Echo form values

Trying to get my brain back into PHP after a year off!

I have a simple form, and would like to echo the values entered into the form when the user clicks the “submit” button.

How do I do that?

(Don’t have my PHP book with me right now!)

Thanks,

TomTees

http://www.tizag.com/phpT/examples/formex.php :slight_smile:

How will that let user register, without any MySQL-Database insert’s? And what’s the point of printing out the information they’ve submitted?


<?php

if ($btnSubmit) {
  echo"Your Account Info: $email1, $email2, $password1, $password2,  $firstname,$lastname";
}
elseif ($btnSubmit == ' ') {
  echo"You must fill in the fields above.";
}

?>

Not if you have adequate data validation / sanitasion code in your server side script receiving the form data as I suggested earlier.

You should validate the form data your php script receives before you do anything with it. If you don’t, then you will most likely be vulnerable to sql injection and other types of attacks from hackers etc.

If any received form data is invalid, then you should terminate your script after you display appropriate error messages on the web page.

Is data is always passed via the URL?

Where exactly is it if you can’t see it?

And how is the data protected from hackers?

Couldn’t someone get the data in the URL or guess it?

TomTees

depending on whether the form’s method attribute is ‘post’ or ‘get’

echo $_POST['formElemName'];
 
or
 
echo $_GET['formElemName'];

Of course you will get them, - but since it wouldn’t help you If i’d post you an entire registration form, I posted a bit of reference on how to do it. In this case, you’d have to use those variables, since your <input name=“variable”> is already named by them.

index.php


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
    <head>
        <title>User Registration Form</title>
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <link rel="stylesheet" type="text/css" href="index.css">
    </head>
    <body>
        <h1>User Registration Form</h1>
        <!-- Registration Form -->
        <form method="post" action="simplereg.php">
            <!-- Registration Fields -->
            <div>
                <label for="email1">E-mail:</label>
                <input type="text" name="email1" class="txt" id="email" />
            </div>
            <div>
                <label for="email2">Re-enter E-mail:</label>
                <input type="text" name="email2" class="txt" id="email2" />
            </div>
            <div>
                <label for="password1">Password:</label>
                <input type="password" name="password1" class="txt" id="password1" />
            </div>
            <div>
                <label for="password2">Re-enter Password:</label>
                <input type="password" name="password2" class="txt" id="password2" />
            </div>
            <div>
                <label for="firstname">First Name:</label>
                <input type="text" name="firstname" class="txt" id="firstname" />
            </div>
            <div>
                <label for="lastname">Last Name:</label>
                <input type="text" name="lastname" class="txt" id="lastname" />
            </div>
            <!-- Submit button -->
            <div>
                <input type="submit" name="btnSubmit" value="Register" class="btn" id="btnSubmit" />
           <?php
             $email1        = $_POST['email1'];
             $email2        = $_POST['email2'];
             $password    = $_POST['password1'];
             $password2  = $_POST['password2'];
             $firstname    = $_POST['firstname'];
             $lastname     = $_POST['lastname'];
             $btnSubmit   = $_POST['btnSubmit'];

             if (empty($btnSubmit)) {
                echo"Please fill in all the fields.";
             }
             elseif ($btnSubmit) {
                echo"Your Account Info: $email1, $email2, $password1, $password2,    $firstname, $lastname";
            }
              ?>
            </div>
        </form>
    </body>
</html>

But, with these techniques you won’t get far. You will have to work with MySQL-Databases, and sessions. This is not really hard, this is basic what you’re actually trying to do.
And, for landing on a new page, it would have to look like this:


 elseif ($btnSubmit) {
                header('location: registration.php');
}

Because if I can’t figure out how to do an HTML form, submit data via the form, and land on a new page, then I’ll never get the harder PHP and MySQL stuff working!


<?php

if ($btnSubmit) {
  echo"Your Account Info: $email1, $email2, $password1, $password2,  $firstname,$lastname";
}
elseif ($btnSubmit == ' ') {
  echo"You must fill in the fields above.";
}

?>

Here are my updated files…

index.php


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
	<head>
		<title>User Registration Form</title>
		<meta http-equiv="content-type" content="text/html; charset=utf-8">
		<link rel="stylesheet" type="text/css" href="index.css">
	</head>
	<body>
		<h1>User Registration Form</h1>
		<!-- Registration Form -->
		<form method="post" action="registration.php">
			<!-- Registration Fields -->
			<div>
				<label for="email1">E-mail:</label>
				<input type="text" name="email" class="txt" id="email" />
			</div>
			<div>
				<label for="email2">Re-enter E-mail:</label>
				<input type="text" name="email2" class="txt" id="email2" />
			</div>
			<div>
				<label for="password1">Password:</label>
				<input type="password" name="password1" class="txt" id="password1" />
			</div>
			<div>
				<label for="password2">Re-enter Password:</label>
				<input type="password" name="password2" class="txt" id="password2" />
			</div>
			<div>
				<label for="firstname">First Name:</label>
				<input type="text" name="firstname" class="txt" id="firstname" />
			</div>
			<div>
				<label for="lastname">Last Name:</label>
				<input type="text" name="lastname" class="txt" id="lastname" />
			</div>
			<!-- Submit button -->
			<div>
				<input type="submit" name="btnSubmit" value="Register" class="btn" id="btnSubmit" />
			</div>
		</form>
	</body>
</html>

