Home > Backend Development > PHP Tutorial > How to use PHP built-in functions to process form data?

How to use PHP built-in functions to process form data?

WBOY
Release: 2024-04-22 22:36:02
Original
1097 people have browsed it

PHP built-in functions process form data including validation, cleaning and security processing. The specific steps are as follows: verify whether the data is empty or set (empty(), isset()), remove string spaces and filter input types (trim() , filter_input()) to prevent security attacks, such as XSS, SQL injection (htmlspecialchars(), strip_tags(), mysqli_real_escape_string())

如何使用 PHP 内置函数处理表单数据?

How to use PHP built-in functions Processing form data?

Introduction

PHP provides several built-in functions to help process user input received through forms. These functions can be used to validate, sanitize, and securely handle form data.

Verify and clean form data

1. empty() Function**: Check whether the variable is empty ( has no value).

if (!empty($_POST['name'])) {
    // 用户已提交数据
}
Copy after login

2. isset() Function**: Check whether the variable has been set.

if (isset($_POST['gender'])) {
    // 用户已选择性别
}
Copy after login

3. trim() Function**: Remove spaces from both ends of the string.

$name = trim($_POST['name']);
Copy after login

4. filter_input() Function**: Filter input according to the specified type.

$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);
Copy after login

Processing form data safely

1. htmlspecialchars() Function**: Convert HTML characters to entities , to prevent XSS attacks.

$comment = htmlspecialchars($_POST['comment']);
Copy after login

2. strip_tags() Function**: Removes all HTML and PHP tags from a string.

$description = strip_tags($_POST['description']);
Copy after login

3. mysqli_real_escape_string() Function**: Escape special characters to prevent SQL injection attacks (only for MySQL database).

$name = mysqli_real_escape_string($conn, $_POST['name']);
Copy after login

Practical Case

Consider a simple PHP form that collects user name and age:

<form action="process_form.php" method="post">
  <label for="name">姓名:</label>
  <input type="text" name="name" id="name">
  <br>
  <label for="age">年龄:</label>
  <input type="number" name="age" id="age">
  <br>
  <input type="submit" value="提交">
</form>
Copy after login

We are in process_form. Processing form data in php:

<?php
// 验证姓名不为空
if (empty($_POST['name'])) {
    echo "请输入您的姓名";
    exit;
}

// 验证年龄已设置
if (!isset($_POST['age'])) {
    echo "请输入您的年龄";
    exit;
}

// 验证年龄为整数
if (!filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT)) {
    echo "年龄必须为整数";
    exit;
}

// 安全处理姓名和年龄
$name = htmlspecialchars(trim($_POST['name']));
$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);

// 将数据插入数据库(省略,仅用于示例)
$sql = "INSERT INTO users (name, age) VALUES ('$name', $age)";
Copy after login

The above is the detailed content of How to use PHP built-in functions to process form data?. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template