Forum rules
Please read our Guide to Making Ozzu Tutorials if you would like to submit your own tutorials.
TUTORIAL: Learning PHP (Part 2)
- Bogey
- Ounce of 'Zu'
- Joined: 14 Jul 2005
- Posts: 5385
- Loc: Ozzu
- Status: Offline
March 15th, 2008, 3:11 pm
Learning PHP - Part 2
This tutorial assumes that you know a bit of PHP (everything taught in Part 1).
This tutorial would teach better techniques for form validation and about different types of operators.
The objectives of this tutorial is to further enforce the learning experience for the reader of PHP.
In part one of "Learning PHP" series, we talked about simple comments, variables, echos, if...elseif...else statements, and includes and require commands.
To bring back some of the information here, we used two front-slashes to make a comment "//" (That is for short comments. And a front-slash followed by an asterisk "/*...*/" for multiple lines of comments.
The echo just prints the line of text either set to be echoed or stored in a variable and the variable would be echoed. A variable could be stored in a variable for whatever reason you desire.
The if...elseif...else statement is a very useful thing in PHP to determine which scenerio to use for any kind of validation that you might need.
Include/Require generally do the same thing, except if the required file isn't there, everything after the require comment "require('file.php');" would not be shown.
When storing things into a variable it could be a string (Like text) or "true" or "false" or variables. When setting the variables in that way, you would need to know when you need to use single-quotes and when not to use them. Below is an example of each case explained.
When echoed, the variable ($string) would print "This is a string" because it has the single-quotes around the text (You can use regular quotes if you like... single-quotes are better though. If you echo the variable "$thing" you would see "1" because "1" means "true" and "0" means "false". So if "$thing" was set to "false" and than echoed, you wouldn't see anything. And if you echo $thing2 you would see 'This is not a thing.' (without the quotes).
You can't store any random text without quotes. If you do that, you will get an error similar to the one below...
Operators enhance the use of the if...elseif...else statement. It lets you create many more scenerios for your form validation. Below is a list of general operators, what they are, and what they do.
As you see, there are more than 1 types of operators available for you to use for the if...elseif...else statement.
All of those operators do a different thing and can bring different results. Even one of those operators can bring different results if used in a different way. Let's use a few very simple examples to learn a little of how operators work.
You can try it out with other arithmetic operators to for fun.
For assignment operators, it is pretty easy actually. All it is is setting a variable and doing math at the same time. Below is an easy example of an addition assignment operator (+=)
This way, you wouldn't need another variable to store the addition as in the example before this one using arithmetic operators. This comes in useful in form validation by saving space and makes it easier for you to edit the validation later on.
Comparison operators are operators that compare two things together and either brings the result "false" (It is not true) or "true" (It is not false). Below are some simple examples using the comparison operators in the if...else statement.
In comparison "A" the if...else statement is saying, if the variable $a is equal to $b than echo "$a is equal to $b" else echo "$a is not equal to $b" and comparison "B" is saying the opposite... if the variable $a is not equal to variable $b than echo "$a is not equal to $b" else echo "$a is equal to $b". Once you get good with PHP you would be able to simulate the scenarios in your head and be able to tell which operators you need to use in your form validation.
Logical operators are really easy to use and really basic. You can compare two variables with two other or you can compare variable $a or variable $b with variable $c. Below is a simple example of such thing.
In comparison A you are comparing both of the variables ($a and $b) with the variable $c. All it is saying is if variable $a and variable $b are equal to the variable $c than echo "The variables $a and $b are equal to the variable $c" else echo "The variables $a and $b are not equal to the variable $c". Comparison B says the same thing except it compares variable $a OR variable $b. So, instead of "AND" in the statement, we are using "OR".
In comparison C, we are saying in the if statement that the variable $b is not equal to $c. So it would say, if variable $b is not equal to variable $c then echo "..." else echo "...". (Exactly the same thing as Comparison B in comparison operator examples).
Let us use the operators on the files we used in Part 1 for this tutorial.
To refresh what we had so far from part one.
(form.php)
(form2.php)
There is another function preset for PHP to count how many characters there are that is stored in a variable. With that function, we can make sure that the name is not too large. For this example, let as limit the name to 15 characters.
