> <option> Others </option> </select>
Validating user's input: POST method
This code is an example of: if (!filter_has_var(INPUT_POST, "email") || $_POST['email'] == "") { echo "You did not provide your email."; } else { if (!filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL)) { echo "Your email is not valid."; } else { echo "Thank you for providing your email."; } }
Validating user's input: GET method
This code is an example of: if (!filter_has_var(INPUT_GET, "age") || $_GET['age'] == "") { echo "You did not provide your age."; } else { if (!filter_input(INPUT_GET, "age", FILTER_VALIDATE_INT)) { echo "Your age is not valid."; } else { echo "Thank you for providing your age."; } }
Query String
This consists of attribute/value pairs appended to the end of a URL. This is separated from the Web address with a question mark (?). This uses an ampersand (&) to include more than one attribute/value pair
A selection list
This displays a list of options from which a user can select; This is useful when there are a fixed set of possible values?
False filter_input returns a Boolean value for a validate filter or the filtered data for a sanitize filter.
True or False? filter_input returns a Boolean value for a sanitize filter or the filtered data for a validate filter.
True
True or False? -Data from external sources (user's input from a form, cookies, Web services, database query results) should be filtered before used. -Properly filtering form data is important to protect your form from hackers and spammers.
-action -method
Two form attributes control how and where form data are sent:
The <select> tag creates the selection list. The <option> tag creates individual options.
Two kinds of tags are involved in a selection list?
Validating data Sanitizing data
Two types of filtering?
The get method appends the form data to the end of the URL specified in the action attribute. The post method sends form data in a separate data stream.
Two ways of sending data:
Form Element to create Date field Color name or value Email address Numeric value Search field URL address Value within a range
Type Value - Form Element to create Date ??? Color ??? Email ??? Number ??? Search ??? URL ??? Range ???
Form Element to create text box; default element Password field Hidden field Radio button Check box Submit button Reset button Generic button
Type Value Form Element to create text Input ??? password ??? hidden ??? radio ??? checkbox ??? submit ??? reset ??? Button ???