How to use PHP built-in functions to process form data?

PHP built-in functions process form data including validation, cleaning and security processing. The specific steps are as follows: verify whether the data is empty or set (empty(), isset()), remove string spaces and filter input types (trim() , filter_input()) to prevent security attacks, such as XSS, SQL injection (htmlspecialchars(), strip_tags(), mysqli_real_escape_string())

How to use PHP built-in functions Processing form data?

Introduction

PHP provides several built-in functions to help process user input received through forms. These functions can be used to validate, sanitize, and securely handle form data.

Verify and clean form data

1. empty() Function**: Check whether the variable is empty ( has no value).

if (!empty($_POST['name'])) {
    // 用户已提交数据
}

2. isset() Function**: Check whether the variable has been set.

if (isset($_POST['gender'])) {
    // 用户已选择性别
}

3. trim() Function**: Remove spaces from both ends of the string.

$name = trim($_POST['name']);

4. filter_input() Function**: Filter input according to the specified type.

$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);

Processing form data safely

1. htmlspecialchars() Function**: Convert HTML characters to entities , to prevent XSS attacks.

$comment = htmlspecialchars($_POST['comment']);

2. strip_tags() Function**: Removes all HTML and PHP tags from a string.

$description = strip_tags($_POST['description']);

3. mysqli_real_escape_string() Function**: Escape special characters to prevent SQL injection attacks (only for MySQL database).

$name = mysqli_real_escape_string($conn, $_POST['name']);

Practical Case

Consider a simple PHP form that collects user name and age:

<form action="process_form.php" method="post">
  <label for="name">姓名：</label>
  <input type="text" name="name" id="name">
  <br>
  <label for="age">年龄：</label>
  <input type="number" name="age" id="age">
  <br>
  <input type="submit" value="提交">
</form>

We are in process_form. Processing form data in php:

<?php
// 验证姓名不为空
if (empty($_POST['name'])) {
    echo "请输入您的姓名";
    exit;
}

// 验证年龄已设置
if (!isset($_POST['age'])) {
    echo "请输入您的年龄";
    exit;
}

// 验证年龄为整数
if (!filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT)) {
    echo "年龄必须为整数";
    exit;
}

// 安全处理姓名和年龄
$name = htmlspecialchars(trim($_POST['name']));
$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);

// 将数据插入数据库（省略，仅用于示例）
$sql = "INSERT INTO users (name, age) VALUES ('$name', $age)";

The above is the detailed content of How to use PHP built-in functions to process form data?. For more information, please follow other related articles on the PHP Chinese website!