PHP Quiz Unit 5

- typing data, - Selecting data from a pre-defined list

Web forms present interfaces for users to enter data by:

submit

A ________________________ button, when clicked, submits form data to a serverside script to be processed. The general syntax: <input type="submit" value="text" />

display data from multiple database tables

A function of master/details pages is to?

elements

Creating a Form: ________________ are form elements placed within the form.

attributes

Creating a Form: ________________ control how the form is processed.

$_GET and $_POST

Data submitted to a PHP script from an HTML form are stored in either _________ and _____________ superglobal depending on the method used by the form.

$_GET and $_POST

The _________ and ____________ are superglobal arrays. - Keys are names of form elements. - Values are what a user has typed or selected. - Read only

Required

The ___________ attribute marks a required field. <input name="name" required />

disabled

The _____________ attribute disables a field. <input name="id" value="d555" disabled />

readonly

The _____________ attribute makes a field read-only. <input name="zip" value="46123" readonly />

action

The _____________ attribute specifies where to send form data.

method

The ______________ attribute specifies how form data should be sent.

value

The ______________ attribute specifies the text that appears on the button.

Query String

The additional data in the URL is implemented in a _______________________.

Validating data

determines if the data is in proper form (number, URL, email). returns true or false.

Sending data to server. Passing data between pages.

Typical uses of URL encoding:

$_GET and $_POST

Use the corresponding _________ and ____________ superglobal to retrieve form data. General syntax: $_GET['field_name'] $_POST['field_name'] Examples: $firstname = $_GET['fname']; $zip = $_POST['zip']; Security warning: data are not validated.

Sanitize filters

What type of filter are these? FILTER_SANITIZE_EMAIL FILTER_SANITIZE_STRING FILTER_SANITIZE_NUMBER_FLOAT FILTER_SANITIZE_SPECIAL_CHARS FILTER_SANITIZE_URL

Validate filters

What type of filter are these? FILTER_VALIDATE_EMAIL FILTER_VALIDATE_BOOLEAN FILTER_VALIDATE_FLOAT FILTER_VALIDATE_INT FILTER_VALIDATE_URL

Sanitizing

removes any illegal/inappropriate character from the original data. returns _____________ data.

URL encoding

____________________ is a technique that lets you store additional data in an URL

Escaping output

____________________ will be discussed when database operations are studied.

Local, Global, and Superglobal

three types of variable scopes

htmlspecialchars htmlentities stripsplashs trim

Other important functions you should use to improve the security of your code:

-Get to know who the users are. -What products they chose.

Sending data to the server is essential to all data-driven Web sites. What are some reasons why?

get

The "________" method of a HTML form sends data automatically via an URL query string.

<form attributes> form elements </form>

The <form> tag General Syntax:

<input type="type" name="name" />

The <input> tag and the type attribute General Syntax:

filter input, escape output

Top two PHP security practices:

False The method of sending data determines how form data should be received

True or False The method of sending data determines how form data should be sent.

True

True or False: HTML supports form creation, but not form processing.

True

True or False? filter_has_var return a boolean value

reset

A _______________ button resets a form to its default values. The general syntax: <input type="reset" value="text" />

superglobal

-variables in this scope are always available in all scopes. -Only built-in variables can have _________________ scopes, e.g.:$_GET, $_POST, $_SESSION, $_COOKIE, $_SERVER......

Text box area

Allows users to enter large amount of text. The general syntax: <textarea name="name" rows="value" cols="value" /> default text </textarea> The rows and cols attributes define the dimension of the _______________________.

filter_has_var

Filter functions for single values: Checks if variable of specified type exists

filter_var

Filter functions for single values: Filters a variable with a specified filter.

filter_input

Filter functions for single values: Gets a specific external variable by name and optionally filters it

-A PHP file for processing. <form action="regformprocess.php"> ...... </form> -An email address with the keyword mailto. <form action="mailto: [email protected]"> ...... </form>

Form data can be sent to?

PHP, ASP.NET, or JSP.

Form data must be processed by a server-side language such as:

GET POST Yes No Yes No Yes No No Yes No Yes

GET POST -Information sent is visible to everyone in the URL ? ? -Has limits on the amount of information to send ? ? (2000 characters) -The page with data can be bookmarked ? ? -Good method to send password and other ? ? sensitive information -Preferred method for sending form data ? ?

Selection list

General Syntax: <select name="name"> <option>option 1</option> <option>option 1</option> . . . </select>

type: INPUT_GET, INPUT_POST .... var: name of a variable to check

General syntax: filter_has_var (type, var) What does each value do?

in_type: INPUT_GET, INPUT_POST .... var: name of a variable to get filter: the filter to apply options: optional flags

General syntax: filter_input(in_type, var, filter [,options]) What does each value do?