The function to count the amount of characters stored in a variable is strlen(). Let us implement that into our form validation.
To use the strlen() function, we used one of the comparison operators. ">" (...is great than...) to check if the characters stored in "$name" is greater than 15, and if it is, it would bring up the text "Your name is too big. Make sure it is only 15 characters long or less."
There are many other preset functions for PHP but many of them for different validations. Such as checking the file size and fun stuff like that.
Also, right now the validation we have here can be a security risk as well. We don't want it to be a security risk. But as a test let's put some things under the validation.
Save that, and type than type your name in the name field and submit. You will see the submitted results. No go back and type "</html>" (without the quotes) and press submit. Obviously, you will see the results, but you will see a blank where your "name" should be. Now view source and see that it put the "</html>" where it is supposed to put your name. If your site grows and more and more people use your form and if you need to put the stuff submitted into a page... one person can really mess up your site.
You can try typing in <b>name</b> in the field... the "name" would appear bold in the validation page.
So, what we want to do is strip the variable from all of the HTML characters. That is made somewhat easy with the preset function by PHP. All the code is, is...
It strips the variabls off of any HTML tags that are sent by "post". If you are using a method of "get" you can change the "$_POST" to "$_GET" to make it agree with your form.
This way, nobody would be able to ruin your site with a simple HTML tag. I recommend you to always put that code in any validation that you make. So the new updated form2.php would look like...
That would make your form and validation and site for that matter, a bit more secure from unethical people.
In this tutorial you further learned how to make a more secure validation form with a bit more functionality to the validation.
<- Go to part 1 || Go to part 3 ->
If you have any suggestions, please PM me
Introduction
This tutorial assumes that you know a bit of PHP (everything taught in Part 1).
This tutorial would teach better techniques for form validation and about different types of operators.
Objectives of this tutorial
The objectives of this tutorial is to further enforce the learning experience for the reader of PHP.
A look back
In part one of "Learning PHP" series, we talked about simple comments, variables, echos, if...elseif...else statements, and includes and require commands.
To bring back some of the information here, we used two front-slashes to make a comment "//" (That is for short comments. And a front-slash followed by an asterisk "/*...*/" for multiple lines of comments.
The echo just prints the line of text either set to be echoed or stored in a variable and the variable would be echoed. A variable could be stored in a variable for whatever reason you desire.
The if...elseif...else statement is a very useful thing in PHP to determine which scenerio to use for any kind of validation that you might need.
Include/Require generally do the same thing, except if the required file isn't there, everything after the require comment "require('file.php');" would not be shown.
Strings or no strings
When storing things into a variable it could be a string (Like text) or "true" or "false" or variables. When setting the variables in that way, you would need to know when you need to use single-quotes and when not to use them. Below is an example of each case explained.
Code: Select all
- <?php
- //Using single-quotes
- $string = 'This is a string';
- $nothing = 'This is not a thing.';
- //Not using single-quotes
- $thing = true;
- $thing2 = $nothing;
- ?>
When echoed, the variable ($string) would print "This is a string" because it has the single-quotes around the text (You can use regular quotes if you like... single-quotes are better though. If you echo the variable "$thing" you would see "1" because "1" means "true" and "0" means "false". So if "$thing" was set to "false" and than echoed, you wouldn't see anything. And if you echo $thing2 you would see 'This is not a thing.' (without the quotes).
You can't store any random text without quotes. If you do that, you will get an error similar to the one below...
Quote:
Parse error: syntax error, unexpected T_STRING in C:\wamp\www\TUT-Testing\test1.php on line 2
Operators and the if...elseif...else statement
Operators enhance the use of the if...elseif...else statement. It lets you create many more scenerios for your form validation. Below is a list of general operators, what they are, and what they do.
Attachments:
Image 2.1: Operators
As you see, there are more than 1 types of operators available for you to use for the if...elseif...else statement.
All of those operators do a different thing and can bring different results. Even one of those operators can bring different results if used in a different way. Let's use a few very simple examples to learn a little of how operators work.
Code: Select all
- <?php
- //Setting the variables
- $a = '2';
- $b = '3';
- //Using the arithmetic operator to make a simple addition
- $c = $a + $b;
- //Echoing the answer of t
- echo $c;
- //It would echo "5" since 2+3=5
- ?>
You can try it out with other arithmetic operators to for fun.