registration.php


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
	<head>
		<title>User Registration Form</title>
		<meta http-equiv="content-type" content="text/html; charset=utf-8">
		<link rel="stylesheet" type="text/css" href="registration.css">
	</head>
	<body>
		<p>
		<?php
			$btnSubmit = $_POST['btnSubmit'];
			if ($btnSubmit) {
				echo"Your Account Info: $email1, $email2, $password1, $password2, $firstname, $lastname";
			}
			elseif ($btnSubmit == ' ') {
				echo"You must fill in the fields above.";
			}
		?>
		</p>
	</body>
</html>

I am getting all of these errors…

Notice: Undefined variable: email1 in /Users/user1/Documents/DEV/++htdocs/Ecommerce/registration.php on line 14

This is where this line of code is…

				echo"Your Account Info: $email1, $email2, $password1, $password2, $firstname, $lastname";

TomTees


if(isset($_POST['btnSubmit'])) {
     echo '<pre>',print_r($_POST),'</pre>';
}

So Post data is sent in the HTTP Headers and cannot be seen in the browser, but that data could be hi-jacked or guessed and then hacked at any time, right?

Is that a major concern in most uses of this data?

You should include data validation and sanitisation code in your server side script before processing the data in any way - especially before using it in database queries and/or database entries to stop hackers using sql injection or other corruptive techniques to damage your database or website.

You shouldn’t rely solely on javascript validation because

  1. a small number of users will have js turned off in their browsers

  2. it is very easy to by-pass js validation even if js is turned on in your browser.

I am trying to write my first PHP - at least in a few years.

I want to have simple form were someone can register. For now, I’m just trying to have one php with the form and then have a second php appear after they click “Register” and have their data printed on the screen so I know it is working.

Here is my form…

index.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
	<head>
		<title>User Registration Form</title>
		<meta http-equiv="content-type" content="text/html; charset=utf-8">
		<link rel="stylesheet" type="text/css" href="registration.css">
	</head>
	<body>
		<h1>User Registration Form</h1>
		<form method="post" action="registration.php">
			<!-- Registration Fields -->
			<div>
				<label for="email">E-mail:</label>
				<input type="text" name="email" class="txt" id="email" />
			</div>
			<div>
				<label for="email2">Re-enter E-mail:</label>
				<input type="text" name="email2" class="txt" id="email2" />
			</div>
			<div>
				<label for="password1">Password:</label>
				<input type="password" name="password1" class="txt" id="password1" />
			</div>
			<div>
				<label for="password2">Re-enter Password:</label>
				<input type="password" name="password2" class="txt" id="password2" />
			</div>
			<div>
				<label for="firstname">First Name:</label>
				<input type="text" name="firstname" class="txt" id="firstname" />
			</div>
			<div>
				<label for="lastname">Last Name:</label>
				<input type="text" name="lastname" class="txt" id="lastname" />
			</div>
			<!-- Submit button -->
			<div>
				<input type="submit" name="btnSubmit" value="Register" class="btn" id="btnSubmit" />
			</div>
		</form>
	</body>
</html>

registration.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
	<head>
		<title>User Registration Form</title>
		<meta http-equiv="content-type" content="text/html; charset=utf-8">
		<link rel="stylesheet" type="text/css" href="registration.css">
	</head>
	<body>
		???????????
	</body>
</html>

Sincerely,

TomTees

An example would be:



<form name="content" method="post" action="postit.php">
<input type="text" name="content">
<input type="submit" value="Submit">
</form>

<?php

$content = $_POST['content'];

if (empty($content)) {
 echo"Enter a value!";
}
elseif ($content == 'Post it') {
 echo"This is my secret text.";
}
else {
 echo"Wrong value! Try again.";
}

?>


If you mean something like this.

The ‘get’ method appends all your form data in a query string at the end of the url so it can be seen. This is useful if you want to give your visitors the option to bookmark certain dynamic pages - like for example the products in a particular category on an online store.

The ‘post’ method sends all the form data in the http headers for the url (from memory) and so they can’t be seen in the browser.

And how is the data protected from hackers?

You should include data validation and sanitisation code in your server side script before processing the data in any way - especially before using it in database queries and/or database entries to stop hackers using sql injection or other corruptive techniques to damage your database or website.

You shouldn’t rely solely on javascript validation because

  1. a small number of users will have js turned off in their browsers

  2. it is very easy to by-pass js validation even if js is turned on in your browser.