Text box (text input field) Text area Password field Drop-down selection list Radio button Check box (option box) Action button

HTML Forms Various form fields:

Adding Form Elements

HTML5 input types: Browser support varies.

HTML code for a hyperlink: e.g. <a href="myfavorites.php?car=Ferrari&color=blue"> Favorites</a> - A link to the myfavorites.php page - Data embedded in the query string are available to the linked page. - Data are static.

Manually sending static data via a query string in an URL involves what?

-Create one page that serves as the template for all details pages. -Create a dynamic hyperlink on the master page for every item. -Links to the template of the details pages -Contains data that is passed to the details page when the link is clicked.

Master/details pages: common approach?

Sending Form Data

The general syntax? <form action ="url" method ="type"> ...... </form>

value

The value can be set with the ______________ attribute, but cannot be retrieved.

- Forms - Hyperlinks

There are a number of ways to sending data to the server:

To send dynamic data in variables

These 2 code blocks are an example of: PHP code: <?php $car = "Ferrari"; $color = "blue"; $url = "myfavorites.php?car=$car&color=$color"; ?> HTML code: A link: <a href="<?= $url; ?>">My favorite things</a> A button acting like a link: <input type="submit" value="My favorite things" onclick="window.location.href='<?= $url; ?>'"

Check box

This code is an example of: <input type="checkbox" name="newsletter" value="Yes" />

Password field

This code is an example of: <input type="password" name="password" required>

Radio button

This code is an example of: <input type="radio" name="party" value="dem" /> Democrat <br> <input type="radio" name="party" value="rep" /> Republican <br> <input type="radio" name="party" value="ind" /> Independent<br>

Data in a query string being stored in the $_GET superglobal.

This code is an example of: //retrieve and sanitize a query string variable if(filter_has_var(INPUT_GET, "car")){ $favoritecar = filter_input(INPUT_GET, "car", FILTER_SANITIZE_STRING); }

Text boxes

This code is an example of: <input type="text" name="name" required> <input type="number" name="zip" value="46202" required>

Selection list

This code is an example of: Please select the operation system of your computer: <select name="os" size="3"> <option>Windows XP </option> <option> Windows 2000 </option> <option> Windows 2003 </option> <option selected="selected"> Windows 7 </option> <option> Windows 8 </option> <option> Windows 10 </option> <option> Linux </option> <option> Mac OS</option> <option> Others </option> </select>

Validating user's input: POST method

This code is an example of: if (!filter_has_var(INPUT_POST, "email") || $_POST['email'] == "") { echo "You did not provide your email."; } else { if (!filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL)) { echo "Your email is not valid."; } else { echo "Thank you for providing your email."; } }

Validating user's input: GET method

This code is an example of: if (!filter_has_var(INPUT_GET, "age") || $_GET['age'] == "") { echo "You did not provide your age."; } else { if (!filter_input(INPUT_GET, "age", FILTER_VALIDATE_INT)) { echo "Your age is not valid."; } else { echo "Thank you for providing your age."; } }

Query String

This consists of attribute/value pairs appended to the end of a URL. This is separated from the Web address with a question mark (?). This uses an ampersand (&) to include more than one attribute/value pair

A selection list

This displays a list of options from which a user can select; This is useful when there are a fixed set of possible values?

False filter_input returns a Boolean value for a validate filter or the filtered data for a sanitize filter.

True or False? filter_input returns a Boolean value for a sanitize filter or the filtered data for a validate filter.

True

True or False? -Data from external sources (user's input from a form, cookies, Web services, database query results) should be filtered before used. -Properly filtering form data is important to protect your form from hackers and spammers.

-action -method

Two form attributes control how and where form data are sent:

The <select> tag creates the selection list. The <option> tag creates individual options.

Two kinds of tags are involved in a selection list?

Validating data Sanitizing data

Two types of filtering?

The get method appends the form data to the end of the URL specified in the action attribute. The post method sends form data in a separate data stream.

Two ways of sending data:

Form Element to create Date field Color name or value Email address Numeric value Search field URL address Value within a range

Type Value - Form Element to create Date ??? Color ??? Email ??? Number ??? Search ??? URL ??? Range ???

Form Element to create text box; default element Password field Hidden field Radio button Check box Submit button Reset button Generic button

Type Value Form Element to create text Input ??? password ??? hidden ??? radio ??? checkbox ??? submit ??? reset ??? Button ???