For assignment operators, it is pretty easy actually. All it is is setting a variable and doing math at the same time. Below is an easy example of an addition assignment operator (+=)
Code: Select all
- <?php
- //setting the variables
- $a = '2';
- $b = '3';
- //Putting in the assignment operator
- $a+=$b;
- //Echoing the result
- echo $a;
- //You would get "5"
- ?>
This way, you wouldn't need another variable to store the addition as in the example before this one using arithmetic operators. This comes in useful in form validation by saving space and makes it easier for you to edit the validation later on.
Comparison operators are operators that compare two things together and either brings the result "false" (It is not true) or "true" (It is not false). Below are some simple examples using the comparison operators in the if...else statement.
Code: Select all
- <?php
- //Setting the variables
- $a = '4';
- $b = '5';
- //Comparing the two variables...
- //Comparison A
- if($a == $b)
- {
- echo '$a is equal to $b';
- //This text would not be shown
- }
- else
- {
- echo '$a is not equal to $b';
- //This text would be shown
- }
- //Comparison B
- if($a != $b)
- {
- echo '$a is not equal to $b';
- //This text would be shown
- }
- else
- {
- echo '$a is equal to $b';
- //This text would not be shown
- }
- ?>
In comparison "A" the if...else statement is saying, if the variable $a is equal to $b than echo "$a is equal to $b" else echo "$a is not equal to $b" and comparison "B" is saying the opposite... if the variable $a is not equal to variable $b than echo "$a is not equal to $b" else echo "$a is equal to $b". Once you get good with PHP you would be able to simulate the scenarios in your head and be able to tell which operators you need to use in your form validation.
Logical operators are really easy to use and really basic. You can compare two variables with two other or you can compare variable $a or variable $b with variable $c. Below is a simple example of such thing.
Code: Select all
- <?php
- //setting the variables
- $a = '1';
- $b = '2';
- $c = '3';
- //Comparing them
- //Comparison A
- if($a && $b == $c)
- {
- echo 'The variables $a and $b are equal to the variable $c';
- }
- else
- {
- echo 'The variables $a and $b are not equal to the variable $c';
- }
- //Comparison B
- if($a || $b == $c)
- {
- echo 'The variable $a or $b is equal to the variable $c';
- }
- else
- {
- echo 'The variable $a or $b is not equal to the variable $c';
- }
- //Comparison C
- if(!($b == $c))
- {
- echo 'The variable $b is not equal to the variable $c';
- }
- else
- {
- echo 'The variable $b is equal to the variable $c';
- }
- ?>
In comparison A you are comparing both of the variables ($a and $b) with the variable $c. All it is saying is if variable $a and variable $b are equal to the variable $c than echo "The variables $a and $b are equal to the variable $c" else echo "The variables $a and $b are not equal to the variable $c". Comparison B says the same thing except it compares variable $a OR variable $b. So, instead of "AND" in the statement, we are using "OR".
In comparison C, we are saying in the if statement that the variable $b is not equal to $c. So it would say, if variable $b is not equal to variable $c then echo "..." else echo "...". (Exactly the same thing as Comparison B in comparison operator examples).
Let us use the operators on the files we used in Part 1 for this tutorial.
To refresh what we had so far from part one.
(form.php)
Code: Select all
- <form action="form2.php" method="post">
- Name: <input type="text" name="Pname" />
- <input type="submit" name="submit" value="submit" />
- </form>
(form2.php)
Code: Select all
- <?php
- if(isset($_POST['submit']))
- {
- //Setting the variables
- $name = $_POST['Pname'];
- //Checking if the input field has being filled in
- if(empty($name))
- {
- echo 'You need to fill in the input field with your name.';
- } else {
- echo 'Your name is: '. $name;
- }
- }
- ?>
There is another function preset for PHP to count how many characters there are that is stored in a variable. With that function, we can make sure that the name is not too large. For this example, let as limit the name to 15 characters.
The function to count the amount of characters stored in a variable is strlen(). Let us implement that into our form validation.
