PHP Post Response

doncaster319 · July 13, 2018, 12:51am

Below are 2 blocks of on the Post Response right out of the text book.

When I run these in the W3 Schools web site, they work fine, When I run these on my own computer they don’t work. No data transfers to the .php POSTfile,

WelcomePost01,html

<html>
<body>

<form action="welcomepost02.php" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>

WelcomePost02.html

<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?>
</body>
</html>

Any advice would be appreciated,

benanamen · July 13, 2018, 1:43am

The files need a .php extension, not .html. (At least the second file) You also need to load them through a server with Php.

doncaster319 · July 13, 2018, 2:06pm

It worked!

Thank you so much for your answer,

Noppy · July 13, 2018, 2:58pm

Just to add it would be worth looking at XSS attacks. If you just echo out variables that are entered by users they can load bits of JS and other html.

I think i’m correct in saying you should at htmlentities at least and really look at adding other checks to any variables that are echo’d out. e.g

<?php echo htmlentities($_POST["email"]); ?>

benanamen · July 13, 2018, 5:01pm

Yes, but you want to take it just a bit further.

echo htmlspecialchars($_POST['email'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');

It wouldn’t be a bad idea to create a function

function html_escape($raw_input, $encoding)
{
    return htmlspecialchars($raw_input, ENT_QUOTES | ENT_SUBSTITUTE, $encoding);
}

echo html_escape($_POST['email'], 'UTF-8');

system · October 13, 2018, 12:01am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.