PHP Post Response


#1

Below are 2 blocks of on the Post Response right out of the text book.

When I run these in the W3 Schools web site, they work fine, When I run these on my own computer they don't work. No data transfers to the .php POSTfile,

WelcomePost01,html

<html>
<body>

<form action="welcomepost02.php" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>

WelcomePost02.html

<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?>
</body>
</html>

Any advice would be appreciated,


#2

The files need a .php extension, not .html. (At least the second file) You also need to load them through a server with Php.


#3

It worked!

Thank you so much for your answer,


#4

Just to add it would be worth looking at XSS attacks. If you just echo out variables that are entered by users they can load bits of JS and other html.

I think i'm correct in saying you should at htmlentities at least and really look at adding other checks to any variables that are echo'd out. e.g

<?php echo htmlentities($_POST["email"]); ?>

#5

Yes, but you want to take it just a bit further.

echo htmlspecialchars($_POST['email'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');

It wouldn't be a bad idea to create a function

function html_escape($raw_input, $encoding)
{
    return htmlspecialchars($raw_input, ENT_QUOTES | ENT_SUBSTITUTE, $encoding);
}

echo html_escape($_POST['email'], 'UTF-8');