Code: Select all
- <?php
- if(isset($_POST['submit']))
- {
- //Setting the variables
- $name = $_POST['Pname'];
- //Checking if the input field has being filled in
- if(empty($name))
- {
- echo 'You need to fill in the input field with your name.';
- } elseif(strlen($name) > '15') {
- echo 'Your name is too big. Make sure it is only 15 characters long or less.';
- } else {
- echo 'Your name is: '. $name;
- }
- }
- ?>
To use the strlen() function, we used one of the comparison operators. ">" (...is great than...) to check if the characters stored in "$name" is greater than 15, and if it is, it would bring up the text "Your name is too big. Make sure it is only 15 characters long or less."
There are many other preset functions for PHP but many of them for different validations. Such as checking the file size and fun stuff like that.
Making a more secure form validations
Also, right now the validation we have here can be a security risk as well. We don't want it to be a security risk. But as a test let's put some things under the validation.
Code: Select all
- <?php
- if(isset($_POST['submit']))
- {
- //Setting the variables
- $name = $_POST['Pname'];
- //Checking if the input field has being filled in
- if(empty($name))
- {
- echo 'You need to fill in the input field with your name.<br />';
- } elseif(strlen($name) > '15') {
- echo 'Your name is too big. Make sure it is only 15 characters long.<br />';
- } else {
- echo 'Your name is: '. $name .'<br />';
- }
- }
- echo '<b>Some bold and <u>underlined and <i>italicized text</i></u></b>.<br />';
- echo '<i>Welcome to this universe '. $name .'</i><br />';
- ?>
Save that, and type than type your name in the name field and submit. You will see the submitted results. No go back and type "</html>" (without the quotes) and press submit. Obviously, you will see the results, but you will see a blank where your "name" should be. Now view source and see that it put the "</html>" where it is supposed to put your name. If your site grows and more and more people use your form and if you need to put the stuff submitted into a page... one person can really mess up your site.
You can try typing in <b>name</b> in the field... the "name" would appear bold in the validation page.
So, what we want to do is strip the variable from all of the HTML characters. That is made somewhat easy with the preset function by PHP. All the code is, is...
Code: Select all
- <?php
- //Stripping submitted values from HTML
- $_POST = array_map('strip_tags', $_POST);
- ?>
It strips the variabls off of any HTML tags that are sent by "post". If you are using a method of "get" you can change the "$_POST" to "$_GET" to make it agree with your form.
This way, nobody would be able to ruin your site with a simple HTML tag. I recommend you to always put that code in any validation that you make. So the new updated form2.php would look like...
Code: Select all
- <?php
- if(isset($_POST['submit']))
- {
- //Stripping submitted values from HTML
- $_POST = array_map('strip_tags', $_POST);
- //Setting the variables
- $name = $_POST['Pname'];
- //Checking if the input field has being filled in
- if(empty($name))
- {
- echo 'You need to fill in the input field with your name.<br />';
- } elseif(strlen($name) > '15') {
- echo 'Your name is too big. Make sure it is only 15 characters long.<br />';
- } else {
- echo 'Your name is: '. $name .'<br />';
- }
- }
- echo '<b>Some bold and <u>underlined and <i>italicized text</i></u></b>.<br />';
- echo '<i>Welcome to this universe '. $name .'</i><br />';
- ?>
That would make your form and validation and site for that matter, a bit more secure from unethical people.
Conclusion
In this tutorial you further learned how to make a more secure validation form with a bit more functionality to the validation.
<- Go to part 1 || Go to part 3 ->
If you have any suggestions, please PM me
Guys, I need help with Wedevoy.com here. Thanks.
- Anonymous
- Bot
- Joined: 25 Feb 2008
- Posts: ?
- Loc: Ozzuland
- Status: Online
March 15th, 2008, 3:11 pm
- panther786
- Newbie
- Joined: 19 Apr 2008
- Posts: 6
- Status: Offline
May 1st, 2008, 2:35 am
Page 1 of 1
To Reply to this topic you need LOGIN or REGISTER. It is free.
Post Information
- Total Posts in this topic: 2 posts
- Moderator: Moderator Team
- Users browsing this forum: No registered users and 1 guest
- You cannot post new topics in this forum
- You cannot reply to topics in this forum
- You cannot edit your posts in this forum
- You cannot delete your posts in this forum
- You cannot post attachments in this forum
